Hacker News new | ask | show | jobs
by mjlawson 1623 days ago
Not only does it require more steps, it also has to meet the following criteria[1]:

* no other packages in the npm Public Registry depend on

* had less than 300 downloads over the last week

* has a single owner/maintainer

So while your point is taken that unpublishing is possible under some circumstances, it is not for popular packages that are in use today.

[1] https://docs.npmjs.com/policies/unpublish
1 comments
throw_m239339 1623 days ago
None of these points have any legal standing, from a copyright perspective.

https://news.ycombinator.com/item?id=29868199

link
mjlawson 1623 days ago
You are technically correct. The best kind of correct! In practical terms, it depends on the license used. Since most licenses used in open source will prevent you from making these kind of requests, this consequence isn't likely to have any practical implications.
link
kd5bjo 1623 days ago
You are assuming that the true rights holders of all the code in the package actually agreed to the given license. Someone unrelated to the package development can still claim it includes an illegally-copied, unlicensed version of their code.
link
tomrod 1623 days ago
Despite the need to keep it clear, copyright does not reign supreme.
link
throw_m239339 1623 days ago
> Despite the need to keep it clear, copyright does not reign supreme.

neither do NPM TOS, or whatever Microsoft thinks they are entitled to, since NPM is owned by Microsoft.

link
tomrod 1623 days ago
Which is not what I argued :^)
link