from Hacker News

The owner of several 1 letter NPM packages

by program on 1/16/17, 12:10 AM with 32 comments

• by BinaryIdiot on 1/16/17, 12:45 AM

  Unlike domain names where people actually pay for them, I think package repositories like npm should punish squatting like GitHub.

  For example I contacted GitHub because I wanted an organization name for a company I'm registering in 2017. Their support looked at the organization, which had zero public or private repositories, told me they went beyond a time period of zero activity in which their name could be reclaimed by someone else and I got it (and no they didn't tell me the time period, it was just a vague statement regarding it).

  NPM should look at these and if they've been empty for X amount of time, remove them. Now the problem is controlling new squatters so they may need to offer a more complex solution when a name returns to the pool but I think it needs to be done (I know names don't typically return to be re-used in NPM but if they're removing them for squatting I think they should).

• by mneil on 1/16/17, 12:14 AM

  This account is clearly squatting. Not only do they hold several one letter package names but also many other names that are generic. The majority of them have nothing more than a package.json

• by lhnz on 1/16/17, 12:57 AM

  https://www.npmjs.com/package/D

    Stats
  
      64,840 downloads in the last day
      1,360,036 downloads in the last week
      4,980,362 downloads in the last month
  

  Why is this package so popular?

  Shouldn't NPM be able to determine the difference between packages that are in use and package squatting?

• by mod on 1/16/17, 12:43 AM

  Sure, guy looks like a jerk, but these are terrible package names, I'm glad no libraries I use have these names.

  Google searches would be so bad.