This document describes the steps that you should take to resolve naming disputes with other npm publishers. It also describes special steps you should take about names you think infringe your trademarks.
This document is additive to the guidelines in the npm Code of Conduct and npm Open-Source terms. Nothing in this document should be interpreted to contradict any aspect of the npm Code of Conduct or Open-Source Terms.
This process is an excellent way to:
This process does not apply if the package violates our Terms of Use, in particular our Acceptable Use and Acceptable Content rules, or our Code of Conduct. Those documents refer to this one to resolve cases of "squatting"; see below.
If you see bad behavior or content you believe is unacceptable, refer to the Code of Conduct for guidelines on reporting violations. You are never expected to resolve abusive behavior on your own. We are here to help.
This process is not available for dispute requests due to lack of activity related to a specific name.
Please also note there are cases where a party may have claim to a specific name, but giving that name to the requesting party would pose a supply-chain risk to the npm ecosystem. In such cases, requests may be denied independent of the validity of the claim.
To dispute a package called foo, follow these steps:
foo
package. Please explain the why you believe the package should be transferred.
You will get an automated reply from npm support to your email address.To dispute an organization name, follow these steps:
@foo. Please explain the why you believe the Organizations should
be transferred. You will get an automated reply from npm support to your
email address.To dispute a user name, follow these steps:
@foo. Please explain why you believe the Username should be
transferred. You will get an automated reply from npm support to your
email address.If you think another npm publisher is infringing your trademark, such as by using a confusingly similar package, org, or user account name, open a support ticket at https://npmjs.com/support with a link to the package, org, or user account page on https://npmjs.com. Attach a copy of your trademark registration certificate.
If we see that the user, org, or package publisher is intentionally
misleading others by misusing your registered mark without permission,
we will transfer the account, org, or package name to you. Otherwise, we
will contact the relevant user and ask them to clear up any confusion with
changes to their user account page, or page, or package README file.
Use of npm's own trademarks is covered by our Trademark Policy at https://docs.npmjs.com/trademark.
This is a living document and may be updated from time to time. Please refer to the git history for this document to view the changes.
It is against npm's Terms of Use to publish a package, register a user name or an organization name simply for the purposes of reserving it for future use.
We do not pro-actively scan the registry for squatted packages, so the fact that a name is in use does not mean we consider it valid. The standards for what we consider squatting depend on what is being squatted:
Package names are considered squatted if the package has no genuine function.
Organization names are considered squatted if there are no packages published within a reasonable time. If an organization is a paid organization, it may have private packages that are invisible to third parties. For privacy reasons, we cannot reveal whether or not an organization has private packages, so a paid organization will never be considered squatted.
We are extremely unlikely to transfer control of a user name, as it is totally valid to be an npm user and never publish any packages: for instance, you might be part of an organization or need read-only access to private packages.
Copyright (C) npm, Inc., All rights reserved
This document may be reused under a Creative Commons Attribution-ShareAlike License.