|
|
- .TH "NPM\-DISPUTES" "7" "August 2018" "" ""
- .SH "NAME"
- \fBnpm-disputes\fR \- Handling Module Name Disputes
- .P
- This document describes the steps that you should take to resolve module name
- disputes with other npm publishers\. It also describes special steps you should
- take about names you think infringe your trademarks\.
- .P
- This document is a clarification of the acceptable behavior outlined in the
- npm Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR, and nothing in
- this document should be interpreted to contradict any aspect of the npm Code of
- Conduct\.
- .SH TL;DR
- .RS 0
- .IP 1. 3
- Get the author email with \fBnpm owner ls <pkgname>\fP
- .IP 2. 3
- Email the author, CC support@npmjs\.com
- .IP 3. 3
- After a few weeks, if there's no resolution, we'll sort it out\.
-
- .RE
- .P
- Don't squat on package names\. Publish code or move out of the way\.
- .SH DESCRIPTION
- .P
- There sometimes arise cases where a user publishes a module, and then later,
- some other user wants to use that name\. Here are some common ways that happens
- (each of these is based on actual events\.)
- .RS 0
- .IP 1. 3
- Alice writes a JavaScript module \fBfoo\fP, which is not node\-specific\. Alice
- doesn't use node at all\. Yusuf wants to use \fBfoo\fP in node, so he wraps it in
- an npm module\. Some time later, Alice starts using node, and wants to take
- over management of her program\.
- .IP 2. 3
- Yusuf writes an npm module \fBfoo\fP, and publishes it\. Perhaps much later, Alice
- finds a bug in \fBfoo\fP, and fixes it\. She sends a pull request to Yusuf, but
- Yusuf doesn't have the time to deal with it, because he has a new job and a
- new baby and is focused on his new Erlang project, and kind of not involved
- with node any more\. Alice would like to publish a new \fBfoo\fP, but can't,
- because the name is taken\.
- .IP 3. 3
- Yusuf writes a 10\-line flow\-control library, and calls it \fBfoo\fP, and
- publishes it to the npm registry\. Being a simple little thing, it never
- really has to be updated\. Alice works for Foo Inc, the makers of the
- critically acclaimed and widely\-marketed \fBfoo\fP JavaScript toolkit framework\.
- They publish it to npm as \fBfoojs\fP, but people are routinely confused when
- \fBnpm install foo\fP is some different thing\.
- .IP 4. 3
- Yusuf writes a parser for the widely\-known \fBfoo\fP file format, because he
- needs it for work\. Then, he gets a new job, and never updates the prototype\.
- Later on, Alice writes a much more complete \fBfoo\fP parser, but can't publish,
- because Yusuf's \fBfoo\fP is in the way\.
- .IP 5. 3
- \fBnpm owner ls foo\fP\|\. This will tell Alice the email address of the owner
- (Yusuf)\.
- .IP 6. 3
- Alice emails Yusuf, explaining the situation \fBas respectfully as possible\fR,
- and what she would like to do with the module name\. She adds the npm support
- staff support@npmjs\.com to the CC list of the email\. Mention in the email
- that Yusuf can run npm owner \fBadd alice foo\fP to add Alice as an owner of the
- foo package\.
- .IP 7. 3
- After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
- and Alice can't come to any sort of resolution, email support
- support@npmjs\.com and we'll sort it out\. ("Reasonable" is usually at least
- 4 weeks\.)
-
- .RE
- .SH REASONING
- .P
- In almost every case so far, the parties involved have been able to reach an
- amicable resolution without any major intervention\. Most people really do want
- to be reasonable, and are probably not even aware that they're in your way\.
- .P
- Module ecosystems are most vibrant and powerful when they are as self\-directed
- as possible\. If an admin one day deletes something you had worked on, then that
- is going to make most people quite upset, regardless of the justification\. When
- humans solve their problems by talking to other humans with respect, everyone
- has the chance to end up feeling good about the interaction\.
- .SH EXCEPTIONS
- .P
- Some things are not allowed, and will be removed without discussion if they are
- brought to the attention of the npm registry admins, including but not limited
- to:
- .RS 0
- .IP 1. 3
- Malware (that is, a package designed to exploit or harm the machine on which
- it is installed)\.
- .IP 2. 3
- Violations of copyright or licenses (for example, cloning an MIT\-licensed
- program, and then removing or changing the copyright and license statement)\.
- .IP 3. 3
- Illegal content\.
- .IP 4. 3
- "Squatting" on a package name that you plan to use, but aren't actually
- using\. Sorry, I don't care how great the name is, or how perfect a fit it is
- for the thing that someday might happen\. If someone wants to use it today,
- and you're just taking up space with an empty tarball, you're going to be
- evicted\.
- .IP 5. 3
- Putting empty packages in the registry\. Packages must have SOME
- functionality\. It can be silly, but it can't be nothing\. (See also:
- squatting\.)
- .IP 6. 3
- Doing weird things with the registry, like using it as your own personal
- application database or otherwise putting non\-packagey things into it\.
- .IP 7. 3
- Other things forbidden by the npm
- Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR such as hateful
- language, pornographic content, or harassment\.
-
- .RE
- .P
- If you see bad behavior like this, please report it to abuse@npmjs\.com right
- away\. \fBYou are never expected to resolve abusive behavior on your own\. We are
- here to help\.\fR
- .SH TRADEMARKS
- .P
- If you think another npm publisher is infringing your trademark, such as by
- using a confusingly similar package name, email abuse@npmjs\.com with a link to
- the package or user account on https:// \fIhttps://www\.npmjs\.com/\fR\|\.
- Attach a copy of your trademark registration certificate\.
- .P
- If we see that the package's publisher is intentionally misleading others by
- misusing your registered mark without permission, we will transfer the package
- name to you\. Otherwise, we will contact the package publisher and ask them to
- clear up any confusion with changes to their package's \fBREADME\fP file or
- metadata\.
- .SH CHANGES
- .P
- This is a living document and may be updated from time to time\. Please refer to
- the git history for this document \fIhttps://github\.com/npm/cli/commits/latest/doc/misc/npm\-disputes\.md\fR
- to view the changes\.
- .SH LICENSE
- .P
- Copyright (C) npm, Inc\., All rights reserved
- .P
- This document may be reused under a Creative Commons Attribution\-ShareAlike
- License\.
- .SH SEE ALSO
- .RS 0
- .IP \(bu 2
- npm help 7 registry
- .IP \(bu 2
- npm help owner
-
- .RE
-
|