news image

Taking down Silicon Valley’s hottest startups can be as easy as 17 lines of code

24 Mar 2016

Angry developer decides to remove one package with exactly 17 lines of code from the npm open source community as a sign of protest to corporate stuck-ups, leaving thousands of startups to crash

The Silicon Valley incubator of startups is known for operating with state of the art JavaScript tooling. Companies like Airbnb, Netflix, Facebook, Product Hunt and many others are using ReactJS and most of them also apply two other leading technologies – Webpack and Babel. As it turns out, in order for Babel-dependent applications to work, a custom code of 17 lines total needs to be in the npm open source platform. If not, well, too bad for all those developers who would be unable to run the command to install their application on any machine.


Azer Koçulu is the JavaScript developer responsible for those 17 lines of code. He uses the npm and frequently uploads his work there for public use, because he believes that open source is a truly free alternative to commercial platforms, providing a great hub for innovation. However, yesterday Azer decided to unpublish all his modules and one particular package, which left thousands of developers weeping for their broken codebases and builds. Why do it? Because npm’s support took ownership of one of his modules without permission, provoking a raging backlash on his part.


Rewinding a little bit, a few weeks back Azer got an email from a patent lawyer requesting that he removes from npm one of his projects, a directory of Open Source JavaScript code which is used by most JavaScript developers. The reason was that the name of his project “kik” was a registered trade mark and the company had rights over the name. Azer of course refused to comply, because he didn’t want to be bossed around by some suits. Ultimately, the lawyer won, convincing npm to transfer ownership of the open source code.


While the removal of “kik” wasn’t a huge deal for other developers, Azer decided to retaliate by deleting all of his work from npm, including one package called left-pad, which happened to have a single file with exactly 17 lines of code. Then the troubles began as one by one the npm users started to experience crashes and build failures. A ton of developers weren’t happy about the situation that had just transpired. They looked toward the open source community and accused npm of being run in an irresponsible way. Crisis though was averted, as only 42 minutes later a GitHub user posted a viable solution. And only a minute after that, the contributors at Babel announced that a new version of Babel had been released as an emergency hotfix, allowing projects to work again.


This event opened a huge debate over which development approach is the right call – open source or commercial platforms. Developers took the discussion on Twitter at #npmgate. Overall, this story is an amazing example of how developers, who don’t know each other and are perfect strangers, united in a remarkably fast time frame to repair the state of their open source community. However, on the other hand, the lesson is that startup companies should take into account the risk of adopting open source development without opting for support.