npm install everything

Evan Boehs and friends set up an experiment to install everything from npm and quickly ran into problems of an unexpected kind when trying to execute it.

Just a few hours after our last package hit the site, the first issue was filed. It acutely explained that we had rendered them incapable of removing their own package, which formerly had zero dependents. We instantly halted our celebrations, and tried to get to the root of the problem.

Ultimately, they ended up being thrown out of npm and GitHub, despite acting in good faith and proactively trying to solve the issues along the way.

GitHub has responded to Laura’s article, saying that the packages have been removed because “We found the project to be in violation of GitHub’s Acceptable Use Policies”, despite never naming a single rule we broke that didn’t involve blatantly false information. They have not, to this day, responded to or even acknowledged our numerous futile attempts to contact them.

A thing I learned from reading this story, is that npm apparently is owned by GitHub – who in turn is owned by Microsoft. I find having such a big part of the infrastructure for most of the web (and open source in general) under the control of Microsoft a bit worrying.

Via @fatrat