NPM Bans Terminal Ads (zdnet.com) 25
A week after a popular JavaScript library started showing full-blown ads in the npm command-line interface, npm, Inc., the company that runs the npm tool and website, has taken a stance and plans to ban such behavior in the future. From a report: "We are always working on improving our policies and expand on our commitments to the community," Ahmad Nassri, npm, Inc. CTO told ZDNet in an email this week. "To that end, we're making updates to our policies to be more explicit about the type of commercial content we do deem not acceptable." According to these upcoming updates, npm will ban:
1. Packages that display ads at runtime, on installation, or at other stages of the software development lifecycle, such as via npm scripts.
2. Packages with code that can be used to display ads are fine. Packages that themselves display ads are not.
3. Packages that themselves function primarily as ads, with only placeholder or negligible code, data, and other technical content.
1. Packages that display ads at runtime, on installation, or at other stages of the software development lifecycle, such as via npm scripts.
2. Packages with code that can be used to display ads are fine. Packages that themselves display ads are not.
3. Packages that themselves function primarily as ads, with only placeholder or negligible code, data, and other technical content.
Good riddance (Score:5, Insightful)
While I understand the package maintainer's point of view, there are plenty of other mechanisms to bring home the bacon. The most precious thing in the world is time, so wasting mine, especially with ads that I don't care about or aren't relevant to me, peeves me. While this many have been innocuous, it sets a bad precedent. I'm glad NPM stomped on it hard.
And keep in mind, from a business / "keep a roof over my head" point of view, open source development isn't magical. You still need to provide value and derive benefits from it. If you live in a socialist state and can afford to spend your precious time giving back to the masses - that's totally awesome. Else, sell consulting work to improve the library, subscribe to Paetreon, BountySource, or what have you. Or abandon it. Not all open source projects deserve to keep on chugging.
Re: (Score:3, Interesting)
The ads start out as one line of code.
Within a span of a few years, they grow very big, flash around and play sounds, and eventually you have an unskippable commercial which prevents you from doing anything until it finished, It also becomes a back door for all kinds of malware.
It's a good thing NPM squashed this crap before the little pimple faced market weenies even had a chance to scream "Bigger, louder, more EXCITEMENT, and pretty colors and sparkles!" to their superiors.
Re: (Score:1)
"The ads start out as one line of code"
meant
"The ads start out as one line of TEXT"
Re: Good riddance (Score:2)
Then one day, someone embeds full color ANSI graphics Star Wars episodes I-IX into the terminal
Re: (Score:2)
Else, sell consulting work to improve the library, subscribe to Paetreon, BountySource, or what have you.
Honest question. Do any of those actually work?
Or abandon it. Not all open source projects deserve to keep on chugging.
No, once you create software you are bound to support it for me for free for all eternity because I'm entitled! gimme gimme gimme!
Re: (Score:2)
No, once you create software you are bound to support it for me for free for all eternity because I'm entitled! gimme gimme gimme!
Well, or people could grow up and acknowledge that they can't get everything for free.
OSS: No one wants to pay for the work to be done with their own money, and the people that want to do the work expect to be paid because... they want to do something that people don't want to pay for ???
Actually... (Score:5, Insightful)
2. Packages with code that can be used to display ads are fine.
Actually if they could back pedal on this one, and ban webdevs from actually using NPM to buiild website that show ads too,
I think the world could be a better place.
(holding by grab strongly on my uBlock browser plugin)
Re:Too far (Score:5, Interesting)
Please lay off the 'social justice warrior' nonsense. You are the one using SJW lingo with your whining about "shaming". Nobody is shaming anybody, and nobody is being a police force. And if people get all upset, why then, they can use something else. We call this 'the market'.
People, by and large, hate ads - especially in unexpected places. If NPM wants to ban them, that's there prerogative.
Re: (Score:2)
Yeah. The market will solve all our problems, just like it never has before.
Re: (Score:1)
Re: (Score:1)
Instead of being a Stupid Juvenile Whiner complaining about issues no one gives a fuck about you how about you actually DO something:
You are more than free to create a competitor to NPM with ads.
What's that? No one will use it?
Gee, color us shocked. Just because you have zero respect for other people's time and space doesn't imply others don't value it.
We don't want your fucking spam, PERIOD.
Not just HIV (Score:2)
Full blown ads
I have achieved my goal (Score:3)
I have achieved my goal [github.com]. Now I can rest.
I have a followup concern.... (Score:3)
1. Packages that display ads at runtime, on installation, or at other stages....
What about packages that don't display Ads, But perform "Other Activities" for commercial benefit of the package author?
For example: Quietly gathering data about the system that NPM package was installed upon OR
when library calls are made to APIs and services in that package and reporting that information back
to the creator of the package.
I am not talking about "commercial use related to the public purpose of the package" ---
For example, if you make a NPM that is utilized for consuming Third-Party services
such as Cloud-based services, then its perfectly reasonable for the NPM package
to be expected to make calls to the service provider.
I am talking about NPM packages having code inserted to make messages to 3rd parties
(such as the author) unrelated to the purpose of the NPM package.
Or maybe.... The author decides they will make a NPM for consuming an API,
for example a Captcha-generator, Search engine API, or something like AWS,
But because the author want to monetize the package --- They will proxy and
transform all API calls on their own server Which affords the NPM package creator
an opportunity to log and harvest data from all the users making API calls, OR
allows their 3rd party server to Insert Ads in the response at a later date; For example,
the NPM module to help querying Search Engines --- Might eventually start inserting
Advertisements in the search results - Not necessarily performed by the NPM Package itself,
but performed by a 3rd party intermediary server working for the benefit of the NPM Package's authors.
Re: (Score:2)
Maybe you should read the source code and take those bits out? That's one reason you were given it instead of a binary.
Re: (Score:3)
Now you are suggesting everyone read the source code before installing, but
if people actually did THAT, then this Advert policy would also be a waste of time.
Also... Who said there's complete source code in a NPM package?
Some of the source code might be hidden inside obfuscated JavaScript,
Bytecodes, or other representations of binary words that get decoded and
executed at runtime.
Re: (Score:2)
Sure, but all you're saying is that you don't trust the software. Don't install software you don't trust.
Re: (Score:2)
If 'other activities fits into the bucket of 'malicious computer code, viruses, worms, rootkits, back doors, or spyware ...
Then it's already against the Acceptable use policy.
And I would argue that a library that automatically reflects all usage back to the author qualifies as spyware.
The author decides they will make a NPM for consuming an API,
for example a Captcha-generator, Search engine API, or something like AWS,
But because the author want to monetize the package --- They will proxy and
transform all API calls on their own server
So if google were to release an search npm module, in order to make it easier to send search results including their own sponsored search results... that's probably fine.
Buf i I were to make a google npm search module that rou
IMO (Score:2, Insightful)
Any dev dumb and lazy enough to use a system like NPM deserves what happens to them. Most of the headlines concerning NPM couldn't happen under normal circumstances. The concept itself is flawed.
showing full-blown ads in the npm CLI (Score:2)
fuckers always do this (Score:2)
they test the waters, trying to find new places to stick ads
they should NOT be left without so much as a slap on the wrist
if we don't make them fucking PAY for this, then everyone will just continue trying to
fucking tired of ads. It has gotten to the point that no matter where you look, in real life, on the internet, anywhere, you can't avoid looking at ads.
it is invasive and abusive.
if it were in my power i would just ban any and all advertisement. Can't think of the specifics but i would figure it out. No
This was a big thing with Visual BASIC in the 90s (Score:3)
This was a big thing with Visual BASIC in the 1990s. Shareware VBX and, later, OBX controls would show advertisements until they were paid for.