[ludston]

Different scope. This is definitely how to handle incidents like, "our live production service is currently having issues" because there are critical consequences. e.g. When a system that I have worked on goes down, trucks would literally be parked at the border of different states and countries waiting for clearance.

This is a different magnitude to, "I upgraded my free dependency management tool, and now I have to downgrade it. Please tell me when I can upgrade again."

[pluma]

Npm Inc is a company. Their products are npm enterprise and npm orgs. Both of these are only useful in combination with the npm client. Npm enterprise likely wasn't affected by this (although related problems may have affected npm enterprise users in the past for all we know) but npm orgs were as their repositories are on the same registry.

So this is the equivalent of the official docker CLI having a bug that causes it to break after an update to the official docker hub. Sure, it may mostly affect users that aren't paying customers but it affects users indiscriminately and those users who are paying customers can't use npm the way they were sold on (i.e. using the official client with the official registry).

FWIW it also seems that this bug wasn't triggered because users updated their clients. It was a pre-existing bug in the client that was triggered by the registry behavior changing (but I'm not sure on that because the issue doesn't give many details).