Earlier this week, a messy situation putting open-source software at odds with trademark ownership impaired the functions of thousands of pieces of software, demonstrating the dangers of relying on third-party code for important software. Large companies including Facebook, Netflix, and Spotify were briefly affected.
In this case, the drama surrounded NPM (short for “node package manager”), the default manager for node.js, a runtime environment popular with web developers. NPM is used to install open-source software, collected into packages. In turn, developers can call upon that software, known as dependencies, to perform functions, eliminating the need to code from scratch. If a dependency disappears from NPM , it has the potential to break the software calling upon it, creating a domino effect. NPM is hardly the only system that works like this. The web is basically built upon an interweaving of different systems and software libraries that call upon each other to work together all the time.
For the past couple of weeks, a developer named Azer Koçulu has been in a dispute with messenger service Kik over his use of the name “kik” for one of his packages. Koçulu, an adamant proponent of open-source software, refused to change the name or yield to a corporate interest.