[bastawhiz]

Claiming that users would be confused when installing the Kik package is a bit of a bad excuse. Installing a package without knowing what it is or does is simply nonsensical. There's no way of knowing even _how to use_ the package without looking up information about it beforehand. Anyone seriously installing a software package using a developer tool without knowing anything other than the package's name is a fool.

Additionally, the lawyers in question did not seem to want to put a new package online, they simply wanted to take down the existing one. This does not seem to be the intent of the name resolution policy.

This was a bad call on the part of the NPM team, and they should reevaluate how they arbitrate these issues.

[bsimpson]

Kik (the company) wanted to publish an npm module using their trademarked company name[1]. As has long been npm's policy, they asked the trademark holder and the author to work it out amicably. Azer handled the situation about as gracefully as you'd expect from someone who published a module without checking if the name was clear and rage-quit when that decision bit him, bitching about "corporations" and stranding the countless developers who (eventually) depended on one of his modules.

npm and Kik did most-everything right. The problem was in unpublishing already published tags. Once a tag is published, it shouldn't be able to be unpublished except in the most extenuating circumstances (perhaps a brand-new tag that inadvertently included PII). After a name changes hands, the new owner shouldn't be able to publish a new build in any of the major versions the previous owner tagged. Moreover, wholesale unpublishing modules shouldn't be allowed for the exact reasons this incident demonstrated. Based on npm's response, it sounds like they've learned that.

[1]: https://medium.com/@mproberts/a-discussion-about-the-breakin...

[jsprogrammer]

The problem is that KIK (the company) has no registered trademark for this use. If they had, they (or you) could point to the specific registration that the `kik` project infringed upon.

Any talk about trademarks is irrelevant (and npm even claims in this article that it had nothing to do with their decision).

Additionally, the `kik` package now has this description:

'This package name is not currently in use, but was formerly occupied by a popular package. To avoid malicious use, npm is hanging on to the package name, but loosely, and we\'ll probably give it to you if you want it.'

So...why did this happen again?

[dandelany]

Because Kik plans to `npm publish kik`, presumably a JS API or something. That is a stock robomessage, though granted, not a very good one under the circumstances.

[bsimpson]

The first rule of open source is check if the name has any other popular uses (using, at the very least, Google and the USPTO). Whether or not Kik would have sued for trademark infringement is secondary - before publishing, the author should have searched for the name, and when he saw an established product using it, chosen something else.

npm has never been secretive about its name collision policy.

[deciplex]

Wait, like to anyone who wants it? I wonder what would happen if Azer asked for it back, heh.

[naviehuynh]

I've done apt-get install node on ubuntu and got a legacy package. Would you go to check if apt-get install firefox really install the browser and do it every single time you install something? It's not totally a bad excuse I think.

[joepie91_]

Those are applications, that you can use without the documentation. These are libraries, for which you need to read the documentation first, whether official or third-party. They're really not comparable at all.

[undersuit]

For a long time the Docker install documentation contained no information that the proper package name in Debian was docker.io. So yes they are comparable.

[Isofarro]

"Anyone seriously installing a software package using a developer tool without knowing anything other than the package's name is a fool."

That includes the projects that had left-pad as a dependency.