• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1---
2section: using-npm
3title: disputes
4description: Handling Module Name Disputes
5---
6
7# disputes(7)
8
9## Handling Module Name Disputes
10
11This document describes the steps that you should take to resolve module name
12disputes with other npm publishers. It also describes special steps you should
13take about names you think infringe your trademarks.
14
15This document is a clarification of the acceptable behavior outlined in the
16[npm Code of Conduct](https://www.npmjs.com/policies/conduct), and nothing in
17this document should be interpreted to contradict any aspect of the npm Code of
18Conduct.
19
20### TL;DR
21
221. Get the author email with `npm owner ls <pkgname>`
232. Email the author, CC <support@npmjs.com>
243. After a few weeks, if there's no resolution, we'll sort it out.
25
26Don't squat on package names.  Publish code or move out of the way.
27
28### Description
29
30There sometimes arise cases where a user publishes a module, and then later,
31some other user wants to use that name. Here are some common ways that happens
32(each of these is based on actual events.)
33
341. Alice writes a JavaScript module `foo`, which is not node-specific. Alice
35   doesn't use node at all. Yusuf wants to use `foo` in node, so he wraps it in
36   an npm module. Some time later, Alice starts using node, and wants to take
37   over management of her program.
382. Yusuf writes an npm module `foo`, and publishes it. Perhaps much later, Alice
39   finds a bug in `foo`, and fixes it. She sends a pull request to Yusuf, but
40   Yusuf doesn't have the time to deal with it, because he has a new job and a
41   new baby and is focused on his new Erlang project, and kind of not involved
42   with node any more. Alice would like to publish a new `foo`, but can't,
43   because the name is taken.
443. Yusuf writes a 10-line flow-control library, and calls it `foo`, and
45   publishes it to the npm registry. Being a simple little thing, it never
46   really has to be updated. Alice works for Foo Inc, the makers of the
47   critically acclaimed and widely-marketed `foo` JavaScript toolkit framework.
48   They publish it to npm as `foojs`, but people are routinely confused when
49   `npm install foo` is some different thing.
504. Yusuf writes a parser for the widely-known `foo` file format, because he
51   needs it for work. Then, he gets a new job, and never updates the prototype.
52   Later on, Alice writes a much more complete `foo` parser, but can't publish,
53   because Yusuf's `foo` is in the way.
54
551. `npm owner ls foo`. This will tell Alice the email address of the owner
56   (Yusuf).
572. Alice emails Yusuf, explaining the situation **as respectfully as possible**,
58   and what she would like to do with the module name. She adds the npm support
59   staff <support@npmjs.com> to the CC list of the email. Mention in the email
60   that Yusuf can run npm owner `add alice foo` to add Alice as an owner of the
61   foo package.
623. After a reasonable amount of time, if Yusuf has not responded, or if Yusuf
63   and Alice can't come to any sort of resolution, email support
64   <support@npmjs.com> and we'll sort it out. ("Reasonable" is usually at least
65   4 weeks.)
66
67### Reasoning
68
69In almost every case so far, the parties involved have been able to reach an
70amicable resolution without any major intervention. Most people really do want
71to be reasonable, and are probably not even aware that they're in your way.
72
73Module ecosystems are most vibrant and powerful when they are as self-directed
74as possible. If an admin one day deletes something you had worked on, then that
75is going to make most people quite upset, regardless of the justification. When
76humans solve their problems by talking to other humans with respect, everyone
77has the chance to end up feeling good about the interaction.
78
79### Exceptions
80
81Some things are not allowed, and will be removed without discussion if they are
82brought to the attention of the npm registry admins, including but not limited
83to:
84
851. Malware (that is, a package designed to exploit or harm the machine on which
86   it is installed).
872. Violations of copyright or licenses (for example, cloning an MIT-licensed
88   program, and then removing or changing the copyright and license statement).
893. Illegal content.
904. "Squatting" on a package name that you plan to use, but aren't actually
91   using. Sorry, I don't care how great the name is, or how perfect a fit it is
92   for the thing that someday might happen. If someone wants to use it today,
93   and you're just taking up space with an empty tarball, you're going to be
94   evicted.
955. Putting empty packages in the registry. Packages must have SOME
96   functionality. It can be silly, but it can't be nothing. (See also:
97   squatting.)
986. Doing weird things with the registry, like using it as your own personal
99   application database or otherwise putting non-packagey things into it.
1007. Other things forbidden by the npm
101   [Code of Conduct](https://www.npmjs.com/policies/conduct) such as hateful
102   language, pornographic content, or harassment.
103
104If you see bad behavior like this, please report it to <abuse@npmjs.com> right
105away. **You are never expected to resolve abusive behavior on your own. We are
106here to help.**
107
108### Trademarks
109
110If you think another npm publisher is infringing your trademark, such as by
111using a confusingly similar package name, email <abuse@npmjs.com> with a link to
112the package or user account on [https://www.npmjs.com/](https://www.npmjs.com/).
113Attach a copy of your trademark registration certificate.
114
115If we see that the package's publisher is intentionally misleading others by
116misusing your registered mark without permission, we will transfer the package
117name to you. Otherwise, we will contact the package publisher and ask them to
118clear up any confusion with changes to their package's `README` file or
119metadata.
120
121### Changes
122
123This is a living document and may be updated from time to time. Please refer to
124the [git history for this document](https://github.com/npm/cli/commits/latest/doc/misc/npm-disputes.md)
125to view the changes.
126
127### License
128
129Copyright (C) npm, Inc., All rights reserved
130
131This document may be reused under a Creative Commons Attribution-ShareAlike
132License.
133
134### See also
135
136* [npm registry](/using-npm/registry)
137* [npm owner](/cli-commands/npm-owner)
138