This is really sad. I’m with Azer 100%. There is a corporate world and there is an open source world. The corporate world loves using free and open source libraries and frameworks that help them making money. But they won’t think twice and will invest hundreds of thousands of dollars to win the case against Azer if need be.
Why a company with 270 million users rejected Azer’s offer to buy the name from him for mere $30K? Because they are a bunch of dicks as Azer correctly put it. They want free stuff.
There should be some international law that will make the commercial and the open source worlds live in parallel dimensions. If one corp uses a trademarked term from another corp, it can be sued. But they should not reach out to the open source world imposing their rules there.
Guys, this may open a can of worms. kik.com should back off!
Part 2 or is my application at risk
That’s right. Those five packages had dependencies and 263 npm packages where installed on my computer in less than a minute. Some of them were developed by big companies, but most of them were developed by one person like Azer.
To be more specific, my application heavily depends on module loader called SystemJS (see the package #259), which was developed by the guy named Guy Bedford, a respected developer who contributed tons of code to the open source community (btw, Guy is also the author of JSPM package manager). What if for whatever reason Guy will become as angry as Azer and will remove SystemJS from npm? This will affect thousands of projects. These projects won’t stop working, because SystemJS is already installed locally, but lots and lots of people will need to spend time and find a replacement or start fixing builds, bugs and adding features to the local version of SystemJS instead of working on their applications.
Some open source developer nicely illustrated a scenario when an 11-line library responsible for left-padding strings was removed from npmjs.org. Check this out 🙂 David Haney raises the right question, “Have we forgotten how to program?”
Part 3 OMG, what do I do?
Nothing. Just accept the reality of today’s open source world. At least I live with an assumption that any of the above 263 packages may stop being developed any moment, and the versions I have already installed are the last ones. At least I have the source code…
Update. NPM has addressed this issue, and Azer won’t be able to unpublish his packages unless they are younger than 24 hours.
3 thoughts on “My two cents on the npm scandal”
I just went over to Kik corp’s medium.com post and gave them a piece of my mind. I’d suggest that everyone else do the same. Take it to the source. Tell them how it makes you feel. Tell them what they should do with their lawyers. Create a s#%& storm, in other words.
I left my comment there before writing this post.
Now that Kik is in the limelight maybe we should bring up content like this: http://www.nytimes.com/2016/02/06/us/social-media-apps-anonymous-kik-crime.html?_r=0
“Kik is the problem app of the moment,” said David Frattare, commander of the Ohio Internet Crimes Against Children Task Force, which includes hundreds of law enforcement agencies. “We tell parents about Kik, and to them it’s some earth-shattering news, and then it turns out it’s been on their kid’s phone for months and months. And as a law enforcement agency, the information that we can get from Kik is extremely limited.”