This document describes the steps that you should take to resolve module name disputes with other npm publishers. It also describes special steps you should take about names you think infringe your trademarks.
This document is additive to the guidelines in the npm Code of Conduct and npm Open-Source terms. Nothing in this document should be interpreted to contradict any aspect of the npm Code of Conduct or Open-Source Terms.
npm owner ls <pkgname>
Don't squat on package names, user names or organization names. Publish code or move out of the way.
This process is an excellent way to:
If you see bad behavior or content you believe is unacceptable, refer to the Code of Conduct for guidelines on reporting violations. You are never expected to resolve abusive behavior on your own. We are here to help.
To dispute a package called
foo, follow these steps:
npm owner ls foo. This will give you the email address of an owner of
foo(there may be more than one valid owner).
npm owner add <yourusername> footo do so.
To dispute an organization name, follow these steps:
To dispute a user name, follow these steps:
In most disputes, the parties involved have been able to reach an amicable resolution without any major intervention. Most people really do want to be reasonable, and are probably not even aware that they're in your way.
Module ecosystems are most vibrant and powerful when they are as self-directed as possible. If an admin one day deletes something you had worked on, then that is going to make most people quite upset, regardless of the justification. When humans solve their problems by talking to other humans with respect, everyone has the chance to end up feeling good about the interaction.
We do not pro-actively scan the registry for squatted packages, so the fact that a name is in use does not mean we consider it valid. The standards for what we consider squatting depend on what is being squatted:
Package names are considered squatted if the package has no genuine function. This judgement is made by a human, and attempts to "game" squatting by making pseudo-functional packages will increase, not decrease, the likelihood that we will transfer the package to a user who requests it.
Organization names are considered squatted if there are no packages published within a reasonable time. If an organization is a paid organization, it may have private packages that are invisible to third parties. For privacy reasons, we cannot reveal whether or not an organization has private packages, so a paid organization will never be considered squatted.
Unlike users, organizations do not have an "owner" or published email address. If you believe an organization is squatted, email email@example.com directly and we will make the determination on your behalf.
We are extremely unlikely to transfer control of a user name, as it is totally valid to be an npm user and never publish any packages: for instance, you might be part of an organization or need read-only access to private packages. If a user has not logged into their account in a long time, we may consider transferring a name if it is requested by a new user.
If you think another npm publisher is infringing your trademark, such as by using a confusingly similar package name, email firstname.lastname@example.org with a link to the package or user account on https://npmjs.com. Attach a copy of your trademark registration certificate.
If we see that the package's publisher is intentionally misleading others
by misusing your registered mark without permission, we will transfer the
package name to you. Otherwise, we will contact the package publisher
and ask them to clear up any confusion with changes to their package's
README file or metadata.
Use of npm's own trademarks is covered by our Trademark Policy at https://www.npmjs.com/policies/trademark.
This is a living document and may be updated from time to time. Please refer to the git history for this document to view the changes.
Copyright (C) npm, Inc., All rights reserved
This document may be reused under a Creative Commons Attribution-ShareAlike License.
Last modified September 19, 2017 Found a typo? Send a pull request!