summaryrefslogtreecommitdiff
path: root/deps/npm/man/man7/disputes.7
diff options
context:
space:
mode:
Diffstat (limited to 'deps/npm/man/man7/disputes.7')
-rw-r--r--deps/npm/man/man7/disputes.7149
1 files changed, 149 insertions, 0 deletions
diff --git a/deps/npm/man/man7/disputes.7 b/deps/npm/man/man7/disputes.7
new file mode 100644
index 0000000000..53cf2464a9
--- /dev/null
+++ b/deps/npm/man/man7/disputes.7
@@ -0,0 +1,149 @@
+.TH "DISPUTES" "7" "December 2019" "" ""
+.SH "NAME"
+\fBdisputes\fR \- Handling Module Name Disputes
+.P
+This document describes the steps that you should take to resolve module name
+disputes with other npm publishers\. It also describes special steps you should
+take about names you think infringe your trademarks\.
+.P
+This document is a clarification of the acceptable behavior outlined in the
+npm Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR, and nothing in
+this document should be interpreted to contradict any aspect of the npm Code of
+Conduct\.
+.SS TL;DR
+.RS 0
+.IP 1. 3
+Get the author email with \fBnpm owner ls <pkgname>\fP
+.IP 2. 3
+Email the author, CC support@npmjs\.com
+.IP 3. 3
+After a few weeks, if there's no resolution, we'll sort it out\.
+
+.RE
+.P
+Don't squat on package names\. Publish code or move out of the way\.
+.SS Description
+.P
+There sometimes arise cases where a user publishes a module, and then later,
+some other user wants to use that name\. Here are some common ways that happens
+(each of these is based on actual events\.)
+.RS 0
+.IP 1. 3
+Alice writes a JavaScript module \fBfoo\fP, which is not node\-specific\. Alice
+doesn't use node at all\. Yusuf wants to use \fBfoo\fP in node, so he wraps it in
+an npm module\. Some time later, Alice starts using node, and wants to take
+over management of her program\.
+.IP 2. 3
+Yusuf writes an npm module \fBfoo\fP, and publishes it\. Perhaps much later, Alice
+finds a bug in \fBfoo\fP, and fixes it\. She sends a pull request to Yusuf, but
+Yusuf doesn't have the time to deal with it, because he has a new job and a
+new baby and is focused on his new Erlang project, and kind of not involved
+with node any more\. Alice would like to publish a new \fBfoo\fP, but can't,
+because the name is taken\.
+.IP 3. 3
+Yusuf writes a 10\-line flow\-control library, and calls it \fBfoo\fP, and
+publishes it to the npm registry\. Being a simple little thing, it never
+really has to be updated\. Alice works for Foo Inc, the makers of the
+critically acclaimed and widely\-marketed \fBfoo\fP JavaScript toolkit framework\.
+They publish it to npm as \fBfoojs\fP, but people are routinely confused when
+\fBnpm install foo\fP is some different thing\.
+.IP 4. 3
+Yusuf writes a parser for the widely\-known \fBfoo\fP file format, because he
+needs it for work\. Then, he gets a new job, and never updates the prototype\.
+Later on, Alice writes a much more complete \fBfoo\fP parser, but can't publish,
+because Yusuf's \fBfoo\fP is in the way\.
+.IP 5. 3
+\fBnpm owner ls foo\fP\|\. This will tell Alice the email address of the owner
+(Yusuf)\.
+.IP 6. 3
+Alice emails Yusuf, explaining the situation \fBas respectfully as possible\fR,
+and what she would like to do with the module name\. She adds the npm support
+staff support@npmjs\.com to the CC list of the email\. Mention in the email
+that Yusuf can run npm owner \fBadd alice foo\fP to add Alice as an owner of the
+foo package\.
+.IP 7. 3
+After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
+and Alice can't come to any sort of resolution, email support
+support@npmjs\.com and we'll sort it out\. ("Reasonable" is usually at least
+4 weeks\.)
+
+.RE
+.SS Reasoning
+.P
+In almost every case so far, the parties involved have been able to reach an
+amicable resolution without any major intervention\. Most people really do want
+to be reasonable, and are probably not even aware that they're in your way\.
+.P
+Module ecosystems are most vibrant and powerful when they are as self\-directed
+as possible\. If an admin one day deletes something you had worked on, then that
+is going to make most people quite upset, regardless of the justification\. When
+humans solve their problems by talking to other humans with respect, everyone
+has the chance to end up feeling good about the interaction\.
+.SS Exceptions
+.P
+Some things are not allowed, and will be removed without discussion if they are
+brought to the attention of the npm registry admins, including but not limited
+to:
+.RS 0
+.IP 1. 3
+Malware (that is, a package designed to exploit or harm the machine on which
+it is installed)\.
+.IP 2. 3
+Violations of copyright or licenses (for example, cloning an MIT\-licensed
+program, and then removing or changing the copyright and license statement)\.
+.IP 3. 3
+Illegal content\.
+.IP 4. 3
+"Squatting" on a package name that you plan to use, but aren't actually
+using\. Sorry, I don't care how great the name is, or how perfect a fit it is
+for the thing that someday might happen\. If someone wants to use it today,
+and you're just taking up space with an empty tarball, you're going to be
+evicted\.
+.IP 5. 3
+Putting empty packages in the registry\. Packages must have SOME
+functionality\. It can be silly, but it can't be nothing\. (See also:
+squatting\.)
+.IP 6. 3
+Doing weird things with the registry, like using it as your own personal
+application database or otherwise putting non\-packagey things into it\.
+.IP 7. 3
+Other things forbidden by the npm
+Code of Conduct \fIhttps://www\.npmjs\.com/policies/conduct\fR such as hateful
+language, pornographic content, or harassment\.
+
+.RE
+.P
+If you see bad behavior like this, please report it to abuse@npmjs\.com right
+away\. \fBYou are never expected to resolve abusive behavior on your own\. We are
+here to help\.\fR
+.SS Trademarkss
+.P
+If you think another npm publisher is infringing your trademark, such as by
+using a confusingly similar package name, email abuse@npmjs\.com with a link to
+the package or user account on https://www\.npmjs\.com/ \fIhttps://www\.npmjs\.com/\fR\|\.
+Attach a copy of your trademark registration certificate\.
+.P
+If we see that the package's publisher is intentionally misleading others by
+misusing your registered mark without permission, we will transfer the package
+name to you\. Otherwise, we will contact the package publisher and ask them to
+clear up any confusion with changes to their package's \fBREADME\fP file or
+metadata\.
+.SS Changes
+.P
+This is a living document and may be updated from time to time\. Please refer to
+the git history for this document \fIhttps://github\.com/npm/cli/commits/latest/doc/misc/npm\-disputes\.md\fR
+to view the changes\.
+.SS License
+.P
+Copyright (C) npm, Inc\., All rights reserved
+.P
+This document may be reused under a Creative Commons Attribution\-ShareAlike
+License\.
+.SS See also
+.RS 0
+.IP \(bu 2
+npm help registry
+.IP \(bu 2
+npm help owner
+
+.RE
View Lorry Controller Status