This document describes the steps that you should take to resolve naming disputes with other npm publishers. It also describes the steps you should take if you think a name infringes your trademark.

This document is additive to the guidelines in the npm Code of Conduct and npm Open-Source terms. Nothing in this document should be interpreted to contradict any aspect of the npm Code of Conduct or Open-Source Terms.

tl;dr

  1. Open a support ticket at https://support.github.com/contact/npm-name-disputes.
  2. Fill out the form with as much detail as possible.
  3. Support will address your request. Please note submitting a report does not guarantee the transfer of a package, org, or username.

When to use this process

This process is an excellent way to:

  • Request a name that you believe is currently misleading or could be confused with a name used by your company or open source project
  • Request a name related to your company or open source project that cannot be claimed via account recovery

This process does not apply if the package violates our Terms of Use, in particular our Acceptable Use and Acceptable Content rules, or our Code of Conduct. Those documents refer to this one to resolve cases of "squatting"; see below.

If you see bad behavior or content you believe is unacceptable, refer to the Code of Conduct for guidelines on reporting violations. You are never expected to resolve abusive behavior on your own. We are here to help.

When not to use this process

This process is not available for dispute requests due to lack of activity related to a specific name.

Please also note there are cases where a party may have claim to a specific name, but giving that name to the requesting party would pose a supply-chain risk to the npm ecosystem. In such cases, requests may be denied independent of the validity of the claim.

Trademarks

npm processes Trademark claims under GitHub's Trademark Policy.

If you think another npm publisher is infringing your trademark, such as by using a confusingly similar package, org, or user account name, please submit a Trademark Policy Violation Report via our form.

Use of npm's own trademarks is covered by our Logo and Usage Policy.

Changes

This is a living document and may be updated from time to time. Please refer to the git history for this document to view the changes.

Definitions

Squatting

It is against npm's Terms of Use to publish a package, register a user name or an organization name simply for the purposes of reserving it for future use.

We do not pro-actively scan the registry for squatted packages, so the fact that a name is in use does not mean we consider it valid. The standards for what we consider squatting depend on what is being squatted:

Packages

Package names are considered squatted if the package has no genuine function.

Organizations

Organization names are considered squatted if there are no packages published within a reasonable time. If an organization is a paid organization, it may have private packages that are invisible to third parties. For privacy reasons, we cannot reveal whether or not an organization has private packages, so a paid organization will never be considered squatted.

User names

We are extremely unlikely to transfer control of a user name, as it is totally valid to be an npm user and never publish any packages: for instance, you might be part of an organization or need read-only access to private packages.

License

Copyright (C) npm, Inc., All rights reserved

This document may be reused under a Creative Commons Attribution-ShareAlike License.