As a person who has made NodeJS production code, I couldn't just close my eyes on the topic. Unfortunately, reading countless blog posts, tweets, news articles, etc. made me disappointed, not on the npm, kik or the person who unpublished the NPM package, but on the developer community. It is a juicy topic how 8-lines of code can "break the Internet", but come on, as a community we can spend our time better than doing left-pad.io.
Instead of giving constructive criticism people spent time on mocking and making joke sites. You don't hear real professionals mocking other people's work (whether it is building npm, particular package or dependency to a package). Silent curse and then you do one of following: a) nothing, b) help people who are having an issue or c) contribute to preventing similar situations (maybe in a different ecosystem).
I highly recommend to read the whole post, but here are few quotes on the matter:
When Nadia asked from Karl Fogel, who’s been in open source since at least the 1990s, who was right on the matter: kik (trademark holder), Azer (package author) or npm:
Azer can’t ‘take down’ open source code. It’s open source.
Open source is about emphasizing community over self.
We don’t have the right language to express when “my” indicates possession versus association. When we say: “that’s my bike” or “those are my shoes”, we mean that we own them. We have the final say in decisions about our bike. But when we say “that’s my father” or “my sister”, what we mean is we are associated with them. We obviously don’t possess them.
In open source, you can only have “my” in the associative sense. There is no possessive “my” in open source.
This whole NPM-gate episode was a good reminder to check policies of other repositories.
That's all folks, stay positive!