Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Programming Businesses Software

NPM Bans Terminal Ads (zdnet.com) 25

A week after a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans to ban such behavior in the future. From a report: "We are always working on improving our policies and expand on our commitments to the community," Ahmad Nassri, npm, Inc. CTO told ZDNet in an email this week. "To that end, we're making updates to our policies to be more explicit about the type of commercial content we do deem not acceptable." According to these upcoming updates, npm will ban:
1. Packages that display ads at runtime, on installation, or at other stages of the software development lifecycle, such as via npm scripts.
2. Packages with code that can be used to display ads are fine. Packages that themselves display ads are not.
3. Packages that themselves function primarily as ads, with only placeholder or negligible code, data, and other technical content.

This discussion has been archived. No new comments can be posted.

NPM Bans Terminal Ads

Comments Filter:
  • Good riddance (Score:5, Insightful)

    by ssyladin ( 458003 ) on Friday August 30, 2019 @10:50AM (#59141160)

    While I understand the package maintainer's point of view, there are plenty of other mechanisms to bring home the bacon. The most precious thing in the world is time, so wasting mine, especially with ads that I don't care about or aren't relevant to me, peeves me. While this many have been innocuous, it sets a bad precedent. I'm glad NPM stomped on it hard.

    And keep in mind, from a business / "keep a roof over my head" point of view, open source development isn't magical. You still need to provide value and derive benefits from it. If you live in a socialist state and can afford to spend your precious time giving back to the masses - that's totally awesome. Else, sell consulting work to improve the library, subscribe to Paetreon, BountySource, or what have you. Or abandon it. Not all open source projects deserve to keep on chugging.

    • Re: (Score:3, Interesting)

      The ads start out as one line of code.

      Within a span of a few years, they grow very big, flash around and play sounds, and eventually you have an unskippable commercial which prevents you from doing anything until it finished, It also becomes a back door for all kinds of malware.

        It's a good thing NPM squashed this crap before the little pimple faced market weenies even had a chance to scream "Bigger, louder, more EXCITEMENT, and pretty colors and sparkles!" to their superiors.

    • by Merk42 ( 1906718 )

      Else, sell consulting work to improve the library, subscribe to Paetreon, BountySource, or what have you.

      Honest question. Do any of those actually work?

      Or abandon it. Not all open source projects deserve to keep on chugging.

      No, once you create software you are bound to support it for me for free for all eternity because I'm entitled! gimme gimme gimme!

      • No, once you create software you are bound to support it for me for free for all eternity because I'm entitled! gimme gimme gimme!

        Well, or people could grow up and acknowledge that they can't get everything for free.

        OSS: No one wants to pay for the work to be done with their own money, and the people that want to do the work expect to be paid because... they want to do something that people don't want to pay for ???

  • Actually... (Score:5, Insightful)

    by DrYak ( 748999 ) on Friday August 30, 2019 @10:52AM (#59141164) Homepage

    2. Packages with code that can be used to display ads are fine.

    Actually if they could back pedal on this one, and ban webdevs from actually using NPM to buiild website that show ads too,
    I think the world could be a better place.

    (holding by grab strongly on my uBlock browser plugin)

  • Full blown ads

  • by Kethinov ( 636034 ) on Friday August 30, 2019 @11:01AM (#59141192) Homepage Journal

    I have achieved my goal [github.com]. Now I can rest.

  • by mysidia ( 191772 ) on Friday August 30, 2019 @11:19AM (#59141258)

    1. Packages that display ads at runtime, on installation, or at other stages....

    What about packages that don't display Ads, But perform "Other Activities" for commercial benefit of the package author?
    For example: Quietly gathering data about the system that NPM package was installed upon OR
    when library calls are made to APIs and services in that package and reporting that information back
    to the creator of the package.

    I am not talking about "commercial use related to the public purpose of the package" ---
    For example, if you make a NPM that is utilized for consuming Third-Party services
    such as Cloud-based services, then its perfectly reasonable for the NPM package
    to be expected to make calls to the service provider.

    I am talking about NPM packages having code inserted to make messages to 3rd parties
    (such as the author) unrelated to the purpose of the NPM package.

    Or maybe.... The author decides they will make a NPM for consuming an API,
    for example a Captcha-generator, Search engine API, or something like AWS,
    But because the author want to monetize the package --- They will proxy and
    transform all API calls on their own server Which affords the NPM package creator
    an opportunity to log and harvest data from all the users making API calls, OR
    allows their 3rd party server to Insert Ads in the response at a later date; For example,
    the NPM module to help querying Search Engines --- Might eventually start inserting
    Advertisements in the search results - Not necessarily performed by the NPM Package itself,
    but performed by a 3rd party intermediary server working for the benefit of the NPM Package's authors.

    • by nagora ( 177841 )

      Maybe you should read the source code and take those bits out? That's one reason you were given it instead of a binary.

      • by mysidia ( 191772 )

        Now you are suggesting everyone read the source code before installing, but
        if people actually did THAT, then this Advert policy would also be a waste of time.

        Also... Who said there's complete source code in a NPM package?
        Some of the source code might be hidden inside obfuscated JavaScript,
        Bytecodes, or other representations of binary words that get decoded and
        executed at runtime.

        • by nagora ( 177841 )

          Sure, but all you're saying is that you don't trust the software. Don't install software you don't trust.

    • by vux984 ( 928602 )

      If 'other activities fits into the bucket of 'malicious computer code, viruses, worms, rootkits, back doors, or spyware ...

      Then it's already against the Acceptable use policy.

      And I would argue that a library that automatically reflects all usage back to the author qualifies as spyware.

      The author decides they will make a NPM for consuming an API,
      for example a Captcha-generator, Search engine API, or something like AWS,
      But because the author want to monetize the package --- They will proxy and
      transform all API calls on their own server

      So if google were to release an search npm module, in order to make it easier to send search results including their own sponsored search results... that's probably fine.

      Buf i I were to make a google npm search module that rou

  • IMO (Score:2, Insightful)

    Any dev dumb and lazy enough to use a system like NPM deserves what happens to them. Most of the headlines concerning NPM couldn't happen under normal circumstances. The concept itself is flawed.

  • Wait, what?!?!?!?! When I'm using a CLI, I am doing so usually because I value my time. If I had seen one of those ads, it would be the last of them that I saw. I'd be looking for a different way to do what I need to do. Just because a library dev can show ads in their product, doesn't mean they should, especially when it shows the developer does not understand how the product is being used.
  • they test the waters, trying to find new places to stick ads

    they should NOT be left without so much as a slap on the wrist

    if we don't make them fucking PAY for this, then everyone will just continue trying to

    fucking tired of ads. It has gotten to the point that no matter where you look, in real life, on the internet, anywhere, you can't avoid looking at ads.

    it is invasive and abusive.

    if it were in my power i would just ban any and all advertisement. Can't think of the specifics but i would figure it out. No

  • This was a big thing with Visual BASIC in the 1990s. Shareware VBX and, later, OBX controls would show advertisements until they were paid for.

You are always doing something marginal when the boss drops by your desk.

Working...