The only part of the story that I’m pissed at is NPM corporation restoring content on their server that they didn’t own and published it to millions for profit.
Koçulu removed left pad. It was his code.
Can you imagine the lawsuits if when Disney pulled the license for Avengers on Netflix, Netflix responded with:
“Millions of customers got errors that Marvel Avengers is missing. So we put Avengers back on our servers.”
Eh, I’d say any language that offers a package repository is just as susceptible. I’m neither pro- nor anti- dependency, but I do always try to keep them to an absolute minimum regardless of what environment I’m working in. Sometimes it makes sense to not reinvent the wheel.
Yes, but other languages have exponentially fewer packages that install when you add something, making the attack vector smaller and easier to monitor.
The best way to fix this is for library authors to avoid installing as many sub-dependencies as possible (is-odd, being an obvious example). But that’s a fundamental culture problem.
TL;DR: A patent and trademark agent and NPM bullied an Open Source Dev, so the Dev deleted his code from NPM as is his right. The internet broke. NPM restored the code against the dev’s wishes. Corpos win…as always.
They don’t teach about Configuration Management in web-dev bootcamp
Ha! Bullshit like configuration management, memory management, optimizing compilers, all obsolete technology! We don’t need that anymore with modern web browsers now that every single computer ever is connected to the Internet, and now that we have AI to write code for us!!! JavaScript is the one true language!
“Bullied”? I mean, the open source app the trademarker wanted to replace wasn’t popular either, and I don’t see how the heck “kik” could be related to something for creating templates. Neither do I see it for messaging, but that is a trademark.
In this case, we believe that most users who would come across a kik package, would reasonably expect it to be related to kik.com.
Not in my book. They asked him if he would rename his package, he replied sorry but I'm building a project with this name, and they replied that they were going to send lawyers to do takedowns if he would release his project. This would also rub me the wrong way. Also, the dev was already working on the package before the kik company ever came to NPM. Why would he have to give up on the name for his project?
For United States trademarks, not necessarily. You don’t have to enforce the trademark to keep it; you just have to renew it on time.
The problem with not enforcing the trademark is that it opens the term up to genericization (for example, referring to all types of tissues as Kleenex). Genericization will cause a company to lose the trademark.
I don’t think kik was worried about that. It’s more likely they were bullying the guy into giving up the package name.
I’m not sure you are right. There seem to be an awful lot of lawyers phrasing it less clearly.
Trademarks require constant vigilance. The moment you let your guard down, there’s a chance that someone else might swoop in and use your trademark without permission. This unauthorized usage could lead to confusion among customers and weaken the association between the trademark and the company it represents. Therefore, defending your trademark should be a top priority.
It’s been a few years since I dug through trademark law trying to find an answer to this question, but from my understanding, as long as the trademark isn’t abandoned, doesn’t become genericized, and is renewed, it doesn’t have to be strictly enforced through litigation.
You only really need to enforce your trademark when there’s a chance of it causing confusion about whether goods produced by some other party are actually produced by the trademark holder (which is the scenario your quote is talking about). Take “Apple,” for example. I can’t sell any software or electronics with the name “Apple” on it without infringing on Apple, Inc.'s trademark, but I can sell “Farmer Tim’s Golden Delicious Apples” without issue. If Apple tried to enforce their trademark on a box of apples, they wouldn’t be successful. If they tried to enforce their trademark on Tim Apple’s iJuicer Pro, they probably would succeed.
Anyway, I think a lot of the confusion about this comes from trademark law being oversimplified into the phrase “use it or lose it.” That’s strictly true when it comes to actually using the trademark, but it’s not actually a requirement to liberally enforce it.
That might be true regardless of copyright law :)
A sad truth. You don’t need to win when you can bury your opposition in legal costs (or threats of).
Thanks for your reply. I’m inclined to believe you, as it seems more likely that this was a case of corporate bullshit and not a case of “alas, our hands are tied”.
I’m sure it violates other professional conduct rules, but at the very least, intentionally misleading a client or omitting information would likely be considered a lack of competence.
A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation.
The dev could claim something like "prior art", or whatever the alternative is for software. Suppose I trademark the name "is-odd" for a company, should NPM now hand me the "is-odd" package name? This would surely break the internet in the same way is an this case.
But see, that’s the thing. Trademark isn’t formally granted or applied for. It has to be for an established thing that has common name recognition like kleenex or band-aid. The purpose behind this is to give legal recourse for someone to defend their brand. In order to trademark ‘is-odd’, you would have to be able to show that people (society in your country really) use is-odd to refer to a class of thing you do/make/own. You could argue that Twitter as a trademark still belongs to the ass who runs the company (by extension) because everyone insists on calling it Twitter. The expression of Twitter now has no bearing on where the trademark lies, if it exists in the first place. That would be copyright.
Now, I agree that the system is dumb, but npm should also have infrastructure in place to enable renaming so that if a case comes about where a package is renamed, that doesn’t break the internet.
Like NPM said, I'd expect a package named kbin to be about kbin.social, not e.g. some random recycling app. The company wants to open source their stuff. That's great! And then, kik a bit selfishly doesn't want some package with only 1 star and 3 watches to confuse the 5 people who would want to look at the source code. NPM doesn't conflate versions between different packages formerly published under the same name, so virtually no harm done to existing users. People who want Kik's code would get to find Kik, and people would still be able to use the renamed project. I don't see a reason for the dev to hold on to their Kik name when it would do a slight bit of harm.
Though, maybe that's not how it turned out. NPM later took over Kik's package again as a security holding to this day, and whatever you think, it's not a good reaction to unpublish all your popular packages, causing massive code breakage around the world and Facebook going up in flames, prompting the world to reevaluate dependency chains and the world's dependency on JavaScript- that sounds kinda nice, actually, so maybe I'm glad this happened.
I get that, but suppose you start a package on NPM named "bronk". Sometime later someone starts a company with that name. Should you just be forced to give up your package name, just because people suddenly associate the name with the company?
Let’s call the number variable just x, you then have literal math (Euclidean division) if you ignore === instead of = for equals.
<span style="color:#323232;">x % 2 === 0
</span>
This can’t get better or more native than “just math”. This is the whole code you need to detect if a number is even. I wouldn’t even call it “code”.
If you remove whitespaces and ignore the type you end up with x%2==0 which is 6 characters long and a fully valid if clause. No magic involved, no abstraction, no weird function calls on integers …
I see that in modern JS this type of coding is a trend, but you can’t tell me you want to replace 6 characters with an own module or a package. :)
No, I want that in the std lib. Yes, it would just call x % 2 == 0 underneath. But the advantage is readability. I’m in principle aware that x % 2 == 0 is true when the number is even, but I need it seldomly enough that I do still need to think about it for a second before I know for sure. I don’t need to think about x.is_even(). And the readability is what I want natively, i.e. in the std lib.
It being in the std lib would also sidestep your concerns about security or the function call having unknown side effects.
I mean, does any language implement is_odd() natively? Doesn’t everyone implement modulus and pretty much assumes that you remember modulus from elementary and can infer that even numbers are those where x % 2 == 0.
People using this deserve that their code breaks. Absolutely ridiculous.
Neither this, nor the leftpad thing, nor this is-even “package” are things I would even think about for a second before just writing it on my own. I wouldn’t even consider those features (let alone packages to depend my code on!) but basic programming.
Add comment