150 lines
6.2 KiB
Groff
150 lines
6.2 KiB
Groff
|
.TH "DISPUTES" "7" "November 2019" "" ""
|
||
|
.SH "NAME"
|
||
|
\fBdisputes\fR \- Handling Module Name Disputes
|
||
|
.P
|
||
|
This document describes the steps that you should take to resolve module name
|
||
|
disputes with other npm publishers\. It also describes special steps you should
|
||
|
take about names you think infringe your trademarks\.
|
||
|
.P
|
||
|
This document is a clarification of the acceptable behavior outlined in the
|
||
|
npm Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR, and nothing in
|
||
|
this document should be interpreted to contradict any aspect of the npm Code of
|
||
|
Conduct\.
|
||
|
.SS TL;DR
|
||
|
.RS 0
|
||
|
.IP 1. 3
|
||
|
Get the author email with \fBnpm owner ls <pkgname>\fP
|
||
|
.IP 2. 3
|
||
|
Email the author, CC support@npmjs\.com
|
||
|
.IP 3. 3
|
||
|
After a few weeks, if there's no resolution, we'll sort it out\.
|
||
|
|
||
|
.RE
|
||
|
.P
|
||
|
Don't squat on package names\. Publish code or move out of the way\.
|
||
|
.SS Description
|
||
|
.P
|
||
|
There sometimes arise cases where a user publishes a module, and then later,
|
||
|
some other user wants to use that name\. Here are some common ways that happens
|
||
|
(each of these is based on actual events\.)
|
||
|
.RS 0
|
||
|
.IP 1. 3
|
||
|
Alice writes a JavaScript module \fBfoo\fP, which is not node\-specific\. Alice
|
||
|
doesn't use node at all\. Yusuf wants to use \fBfoo\fP in node, so he wraps it in
|
||
|
an npm module\. Some time later, Alice starts using node, and wants to take
|
||
|
over management of her program\.
|
||
|
.IP 2. 3
|
||
|
Yusuf writes an npm module \fBfoo\fP, and publishes it\. Perhaps much later, Alice
|
||
|
finds a bug in \fBfoo\fP, and fixes it\. She sends a pull request to Yusuf, but
|
||
|
Yusuf doesn't have the time to deal with it, because he has a new job and a
|
||
|
new baby and is focused on his new Erlang project, and kind of not involved
|
||
|
with node any more\. Alice would like to publish a new \fBfoo\fP, but can't,
|
||
|
because the name is taken\.
|
||
|
.IP 3. 3
|
||
|
Yusuf writes a 10\-line flow\-control library, and calls it \fBfoo\fP, and
|
||
|
publishes it to the npm registry\. Being a simple little thing, it never
|
||
|
really has to be updated\. Alice works for Foo Inc, the makers of the
|
||
|
critically acclaimed and widely\-marketed \fBfoo\fP JavaScript toolkit framework\.
|
||
|
They publish it to npm as \fBfoojs\fP, but people are routinely confused when
|
||
|
\fBnpm install foo\fP is some different thing\.
|
||
|
.IP 4. 3
|
||
|
Yusuf writes a parser for the widely\-known \fBfoo\fP file format, because he
|
||
|
needs it for work\. Then, he gets a new job, and never updates the prototype\.
|
||
|
Later on, Alice writes a much more complete \fBfoo\fP parser, but can't publish,
|
||
|
because Yusuf's \fBfoo\fP is in the way\.
|
||
|
.IP 5. 3
|
||
|
\fBnpm owner ls foo\fP\|\. This will tell Alice the email address of the owner
|
||
|
(Yusuf)\.
|
||
|
.IP 6. 3
|
||
|
Alice emails Yusuf, explaining the situation \fBas respectfully as possible\fR,
|
||
|
and what she would like to do with the module name\. She adds the npm support
|
||
|
staff support@npmjs\.com to the CC list of the email\. Mention in the email
|
||
|
that Yusuf can run npm owner \fBadd alice foo\fP to add Alice as an owner of the
|
||
|
foo package\.
|
||
|
.IP 7. 3
|
||
|
After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
|
||
|
and Alice can't come to any sort of resolution, email support
|
||
|
support@npmjs\.com and we'll sort it out\. ("Reasonable" is usually at least
|
||
|
4 weeks\.)
|
||
|
|
||
|
.RE
|
||
|
.SS Reasoning
|
||
|
.P
|
||
|
In almost every case so far, the parties involved have been able to reach an
|
||
|
amicable resolution without any major intervention\. Most people really do want
|
||
|
to be reasonable, and are probably not even aware that they're in your way\.
|
||
|
.P
|
||
|
Module ecosystems are most vibrant and powerful when they are as self\-directed
|
||
|
as possible\. If an admin one day deletes something you had worked on, then that
|
||
|
is going to make most people quite upset, regardless of the justification\. When
|
||
|
humans solve their problems by talking to other humans with respect, everyone
|
||
|
has the chance to end up feeling good about the interaction\.
|
||
|
.SS Exceptions
|
||
|
.P
|
||
|
Some things are not allowed, and will be removed without discussion if they are
|
||
|
brought to the attention of the npm registry admins, including but not limited
|
||
|
to:
|
||
|
.RS 0
|
||
|
.IP 1. 3
|
||
|
Malware (that is, a package designed to exploit or harm the machine on which
|
||
|
it is installed)\.
|
||
|
.IP 2. 3
|
||
|
Violations of copyright or licenses (for example, cloning an MIT\-licensed
|
||
|
program, and then removing or changing the copyright and license statement)\.
|
||
|
.IP 3. 3
|
||
|
Illegal content\.
|
||
|
.IP 4. 3
|
||
|
"Squatting" on a package name that you plan to use, but aren't actually
|
||
|
using\. Sorry, I don't care how great the name is, or how perfect a fit it is
|
||
|
for the thing that someday might happen\. If someone wants to use it today,
|
||
|
and you're just taking up space with an empty tarball, you're going to be
|
||
|
evicted\.
|
||
|
.IP 5. 3
|
||
|
Putting empty packages in the registry\. Packages must have SOME
|
||
|
functionality\. It can be silly, but it can't be nothing\. (See also:
|
||
|
squatting\.)
|
||
|
.IP 6. 3
|
||
|
Doing weird things with the registry, like using it as your own personal
|
||
|
application database or otherwise putting non\-packagey things into it\.
|
||
|
.IP 7. 3
|
||
|
Other things forbidden by the npm
|
||
|
Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR such as hateful
|
||
|
language, pornographic content, or harassment\.
|
||
|
|
||
|
.RE
|
||
|
.P
|
||
|
If you see bad behavior like this, please report it to abuse@npmjs\.com right
|
||
|
away\. \fBYou are never expected to resolve abusive behavior on your own\. We are
|
||
|
here to help\.\fR
|
||
|
.SS Trademarkss
|
||
|
.P
|
||
|
If you think another npm publisher is infringing your trademark, such as by
|
||
|
using a confusingly similar package name, email abuse@npmjs\.com with a link to
|
||
|
the package or user account on https://www\.npmjs\.com/ \fIhttps://www\.npmjs\.com/\fR\|\.
|
||
|
Attach a copy of your trademark registration certificate\.
|
||
|
.P
|
||
|
If we see that the package's publisher is intentionally misleading others by
|
||
|
misusing your registered mark without permission, we will transfer the package
|
||
|
name to you\. Otherwise, we will contact the package publisher and ask them to
|
||
|
clear up any confusion with changes to their package's \fBREADME\fP file or
|
||
|
metadata\.
|
||
|
.SS Changes
|
||
|
.P
|
||
|
This is a living document and may be updated from time to time\. Please refer to
|
||
|
the git history for this document \fIhttps://github\.com/npm/cli/commits/latest/doc/misc/npm\-disputes\.md\fR
|
||
|
to view the changes\.
|
||
|
.SS License
|
||
|
.P
|
||
|
Copyright (C) npm, Inc\., All rights reserved
|
||
|
.P
|
||
|
This document may be reused under a Creative Commons Attribution\-ShareAlike
|
||
|
License\.
|
||
|
.SS See also
|
||
|
.RS 0
|
||
|
.IP \(bu 2
|
||
|
npm help registry
|
||
|
.IP \(bu 2
|
||
|
npm help owner
|
||
|
|
||
|
.RE
|