NPM Fiasco: How it Impacted Me, My Thoughts on the Matter, and what I’m Doing Now
I’m not going to go into details about the incident. I’m sure you all know what it’s about, if you don’t just good “NPM vs Azer vs Kik” and you’ll find a lot of information.
I remember when it happened however. I was working on one of my projects and I guess I just npm installed at the wrong time. “Failed to install left-pad”, “Failed to install right-pad”, and so much more. After all of this I guess I never really knew how many of my dependencies required on some of these simple micro-packages. It’s crazy! Needless to say, not all of my dependencies got updated to point to the new sources. Just recently they all finished updating, and it’s not something I can do because there’s no point because once I run “npm install,” it will all be overwritten anyway. Although I’m not a huge developer, or have some popular module, it still affected me in a way.
This whole situation did impact me and I may not have a huge voice, but I still have one and I’m going to speak out on the matter. I truly believe both Azer AND Kik were in the wrong, and I believe NPM did what they thought was right. I don’t believe they did it because it was some huge company. However, I’ll talk about that in a minute.
So how do I feel about the words and actions exchanged between Azer and Kik? Well from the start the Kik representative came off as harsh. It, to me, seemed like [he] was wanting to make sure that Azer knew [he] wasn’t kidding around and that he was willing to go to extreme lengths to get what he wanted, which in turn made the whole situation worse. However, in turn, Azer shouldn’t have just said, “screw you. Don’t ever email me again,” because this makes him look childish.
I looked back in the NPM registry for the Kik module that Azer wrote, it was created October 31 of 2015. The app Kik was established in 2009. Here’s what Azer needs to understand, his module was the same name of a company created 6 years prior. It’s not like his module’s name was kickstart which theoretically he could’ve emailed them about and asked for ownership since it hasn’t been updated in 4 years and it has less than 200 downloads, this is assuming if the owner wouldn’t respond and/or wasn’t active. His module name was Kik. No matter what, technically Kik owns the right to the name. Speaking of that trademark, let’s take a look at the dates. The priority date (date of the first application filing) was September 9, 2015 and the official filing date was March 7, 2016. Although the final filing date was this year, their name was still in the trademark system a month before Azer published his module. These are the things that should’ve been communicated between the two parties, and this is what Azer needs to understand: there was other ways to go about this. Being a dick to a dick, results in nothing. Azer came off to me personally very immature and irresponsible. Is this the kind of first impression he wanted to make? If so, he did it. Same with Kik.
I believe that the NPM representative did what [he] believed was right. He sided with the person with the trademark. Also, think of this logically: when you type in Kik in that search bar, would you expect a module from Kik or Azer? I would expect something relating to the app.
Azer responded to the NPM representative saying that he can’t believe that he would do this to him, and mentioning how many years he’s known him. Well let me ask this, should personal bias be at the root of any organization? If that were true, I would have no users on some of my products because the one’s that use it the most I don’t like on a personal level and I would’ve banned them a long time ago if I allowed personal bias into my product. You side with what’s logical, not with personal.
So all in all, I believe both Kik and Azer made bad impressions for themselves and both could have reacted better to the other.
What about the modules Azer unpublished though? Well, leading on from what I previously talked about with Kik and Azer’s interaction, Azer decided to (in retaliation of NPM’s decision) unpublish all his modules from NPM. This caused many packages to break, including the ones I use in my projects; all because of a module called left-pad. It’s a micro-package, but a useful one apparently. It just saves developers that extra 5 minutes in each project and if you have ever worked on a time limit, 5 minutes is a lot.
I think this specific action was completely irresponsible. Now I know a lot of people will disagree with this. I’ve already talked to people who disagree with this. The main question with this argument is, “when you have open-source code with this many installs, is it really yours to delete?” Now a lot may say that it’s up to the developer, but is it really? Let’s take a look at this from the idea of the open-source community having the idea of a social contract. If you don’t know what it means, here is Google’s short definition for it:
Social Contract
an implicit agreement among the members of a society to cooperate for social benefits
Google also provides an example:
for example by sacrificing some individual freedom for state protection
Now think of this for an open-source community; by providing code that so many use to places like NPM, you’re “sacrificing” your freedom to just completely abolish that code. Technically you could, but not without repercussions, in this case he affected companies including Facebook, Twitter (I can not confirm on this one), and even Kik (funny, am I right?). By publishing this code to NPM, he entered a social contract willingly.
When it comes to code that was used so much like left-pad, it comes down to a God complex; just like how medical doctors hold the life of their patients in their hand at many points throughout their career, Azer held the status of many projects and products. He played God, and he failed to uphold his responsibilities as a developer.
So, what am I doing now? I’m actually working on getting ownership of some of the modules he unpublished. I don’t think it’s right that a module of his, even with only a couple hundred installs a month, should be left unattended. I’m just waiting on the response from NPM.
I do want to clarify though that I’m NOT using Azer’s code. I’m rewriting everything. I’m not just copying and pasting. However, I will admit that I have his repositories up to make sure that I’m getting the closest I can to the original product without making an exact replica. So that’s what I’m doing.
Thanks everyone for taking the time to hear me out with this. I’ll accept any comments countering my thoughts on the subject, however don’t be a child and post things like “you’re stupid af.” At least provide an argument of why I’m stupid, would love to see your reasoning.
One other quick thing, I know how open-source is defined. It’s code that’s made available for free to redistribute and modify; I’m not discussing redistribution or modification, I’m discussing the actions taken with the code.
Have a wonderful week everyone!
