Officially blocked: npm bans packages from showing ads in your terminal
The backlash from developers against Standard was swift and unfavorable. Both sponsors, Linode and LogRocket, backed out of the program after negative responses from the development community. Standard promptly removed the ads from its library and ceased development of Funding, its terminal advertising platform. Now, npm, Inc, the team behind the npm ecosystem and registry, is moving to officially ban the practice in the future.
npm, Inc updated its official policies about commercial content to restrict ads in packages. Packages can no longer display ads at runtime, installation, or any other part of the software development process. Furthermore, while packages with code that can be used to display ads are acceptable, those packages cannot display ads to the developers using them.
As the registry has grown in size and popularity, its role in the development world and its importance in the software supply chain has come under increasing scrutiny. To allay concerns, npm, Inc is actively working to standardize the packages that are hosted on its public registry. Following the most recent advertising debacle, the npm team is in the process of standardizing CLI post-install scripts, which should formalize rules about donation requests, advertisements, and any other terminal messaging. The npm team has also strengthened its policies around security and package ownership, working to prevent package hijacking and protect libraries that are exceptionally critical to the development ecosystem.
The npm ecosystem has largely been reactive to new and unforeseen threats and changes. As software continues to fragment across reusable libraries and modules, npm will likely be a trailblazer in answering complex ethical quandaries. For now, comprehensive rules around terminal advertising are a positive step.
Want to get more of these in your inbox?
Subscribe for weekly updates from the Software team.