mirror of
https://github.com/titanscouting/tra-analysis.git
synced 2025-10-24 09:59:21 +00:00
144 lines
10 KiB
HTML
144 lines
10 KiB
HTML
<!doctype html>
|
|
<html>
|
|
<title>npm-disputes</title>
|
|
<meta charset="utf-8">
|
|
<link rel="stylesheet" type="text/css" href="../../static/style.css">
|
|
<link rel="canonical" href="https://www.npmjs.org/doc/misc/npm-disputes.html">
|
|
<script async=true src="../../static/toc.js"></script>
|
|
|
|
<body>
|
|
<div id="wrapper">
|
|
|
|
<h1><a href="../misc/npm-disputes.html">npm-disputes</a></h1> <p>Handling Module Name Disputes</p>
|
|
<p>This document describes the steps that you should take to resolve module name
|
|
disputes with other npm publishers. It also describes special steps you should
|
|
take about names you think infringe your trademarks.</p>
|
|
<p>This document is a clarification of the acceptable behavior outlined in the
|
|
<a href="https://www.npmjs.com/policies/conduct">npm Code of Conduct</a>, and nothing in
|
|
this document should be interpreted to contradict any aspect of the npm Code of
|
|
Conduct.</p>
|
|
<h2 id="tl-dr">TL;DR</h2>
|
|
<ol>
|
|
<li>Get the author email with <code>npm owner ls <pkgname></code></li>
|
|
<li>Email the author, CC <a href="mailto:support@npmjs.com">support@npmjs.com</a></li>
|
|
<li>After a few weeks, if there's no resolution, we'll sort it out.</li>
|
|
</ol>
|
|
<p>Don't squat on package names. Publish code or move out of the way.</p>
|
|
<h2 id="description">DESCRIPTION</h2>
|
|
<p>There sometimes arise cases where a user publishes a module, and then later,
|
|
some other user wants to use that name. Here are some common ways that happens
|
|
(each of these is based on actual events.)</p>
|
|
<ol>
|
|
<li><p>Alice writes a JavaScript module <code>foo</code>, which is not node-specific. Alice
|
|
doesn't use node at all. Yusuf wants to use <code>foo</code> in node, so he wraps it in
|
|
an npm module. Some time later, Alice starts using node, and wants to take
|
|
over management of her program.</p>
|
|
</li>
|
|
<li><p>Yusuf writes an npm module <code>foo</code>, and publishes it. Perhaps much later, Alice
|
|
finds a bug in <code>foo</code>, and fixes it. She sends a pull request to Yusuf, but
|
|
Yusuf doesn't have the time to deal with it, because he has a new job and a
|
|
new baby and is focused on his new Erlang project, and kind of not involved
|
|
with node any more. Alice would like to publish a new <code>foo</code>, but can't,
|
|
because the name is taken.</p>
|
|
</li>
|
|
<li><p>Yusuf writes a 10-line flow-control library, and calls it <code>foo</code>, and
|
|
publishes it to the npm registry. Being a simple little thing, it never
|
|
really has to be updated. Alice works for Foo Inc, the makers of the
|
|
critically acclaimed and widely-marketed <code>foo</code> JavaScript toolkit framework.
|
|
They publish it to npm as <code>foojs</code>, but people are routinely confused when
|
|
<code>npm install foo</code> is some different thing.</p>
|
|
</li>
|
|
<li><p>Yusuf writes a parser for the widely-known <code>foo</code> file format, because he
|
|
needs it for work. Then, he gets a new job, and never updates the prototype.
|
|
Later on, Alice writes a much more complete <code>foo</code> parser, but can't publish,
|
|
because Yusuf's <code>foo</code> is in the way.</p>
|
|
</li>
|
|
<li><p><code>npm owner ls foo</code>. This will tell Alice the email address of the owner
|
|
(Yusuf).</p>
|
|
</li>
|
|
<li><p>Alice emails Yusuf, explaining the situation <strong>as respectfully as possible</strong>,
|
|
and what she would like to do with the module name. She adds the npm support
|
|
staff <a href="mailto:support@npmjs.com">support@npmjs.com</a> to the CC list of the email. Mention in the email
|
|
that Yusuf can run npm owner <code>add alice foo</code> to add Alice as an owner of the
|
|
foo package.</p>
|
|
</li>
|
|
<li><p>After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
|
|
and Alice can't come to any sort of resolution, email support
|
|
<a href="mailto:support@npmjs.com">support@npmjs.com</a> and we'll sort it out. ("Reasonable" is usually at least
|
|
4 weeks.)</p>
|
|
</li>
|
|
</ol>
|
|
<h2 id="reasoning">REASONING</h2>
|
|
<p>In almost every case so far, the parties involved have been able to reach an
|
|
amicable resolution without any major intervention. Most people really do want
|
|
to be reasonable, and are probably not even aware that they're in your way.</p>
|
|
<p>Module ecosystems are most vibrant and powerful when they are as self-directed
|
|
as possible. If an admin one day deletes something you had worked on, then that
|
|
is going to make most people quite upset, regardless of the justification. When
|
|
humans solve their problems by talking to other humans with respect, everyone
|
|
has the chance to end up feeling good about the interaction.</p>
|
|
<h2 id="exceptions">EXCEPTIONS</h2>
|
|
<p>Some things are not allowed, and will be removed without discussion if they are
|
|
brought to the attention of the npm registry admins, including but not limited
|
|
to:</p>
|
|
<ol>
|
|
<li>Malware (that is, a package designed to exploit or harm the machine on which
|
|
it is installed).</li>
|
|
<li>Violations of copyright or licenses (for example, cloning an MIT-licensed
|
|
program, and then removing or changing the copyright and license statement).</li>
|
|
<li>Illegal content.</li>
|
|
<li>"Squatting" on a package name that you plan to use, but aren't actually
|
|
using. Sorry, I don't care how great the name is, or how perfect a fit it is
|
|
for the thing that someday might happen. If someone wants to use it today,
|
|
and you're just taking up space with an empty tarball, you're going to be
|
|
evicted.</li>
|
|
<li>Putting empty packages in the registry. Packages must have SOME
|
|
functionality. It can be silly, but it can't be nothing. (See also:
|
|
squatting.)</li>
|
|
<li>Doing weird things with the registry, like using it as your own personal
|
|
application database or otherwise putting non-packagey things into it.</li>
|
|
<li>Other things forbidden by the npm
|
|
<a href="https://www.npmjs.com/policies/conduct">Code of Conduct</a> such as hateful
|
|
language, pornographic content, or harassment.</li>
|
|
</ol>
|
|
<p>If you see bad behavior like this, please report it to <a href="mailto:abuse@npmjs.com">abuse@npmjs.com</a> right
|
|
away. <strong>You are never expected to resolve abusive behavior on your own. We are
|
|
here to help.</strong></p>
|
|
<h2 id="trademarks">TRADEMARKS</h2>
|
|
<p>If you think another npm publisher is infringing your trademark, such as by
|
|
using a confusingly similar package name, email <a href="mailto:abuse@npmjs.com">abuse@npmjs.com</a> with a link to
|
|
the package or user account on <a href="https://www.npmjs.com/">https://www.npmjs.com/</a>.
|
|
Attach a copy of your trademark registration certificate.</p>
|
|
<p>If we see that the package's publisher is intentionally misleading others by
|
|
misusing your registered mark without permission, we will transfer the package
|
|
name to you. Otherwise, we will contact the package publisher and ask them to
|
|
clear up any confusion with changes to their package's <code><a href="../../doc/README.html">README</a></code> file or
|
|
metadata.</p>
|
|
<h2 id="changes">CHANGES</h2>
|
|
<p>This is a living document and may be updated from time to time. Please refer to
|
|
the <a href="https://github.com/npm/cli/commits/latest/doc/misc/npm-disputes.md">git history for this document</a>
|
|
to view the changes.</p>
|
|
<h2 id="license">LICENSE</h2>
|
|
<p>Copyright (C) npm, Inc., All rights reserved</p>
|
|
<p>This document may be reused under a Creative Commons Attribution-ShareAlike
|
|
License.</p>
|
|
<h2 id="see-also">SEE ALSO</h2>
|
|
<ul>
|
|
<li><a href="../misc/npm-registry.html">npm-registry(7)</a></li>
|
|
<li><a href="../cli/npm-owner.html">npm-owner(1)</a></li>
|
|
</ul>
|
|
|
|
</div>
|
|
|
|
<table border=0 cellspacing=0 cellpadding=0 id=npmlogo>
|
|
<tr><td style="width:180px;height:10px;background:rgb(237,127,127)" colspan=18> </td></tr>
|
|
<tr><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td><td style="width:40px;height:10px;background:#fff" colspan=4> </td><td rowspan=4 style="width:10px;height:10px;background:rgb(237,127,127)"> </td><td colspan=6 style="width:60px;height:10px;background:#fff"> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=4> </td></tr>
|
|
<tr><td colspan=2 style="width:20px;height:30px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=4 colspan=2> </td><td style="width:10px;height:20px;background:rgb(237,127,127)" rowspan=2> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:20px;height:10px;background:#fff" rowspan=3 colspan=2> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td><td style="width:10px;height:10px;background:#fff" rowspan=3> </td><td style="width:10px;height:10px;background:rgb(237,127,127)" rowspan=3> </td></tr>
|
|
<tr><td style="width:10px;height:10px;background:#fff" rowspan=2> </td></tr>
|
|
<tr><td style="width:10px;height:10px;background:#fff"> </td></tr>
|
|
<tr><td style="width:60px;height:10px;background:rgb(237,127,127)" colspan=6> </td><td colspan=10 style="width:10px;height:10px;background:rgb(237,127,127)"> </td></tr>
|
|
<tr><td colspan=5 style="width:50px;height:10px;background:#fff"> </td><td style="width:40px;height:10px;background:rgb(237,127,127)" colspan=4> </td><td style="width:90px;height:10px;background:#fff" colspan=9> </td></tr>
|
|
</table>
|
|
<p id="footer">npm-disputes — npm@6.5.0</p>
|
|
|