Soon after, a new issue, titled "npmjs.org tells me that left-pad is not available (404 page)," was opened on a little-known GitHub repository: azer/left-pad. Dozens of developers quickly piled into the issue, and within minutes they'd identified the issue: azer had "unpublished" his "left-pad" code from npm.
The most essential tool in their workflow wouldn't work
All Azer Koçulu had to do was push the first domino. And, in the words of GitHub user laurelnaiad (who has received 63 party hats, 27 thumbs up, 4 smiles, 3 thumbs down, and 3 hearts for her comment):
"This kind of just broke the internet."
What's an npm?
Npm allows developers to easily import blobs of code into their project. Like, if I want to left-pad something, I can just type
npm install left-pad
into the command line, and now I can left-pad to my heart's content.
Talk about Babel
According to Babel's own website, Babel is used basically everywhere: Facebook, Netflix, PayPal, Yahoo, Spotify, Reddit, Slack, LinkedIn, GoDaddy, Squarespace... it's very popular.
With left-pad gone, Babel can’t be installed
I’m not even sure what Babel uses the line-numbers function for, but that’s not really important. What’s important is that the Babel package has declared the line-numbers package as a "dependency," which has declared left-pad as a dependency. With left-pad gone, Babel can’t be installed.
So when this little 11-line package broke Babel, and Babel kind of broke everything, people noticed.
The author of left-pad
He also inconspicuously owned the name "Kik," for a more elaborate open source project he was building to help developers start new projects simply and easily from the command line.
And that's where all this drama began. You can read Azer's side of the story here. Basically, the messaging app company called Kik contacted Azer through a lawyer (Kik says it was actually a patent agent), telling him to remove his Kik package from npm. He refused, and the company proceeded to contact npm, which complied with the request and transferred ownership of the "Kik" package name. While npm is an open source project, it's primarily developed and maintained by a private company: npm, Inc.
Azer writes on Medium (emphasis his):
This situation made me realize that NPM is someone’s private land where corporate is more powerful than the people, and I do open source because, Power To The People.
Azer's response was to unpublish (or, "liberate") all his modules from npm.
"Slow down and fix your shit."
Ironically, Kik's own software-build process was impacted by the unpublishing of left-pad, which Kik's Head of Messenger, Mike Roberts, explained the following day in his own Medium post. Mike attempted to give the Kik side of the story, and published the entire email chain between Azer, Kik, and npm. Mike calls it a "polite request" to get the Kik name on npm in order to publish an open source project Kik has been working on, but the emails he published do threaten lawyers.
Npm has also published its own blog post on the fiasco. It stands by its decision to transfer the Kik name, since its name dispute policy prioritizes predictability for users. It's also looking into ways to make it harder to unpublish a package if it will break other packages. The comments on npm’s post aren’t favorable, however. Most developers seem to feel Azer was thrown under the bus, and many of them are already talking about finding an npm alternative.