- Handling Module Name Disputes
- Get the author email with npm owner ls
- Email the author, CC firstname.lastname@example.org
- After a few weeks, if there´s no resolution,
we´ll sort it out.
Don´t squat on package names. Publish code or move out of the way.
There sometimes arise cases where a user publishes a module, and then later,
some other user wants to use that name. Here are some common ways that happens
(each of these is based on actual events.)
node-specific. Joe doesn´t use node at all. Bob wants to use
foo in node, so he wraps it in an npm module. Some time later, Joe
starts using node, and wants to take over management of his program.
- Bob writes an npm module foo, and publishes it.
Perhaps much later, Joe finds a bug in foo, and fixes it. He sends
a pull request to Bob, but Bob doesn´t have the time to deal with
it, because he has a new job and a new baby and is focused on his new
erlang project, and kind of not involved with node any more. Joe would
like to publish a new foo, but can´t, because the name is
- Bob writes a 10-line flow-control library, and calls it
foo, and publishes it to the npm registry. Being a simple little
thing, it never really has to be updated. Joe works for Foo Inc, the
makers of the critically acclaimed and widely-marketed foo
people are routinely confused when npm install foo is some
- Bob writes a parser for the widely-known foo file
format, because he needs it for work. Then, he gets a new job, and never
updates the prototype. Later on, Joe writes a much more complete
foo parser, but can´t publish, because Bob´s
foo is in the way.
The validity of Joe´s claim in each situation can be debated. However,
Joe´s appropriate course of action in each case is the same.
- npm owner ls foo. This will tell Joe the email
address of the owner (Bob).
- Joe emails Bob, explaining the situation as respectfully
as possible, and what he would like to do with the module name. He
adds the npm support staff email@example.com to the CC list of the
email. Mention in the email that Bob can run npm owner add joe foo
to add Joe as an owner of the foo package.
- After a reasonable amount of time, if Bob has not
responded, or if Bob and Joe can´t come to any sort of resolution,
email support firstname.lastname@example.org and we´ll sort it out.
("Reasonable" is usually at least 4 weeks, but extra time is
allowed around common holidays.)
In almost every case so far, the parties involved have been able to reach an
amicable resolution without any major intervention. Most people really do want
to be reasonable, and are probably not even aware that they´re in your
Module ecosystems are most vibrant and powerful when they are as self-directed
as possible. If an admin one day deletes something you had worked on, then
that is going to make most people quite upset, regardless of the
justification. When humans solve their problems by talking to other humans
with respect, everyone has the chance to end up feeling good about the
Some things are not allowed, and will be removed without discussion if they are
brought to the attention of the npm registry admins, including but not limited
- Malware (that is, a package designed to exploit or harm the
machine on which it is installed).
- Violations of copyright or licenses (for example, cloning
an MIT-licensed program, and then removing or changing the copyright and
- Illegal content.
- "Squatting" on a package name that you
plan to use, but aren´t actually using. Sorry, I
don´t care how great the name is, or how perfect a fit it is for
the thing that someday might happen. If someone wants to use it today, and
you´re just taking up space with an empty tarball, you´re
going to be evicted.
- Putting empty packages in the registry. Packages must have
SOME functionality. It can be silly, but it can´t be
nothing. (See also: squatting.)
- Doing weird things with the registry, like using it as your
own personal application database or otherwise putting non-packagey things
If you see bad behavior like this, please report it right away.
- npm help registry
- npm help owner