Hacker News new | comments | show | ask | jobs | submit login

Reading some of the comments reminds me old tale about a young man, that every morning on his way to work passed by a beggar and gave him a coin (that was back when coins actually had some value). One morning though the beggar notices the coin is smaller than usual, and he asks:

- Why you gave me a different coin today?

and the young man says:

- I got married and now I'm starting a family, I need more money so I can not give you as much anymore.

And the beggar cries out:

- People, look at this putz, he got married, and now I have to feed his family?!

I think the fact that we get so many awesome things for free is unbelievably lucky. I mean, not only we work in the one of the more generously paid jobs, we also get a lot of the tools we need for free! How cool is that? But some people think that if they are given those awesome things for free, they must deserve it and whoever gives them owes them forever. That's not the case. Yes, it is annoying to find somebody who contributed before does not want to do it anymore. It is mildly inconvenient and it can be improved. But let's not lose the perspective - the author does not owe us or npm continued support. It is sad he does not want to do it anymore, but that's what open source is about - people can take it over, and it happened within a single day. Such resilience is something to be proud of, not something to complain about.




A more accurate story would be: A young man is giving a piece of wood for free to a beggar. Then one day, when the beggar has constructed a house using the wood, the young man asks it back :

- But you gave it to me!

- It was for free, so don't dare you to complain

If it was given with the (maybe implicit) clause that there was no limit of time, I don't see how the thing being free give you the right to take it back, especially from people who have used it to build something. Sure the first act was charitable, but in the end you cause more harm than good.


It's more like the young man telling the beggar that he can come cut the wood from his land for free. Then one day the young man stops letting the beggar cut his wood for free. He's not taking back the wood that's already been cut. The problem is if the beggar wasted the wood he did take, and took for granted the assumption that he would always be able to get more.

Relying on something continuing to exist on the internet, without making your own backups of it, and you're going to have a bad time.


Interesting, but there is also the broken builds issue. 100% agree with your last sentence though.


Your builds are broken because your build process made the false assumption that you could always get another piece of wood. You could have used the first piece of wood you were given for your build over and over, but you chose to essentially toss out the piece of wood every time your build finished.


Despite your username, you're not a douche for pointing this out


It is instructive what kind of mental contortions people use when they think they deserve something (including continued labor) for free.


We agree that nobody deserves support, I was responding to the story regarding the broken builds issue.


> But let's not lose the perspective - the author does not owe us or npm continued support

On the other hand, he wanted his work published in the community registry where they got exposure and were made into dependencies in lots of projects.

When the author offered their modules and then suddenly walked away with them, lots of innocent devs who built their projects with his modules got hurt. He did more bad than good overall, especially that he unpublished hundreds of modules at once without warning, not just one. He should carry some responsibility for that.

The author can publish and unpublish all he wants from his personal site where there are zero expectations that it will continue to exist, but when he's doing it from a public repository where he received a lot of confidence from the community, he should at least make sure his users don't suddenly fall flat. Now people will start wondering if a module with millions of installs in the last month is still going to exist tomorrow.


> Now people will start wondering if a module with millions of installs in the last month is still going to exist tomorrow.

That's a smart thing for people to wonder when there is a very real possibility that it won't. I'm not going to applaud the author's action here, which I consider reckless, but it did bring attention to how fragile this "essential" infrastructure really is.


It's not reasonable to be skeptical of every package. When you do that you get a mess of locally stored packages that end up out of date.

Should really just be a 'publish is forever' mentality


It is absolutely reasonable to be skeptical of every package. You probably shouldn't be on the bleeding edge of packages and likely ought to have locally stored packages.

You of course need to audit and improve your local store, but you need to do that with your dependencies anyway


> When the author offered their modules and then suddenly walked away with them, lots of innocent devs who built their projects with his modules got hurt. He did more bad than good overall, especially that he unpublished hundreds of modules at once without warning, not just one. He should carry some responsibility for that.

Blame NPM. They were the ones shutting down his module and giving it to someone else. That's the first of the crazy parts.


> Now people will start wondering if a module with millions of installs in the last month is still going to exist tomorrow.

That's a good thing. People should be aware of it - and be aware of the fact that all awesomeness of the open source world is maintained by continuous - and often unseen and unpraised - effort of thousands of people. Who are mostly known when something breaks but not much otherwise. It's ok not to think about it every minute, but it's also useful not to forget about it completely - and that we shouldn't take it for granted as it is in no way law of the universe, it is a consequence of continued effort and continued good will.


Doesn't this go both ways, though? NPM developed and maintains the software and servers used to publish and serve this author's packages, bringing the author fame, glory, and as the author is demonstrating, a serious megaphone, all at no cost to the author. If the author doesn't owe NPM anything, NPM shouldn't owe the author anything even for publishing these evidently valuable packages, right?


Taking it a bit further: npm is worthless without useful modules being published. So it stands to reason that module authors should be cautious because the company that runs it clearly won't push back.

I would say that sans a cease and desist, if not a court order, they shouldn't have done anything at all. Certainly shouldn't have turned over the name to them. Better missing and breaking builds then being controlled by someone with completely different intentions.





Applications are open for YC Winter 2018

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: