This document describes the steps that you should take to resolve naming disputes with other npm publishers. It also describes special steps you should take about names you think infringe your trademarks.
This document is additive to the guidelines in the npm Code of Conduct and npm Open-Source terms. Nothing in this document should be interpreted to contradict any aspect of the npm Code of Conduct or Open-Source Terms.
This process is an excellent way to:
If you see bad behavior or content you believe is unacceptable, refer to the Code of Conduct for guidelines on reporting violations. You are never expected to resolve abusive behavior on your own. We are here to help.
We are not currently accepting dispute requests to "adopt an abandoned package" or "Report Squatting" as we re-evaluate and update the overall dispute process.
To dispute a package called
foo, follow these steps:
foopackage. Please explain the why you believe the package should be transferred. You will get an automated reply from npm support to your email address.
To dispute an organization name, follow these steps:
@foo. Please explain the why you believe the Organizations should be transferred. You will get an automated reply from npm support to your email address.
To dispute a user name, follow these steps:
@foo. Please explain why you believe the Username should be transferred. You will get an automated reply from npm support to your email address.
If you think another npm publisher is infringing your trademark, such as by using a confusingly similar package, org, or user account name, open a support ticket at https://npmjs.com/support with a link to the package, org, or user account page on https://npmjs.com. Attach a copy of your trademark registration certificate.
If we see that the user, org, or package publisher is intentionally
misleading others by misusing your registered mark without permission,
we will transfer the account, org, or package name to you. Otherwise, we
will contact the relevant user and ask them to clear up any confusion with
changes to their user account page, or page, or package
Use of npm's own trademarks is covered by our Trademark Policy at https://docs.npmjs.com/trademark.
This is a living document and may be updated from time to time. Please refer to the git history for this document to view the changes.
We do not pro-actively scan the registry for squatted packages, so the fact that a name is in use does not mean we consider it valid. The standards for what we consider squatting depend on what is being squatted:
Package names are considered squatted if the package has no genuine function.
Organization names are considered squatted if there are no packages published within a reasonable time. If an organization is a paid organization, it may have private packages that are invisible to third parties. For privacy reasons, we cannot reveal whether or not an organization has private packages, so a paid organization will never be considered squatted.
We are extremely unlikely to transfer control of a user name, as it is totally valid to be an npm user and never publish any packages: for instance, you might be part of an organization or need read-only access to private packages.
Copyright (C) npm, Inc., All rights reserved
This document may be reused under a Creative Commons Attribution-ShareAlike License.