It's to be expected with live includes that something like this would happen -- doing such a thing is a roll of the dice and anyone foolish enough to do so got what was coming to them.

JavaScript is one of the places where you see endless idiotic "frameworks" being used for this type of tripe; and the code snippet provided in that article clearly shows why you'd have to be a dumbass to blindly include something so simple to write, that's SO poorly written!

It's like what I say about jQuery -- for people who know nothing about JavaScript, BY people who know nothing about JavaScript.

I mean that's some real herpaderp for what could simply be: function leftpad(str, len, ch) { str = String(str); return String(!ch && ch !== 0 ? ' ' : ch).repeat(Math.max(len - str.length, 0)) + str; }

In fact it reeks of someone blindly copying a C example to JavaScript without having bothered learning to use JS properly first.

Of course you get into scripttard projects that rely on things like NPM, and the entire blasted thing is typically just blind copypasta of other people's work by those who don't know enough JavaScript to do a blasted thing on their own. It's led to endless JS based projects and codebases that are bloated, insecure, slow train wrecks that just BEG to fall apart the moment something like this happens.

... and then the mouth-breathers who try to support this development technique call writing more code that relies on more code written by others that they don't even understand "easier" -- when really what they are saying is "wah, wah, I don't wanna learn!" like some petulant first grader.

Btw, did you read source of left-pad? For me - people who use such a module (add characters to the left side of string in loop? Is he serious? ) deserve their code ruined. (Of course, Kik messenger people were wrong and npm maintainers ruined trust to their service, but

I must be missing something here. Who develops a product and imports a whole javascript 'library' to left-pad a string ?

What NPM did really provoked lots of developers. On their Privacy Policy page they state:

Acceptable Use - You will not submit any content that is illegal, offensive, or otherwise harmful. You will not submit any content in violation of law, infringing the intellectual property rights of others, violating the privacy or other rights of others, or in violation of any agreement with a third party.

and

You will not violate any applicable law.

This means that if Kik's lawyer did provide a prove that the name Kik is trademarked, NPM had the full right to remove the package.

This is pretty logical - the lawyer strikes high. Imagine NPM involved in a law case. This could lead to a lot of trouble and trust issues for the whole NodeJS ecosystem.

This rises another question - What will NPM's next move be? npm packages like google, yahoo, apple, trello, basecamp, etc. can be found on their registry.

What about express. There is a company named Express, founded in 1980, way back before JavaScript and NodeJS. What if they decide to take the act of removing expressjs, because of its name?

It may never (and probably won't) happen, but the possibility of this happening is somewhat concerning.

Update: @aniforprez clarified in his answer that NPM changed kik's ownership, where I though that npm removed the whole package (reference here). This still leaves the question of why NPM took such a drastic measure.

Instead of arguing about Azer, we should argue about NPM deciding to ignore law infringements.

That is what really happened

• medium.com/@azerbike/i-ve-just-liberated-my-modul…

That is how we can avoid such problems

• medium.com/@Rich_Harris/how-to-not-break-the-inte…

It's not justified, especially for a company who puts npmjs loves you at bottom of their site!! Certainly this is not good for us, people who love Open-Source!