Why we are registering the npm trademark
About the author
Other popular posts
Update: Being part of a community means listening to it. After hearing the deep concern that has been voiced over our application to register the npm trademark we have decided to withdraw the application from the USPTO. We deeply regret the way that our message came across.
Nodejitsu Founder & CEO, Charlie Robbins, put this in his own thoughts on this into An Open Letter to the Node community.
Trademarks are an important part of open source. They protect the integrity of the trust that is built by any project. A classic example of why this is the case is Firefox. Suppose that a malware producer takes the Firefox codebase, which is free and open source, packages up their malware with it and then releases it as "Firefox". Then they buy search advertising and suddenly their bad and malicious version of Firefox is the first result on search engines across the web. This is clearly a bad thing for Firefox and open source everywhere, but what can Mozilla do to protect their community of users?
They can't enforce a software license since the use is permitted under the Mozilla Public License. They can, however, enforce on these hypothetical bad actors using their trademark on the word "Firefox". This means that the community of users is protected while still providing their code as open source to a (usually separate) community of developers.
The fact is that until last month Nodejitsu has run npm for over three years. We started the trademark process as a follow-up to the work with did with #scalenpm as a protective measure to the community. Nodejitsu was legally first to commercial use for npm so it is well within our right to file for consideration with the USPTO.
The objective of registering this trademark is to protect the community and will only be enforced to prevent possible malware masquerading as npm.
While Isaac created the npm codebase itself, Nodejitsu (and IrisCouch) have been the corporate sponsor of npm since the beginning. It is only natural that we own the trademark as a process of doing business. npm Inc. was formed far after we started this process and we always intended to allow them to use the trademark which we rightfully own. On February 6th, Carr/Ferrell LLP (acting on behalf of npm Inc.) issued the following cease and desist to Nodejitsu.
Further, it has come to our attention that Nodejitsu is using the mark "private npm" and the npm logo, both without npm's permission or consent. We demand that you immediately cease using any of npm's marks or logo and also confirm in your reply letter that you will cease all use.
To which we (partially) complied since we do recognize that we did not commission the current npm logo and have since ceased to use it. We are saddened by these latest developments but reiterate our commitment to Node.js, npm and a desire to work together with all other entities, such as npm Inc, in creating an even better and more vibrant ecosystem. The mistake that we made here was not bringing this to the attention of the community earlier and for that we are very sorry: it will not happen again. We will continue by your side (just as we've done for almost four years). It is the only thing that really matters to us.
Furthermore we are extremely saddened by the continued attacks on CouchDB. Lets make this clear, CouchDB is the technology that got npm to where it is today and many of the blanket statements being made are simply not true. We did and still do love CouchDB. While it's not perfect (what technology is?) we dedicated our time to make it better, through commitments to its core and building a great CouchDB multi-master setup that works. This is a great part of our npm offering, and you can use it at scale if you want. We continue to work with CouchDB to make it even better for npm, and we believe improving CouchDB is something great to do on its own merits.
As for comments on npm being more stable, we recognize that putting any caching layer on top of CouchDB would have done the same without the complexity and drawbacks of the new architecture. We support competition and wish npm Inc. the best, but we wish there had been a more thoughtful approach to the problem and that they had included the broader community in those conversations. We maintain an open doors policy to working with them to make the ecosystem better, and we want to work with them not against them. We welcome the friendly competition, but try our private npm product and we think you'll be convinced.
We count on you to make npm better and will continue to work with the community to drive things forward. Thank you for supporting us and keep being awesome!