It's worth adding that you should reach out to the author first if you find such a package in npm. There's a good chance that they're not "squatting" the name intentionally - they probably just started a project excitedly and didn't push as fast as they'd hoped.
I had a "dynamo" and "task" in npm without little or no code. I was contacted by jed who had a dynamo client ready to go and tkellen who wanted task for a gruntjs related project. - in both cases I gave up the names. No drama, no need call anyone a squatter, no need to get Isaac involved, good times. On Saturday, December 15, 2012 11:10:23 AM UTC+11, Isaac Schlueter wrote: > > TL;DR - Package squatting is not allowed. If you sit on a package > name and don't publish code, it'll be deleted without warning. > > ---- > > npm package names have always been a "first come, first served" > system. I think this is generally good. It incentivizes early > adopters, which is important, because they're the most valuable users. > > It also is a powerful motivator to *actually write code*. > Traditionally, the pattern has been that if you think of a great name, > well, you'd better ship something, then! We never had to have an > explicit rule about publishing empty packages, for the same reason > that you don't have to have an explicit rule about leaving garbage on > the floor in someone's house. It's just not something you'd do. > > It is hard to really comprehend *just how many* possible package names > there are. The math isn't that hard, but the actual numbers are > mind-boggling. Even just limiting to 4 characters, there's > 36*38*38*38 potential names. That's about 100x the number of npm > packages that have ever been published. And yes, it includes stuff > like 0-_-, but still. You don't have to limit it to 4 characters. At > 8 characters, there's 4118960973312 potential names. If you got TJ > Holowaychunk and Raynos and Substack and architectd and Dominic Tarr > together and managed to get them to publish a package with a unique > 8-character name every MILLISECOND, it'd take OVER 130 YEARS to ever > use them all up! Absurdity aside, there are millions and millions of > common words and clever spellings. We'll never run out. There is no > scarcity. > > (To the alpha-nerds in the audience: this is not a challenge. Please > don't DOS the registry. ;) > > The official policy for handing name disputes mostly focuses on > abandoned modules, confusing name collisions, and other cases where > two parties both actually have published (or want to publish) working > code. There's never been a need to make the "no seat saving" > explicit, because it just didn't happen much. Disputes between two > authors have generally always been handled pretty easily. The > occasional "no code here" module was always a mistake or an oversight, > and promptly cleaned up. > > Lately, probably owing to the increase in our community's size, or the > increase in npm's popularity, or some combination of factors, I've > been seeing a lot more cases where someone asks to use a module, > pointing out that the author isn't using it, and they're told, "No, > that's something I'll be publishing at some time in the future." When > I've stepped in and made a ruling, pointing out that **npm is for node > modules that exist, not for node modules that don't exist**, the > squatters have in some cases reacted with surprise and frustration. > It's gotten un-amicable. > > If you think I'm talking about you, you're probably right. But I > wouldn't bother to write this if it had been an isolated incident, so > you're not alone. I don't want to single anyone out, and it's > happened enough times that clearly there's some widespread confusion > about what's ok and what isn't. You're not a bad person. You didn't > know. > > To be fair, yes, this was never a part of any "official" policy in an > explicit way. So, as of > > https://github.com/isaacs/npm/commit/993abe412db791f9460932371b39642817523aab > (and this email) it's explicit. (The great thing about npm being a > dictatorship is that it doesn't ultimately matter what any policy > says. My interest is for the node community to write code, so > anything that stands in the way of that gets cut down, policy be > damned.) > > It is very easy to rename a module. It's a matter of changing *a > single field* in a JSON doc. If it takes a few months to build > something, and someone publishes something in with the same name in > the meantime, that means a few things are likely: > > 1. You took took long. Go faster. Which probably means: > 1a. You tried to write something that was too big. Build smaller. > 2. The name you chose is too vague and doesn't tell much about your > problem domain. Which probably means: > 2a. Your problem domain is ill defined. (Is it an MVC framework? > CMS platform? Stop right there.) > > If that happens, just pick a new name! There are literally zillions > to choose from. It doesn't matter how long you've slaved over the > code to make your module, with the hope of using that name. They got > it over the finish line first. That's how "first come first served" > works. > > This is the warning. If you're reading this, and you have something > that you're "intending" to publish "soon", hurry up! If your module > is just a placeholder, it'll be removed the first time someone calls > attention to it. > > It pains me to have to do administration of any sort. Really. You > have no idea how lazy I am when it comes to petty things like this, > and I don't enjoy being a hardass. But npm is not for owning words. > It's for sharing code. Hack or get out of the way. > -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en
