npm · t-dekell · Jul 16, 2021 · Jul 2, 2021 · Jul 2, 2021 · Jul 7, 2021
@@ -45,5 +45,5 @@ npm owner add <their-username> <package-name> --otp=123456
 npm owner rm <your-username> <package-name> --otp=123456
 ```
 
-[dispute-policy]: https://www.npmjs.com/policies/disputes
+[dispute-policy]: /policies/disputes
 [npm-owner]: cli/owner
@@ -5,7 +5,7 @@ import shared from '../../../src/shared.js'
 
 ## How to unpublish
 
-As a package owner or collaborator, if your package has no dependents, you can permanently remove it from the npm registry by using the CLI. You can [unpublish][unpublish-cli] within 72 hours of the initial publish. Beyond 72 hours,so you can still unpublish your package if [it meets certain criteria](https://www.npmjs.com/policies/unpublish).
+As a package owner or collaborator, if your package has no dependents, you can permanently remove it from the npm registry by using the CLI. You can [unpublish][unpublish-cli] within 72 hours of the initial publish. Beyond 72 hours,so you can still unpublish your package if [it meets certain criteria][unpublish].
 
 <Note>
 
@@ -61,9 +61,8 @@ You might want to unpublish a package because you:
 If you are no longer interested in maintaining a package, but want it to remain available for users to install, or if your package has dependents, we'd recommend [deprecating][deprecate-cli] it. To learn about how to deprecate a package, see "[Deprecating and undeprecating packages or package versions][deprecate-package]".
 
 
-[unpublish-cli]: cli/unpublish
 [oh-no]: https://blog.npmjs.org/post/101934969510/oh-no-i-accidentally-published-private-data-to
 [deprecate-cli]: cli/deprecate
 [deprecate-package]: deprecating-and-undeprecating-packages-or-package-versions
-[unpublish-policy]: https://www.npmjs.com/policies/unpublish
 [two-factor-auth]: about-two-factor-authentication
+[unpublish]: /policies/unpublish
@@ -0,0 +1,186 @@
+---
+title: npm Code of Conduct
+---
+npm exists to facilitate sharing code, by making it easy for
+JavaScript module developers to publish and distribute packages.
+
+npm is a piece of technology, but more importantly, it is a community.
+
+We believe that our mission is best served in an environment that is
+friendly, safe, and accepting; free from intimidation or harassment.
+
+Towards this end, certain behaviors and practices will not be
+tolerated.
+
+## tl;dr
+
+* Be respectful.
+* We're here to help
+* Abusive behavior is never tolerated.
+* Data published to npm is hosted at the discretion of the service
+  administrators, and may be removed.
+* Violations of this code may result in swift and permanent expulsion
+  from the npm community.
+
+## Scope
+
+We expect all members of the npm community, including paid and unpaid
+agents, administrators, users, and customers of npm, Inc., to abide by
+this Code of Conduct at all times in all npm community venues, online
+and in person, and in one-on-one communications pertaining to npm
+affairs.
+
+This policy covers the usage of the npm registry, as well as the npm
+website, npm related events, and any other services offered by or on
+behalf of npm, Inc. (collectively, the "Service").  It also applies to
+behavior in the context of the npm Open Source project communities,
+including but not limited to public GitHub repositories, IRC channels,
+social media, mailing lists, and public events.
+
+This Code of Conduct is in addition to, and does not in any way
+nullify or invalidate, any other terms or conditions related to use of
+the Service.
+
+The definitions of various subjective terms such as "discriminatory",
+"hateful", or "confusing" will be decided at the sole discretion of
+the npm abuse team.
+
+## Friendly Harassment-Free Space
+
+We are committed to providing a friendly, safe and welcoming
+environment for all, regardless of gender identity, sexual
+orientation, ability, ethnicity, religion, age, physical
+appearance, body size, race, or similar personal characteristics.
+
+We ask that you please respect that people have differences of opinion
+regarding technical choices, and that every design or implementation
+choice carries a trade-off and numerous costs.  There is seldom a
+single right answer.  A difference of technology preferences is not a
+license to be rude.
+
+Disputes over package rights must be handled respectfully, according
+to the terms described in the [Disputes Policy][disputes].
+There is never a good reason to be rude over package name disputes.
+
+Any spamming, trolling, flaming, baiting, or other attention-stealing
+behavior is not welcome, and will not be tolerated.
+
+Harassing other users of the Service is never tolerated, whether via
+public or private media.
+
+Avoid using offensive or harassing package names, nicknames, or other
+identifiers that might detract from a friendly, safe, and welcoming
+environment for all.
+
+Harassment includes, but is not limited to: harmful or prejudicial
+verbal or written comments related to gender identity, sexual
+orientation, ability, ethnicity, religion, age, physical
+appearance, body size, race, or similar personal characteristics;
+inappropriate use of nudity, sexual images, and/or sexually explicit
+language in public spaces; threats of physical or non-physical harm;
+deliberate intimidation, stalking or following; harassing photography
+or recording; sustained disruption of talks or other events;
+inappropriate physical contact; and unwelcome sexual attention.
+
+## Acceptable Use
+
+The Service administrators reserve the right to make judgment calls
+about what is and isn't appropriate in published packages, package names,
+user and organization names, and other public content. Package that
+violates the npm Service's
+[Acceptable Use][acceptable-use]
+rules including its
+[Acceptable Content][acceptable-content]
+rules will be deleted, at the discretion of npm.
+
+## Reporting Violations of this Code of Conduct
+
+Please select the method of contact you think is most appropriate for
+the form of violation:
+
+* For urgent security issues, please open a ticket at <https://npmjs.com/support>.
+  Requests to un-publish packages are not usually considered urgent security
+  issues, as it is possible to [un-publish a package][unpublish]
+  within 24 hours of its first publish. Any publicly published package
+  is [immediately replicated to thousands of third-party mirrors](http://blog.npmjs.org/post/101934969510/oh-no-i-accidentally-published-private-data-to),
+  so any confidential information contained in a package should be considered 
+  immediately compromised.
+
+* If you believe someone is harassing you or is demonstrating
+  some other form of malicious or inappropriate behavior, open a support
+  ticket at https://npmjs.com/support. If this is the initial report of a problem,
+  please include as much detail as possible. It is easiest for us
+  to address issues when we have more context.
+
+* If you have concerns about a potential copyright violation,
+  please refer to our [Copyright Policy][dmca]
+  and take action as recommended by that policy.
+
+* If you think a package or other content is "squatting" on a name,
+  follow the process described in the
+  [Disputes Policy][disputes].
+
+For any other issues, or if in doubt, [contact support](https://npmjs.com/support).
+
+
+## Consequences
+
+All content published to the Service, including user account
+credentials, is hosted at the sole discretion of the npm
+administrators.
+
+Unacceptable behavior from any community member, including sponsors,
+employees, customers, or others with decision-making authority, will
+not be tolerated.
+
+Anyone asked to stop unacceptable behavior is expected to comply
+immediately.
+
+If a community member engages in unacceptable behavior, the npm
+administrators may take any action they deem appropriate, up to and
+including a temporary ban or permanent expulsion from the community
+without warning (and without refund in the case of a paid event or
+service).
+
+## Addressing Grievances
+
+If you feel you have been falsely or unfairly accused of violating
+this Code of Conduct, you should notify npm, Inc.  We will do our best
+to ensure that your grievance is handled appropriately.
+
+In general, we will choose the course of action that we judge as being
+most in the interest of fostering a safe and friendly community.
+
+## Contact Info
+
+Please open a support ticket at <https://npmjs.com/support> if you need to
+report a problem or address a grievance related to an abuse report.
+
+You are also encouraged to contact us if you are curious about
+something that might be "on the line" between appropriate and
+inappropriate content.  We are happy to provide guidance to help you
+be a successful part of our community.
+
+## Changes
+
+This is a living document and may be updated from time to time.
+Please refer to the [git history for this
+document](https://github.com/npm/documentation/blob/main/content/policies/conduct.mdx)
+to view the changes.
+
+## Credit and License
+
+This Code of Conduct borrows heavily from the Stumptown Syndicate
+[Citizen's Code of Conduct](http://citizencodeofconduct.org/), and the
+[Rust Project Code of
+Conduct](https://www.rust-lang.org/conduct.html).
+
+This document may be reused under a [Creative Commons
+Attribution-ShareAlike
+License](https://creativecommons.org/licenses/by-sa/4.0/).
+
+[disputes]: /policies/disputes
+[acceptable-use]: /policies/open-source-terms#acceptable-use
+[acceptable-content]: /policies/open-source-terms#acceptable-content
+[unpublish]: /policies/unpublish
+[dmca]: /policies/dmca
@@ -0,0 +1,11 @@
+---
+title: Crawler policy
+---
+
+npm's full public dataset is available via the [public registry](https://docs.npmjs.com/misc/registry). Using CouchDB replication, you can get a full copy of all metadata, and it is acceptable within our terms of use to download copies of tarballs for inspection or experimentation.
+
+npm's [website](https://www.npmjs.com) also has package metadata available. We allow this content to be indexed by commercial crawlers such as GoogleBot. At our discretion, we also allow experimental crawlers to access the site, as long as they keep their request velocity to 1 request per second or less. At that velocity, indexing all packages would take 3 days, so if you want a full copy of our metadata it is always going to be faster to access the data via replication, which takes only an hour or two to provide full data and will thereafter automatically stay in sync.
+
+If you do not wish to install CouchDB to manage replication, we provide [open source software](https://github.com/npm/concurrent-couch-follower) that makes it easy to sync to the registry's public feed.
+
+If you attempt to access package metadata by high-velocity crawling of the npm website, we reserve the right to rate-limit or ban your IP, user-agent or both.
@@ -0,0 +1,159 @@
+---
+title: Dispute Resolution
+---
+
+This document describes the steps that you should take to resolve module
+name disputes with other npm publishers.  It also describes special steps
+you should take about names you think [infringe your trademarks](#trademarks).
+
+This document is additive to the guidelines in the
+[npm Code of Conduct][conduct] and
+[npm Open-Source terms][open-source-terms].
+Nothing in this document should be interpreted to contradict any aspect
+of the npm Code of Conduct or Open-Source Terms.
+
+## tl;dr
+
+1. Open a support ticket at <https://npmjs.com/support>
+1. Explain why you require a package, org, or username transferred
+1. Support will address your request. Please note submitting a report does not 
+   guarantee the transfer of a package, org, or username.
+
+## When to use this process
+
+This process is an excellent way to:
+
+* Adopt a package created from your project, published by someone else
+* Report a deliberately misleading or confusing package name
+
+This process does not apply if the package violates our
+[Terms of Use][open-source-terms],
+in particular our
+[Acceptable Use][acceptable-use]
+and [Acceptable Content][acceptable-content]
+rules, or our [Code of Conduct][conduct].
+Those documents refer to this one to resolve cases of "squatting"; see
+below.
+
+If you see bad behavior or content you believe is unacceptable, refer to
+the Code of Conduct for guidelines on
+[reporting violations][violations].
+**You are never expected to resolve abusive behavior on your own.**
+**We are here to help.**
+
+## When not to use this process
+
+We are not currently accepting dispute requests to "adopt an abandoned 
+package" or "Report Squatting" as we re-evaluate and update the overall
+dispute process.
+
+## Beginning the process
+
+### Packages
+
+To dispute a package called `foo`, follow these steps:
+
+1. Open a support ticket at <https://npmjs.com/support>, indicating that
+   you would like to start the process to request ownership of the `foo`
+   package. Please explain the why you believe the package should be transferred.
+   You will get an automated reply from npm support to your email address.
+1. Support will address your request. Please note submitting a report does not 
+   guarantee the transfer of a package.
+
+### Organizations
+
+To dispute an organization name, follow these steps:
+
+1. Open a support ticket at <https://npmjs.com/support>, indicating that
+   you dispute an organization name.  Include the name of the organization,
+   e.g. `@foo`.  Please explain the why you believe the Organizations should
+   be transferred. You will get an automated reply from npm support to your
+   email address.
+1. Support will address your request. Please note submitting a report does not 
+   guarantee the transfer of an organization.
+
+### User names
+
+To dispute a user name, follow these steps:
+
+1. Open a support ticket at <https://npmjs.com/support>, indicating that
+   you dispute a user name.  Include the name of the user account,
+   e.g. `@foo`. Please explain why you believe the Username should be 
+   transferred. You will get an automated reply from npm support to your
+   email address.
+1. Support will address your request. Please note submitting a report does not 
+   guarantee the transfer of a user name.
+
+## Trademarks
+
+If you think another npm publisher is infringing your trademark, such
+as by using a confusingly similar package, org, or user account name,
+open a support ticket at <https://npmjs.com/support> with a link to
+the package, org, or user account page on <https://npmjs.com>. Attach
+a copy of your trademark registration certificate.
+
+If we see that the user, org, or package publisher is intentionally
+misleading others by misusing your registered mark without permission,
+we will transfer the account, org, or package name to you.  Otherwise, we
+will contact the relevant user and ask them to clear up any confusion with
+changes to their user account page, or page, or package `README` file.
+
+Use of npm's own trademarks is covered by our Trademark Policy at
+<https://docs.npmjs.com/trademark>.
+
+## Changes
+
+This is a living document and may be updated from time to time.
+Please refer to the [git history for this
+document](https://github.com/npm/documentation/blob/main/content/policies/disputes.mdx)
+to view the changes.
+
+## Definitions
+
+### Squatting
+
+It is against npm's
+[Terms of Use][acceptable-content]
+to publish a package, register a user name or an organization name
+simply for the purposes of reserving it for future use.
+
+We do not pro-actively scan the registry for squatted packages, so
+the fact that a name is in use does not mean we consider it valid.
+The standards for what we consider squatting depend on what is being
+squatted:
+
+#### Packages
+
+Package names are considered squatted if the package has no genuine
+function.
+
+#### Organizations
+
+Organization names are considered squatted if there are no packages
+published within a reasonable time. If an organization is a paid
+organization, it may have private packages that are invisible to
+third parties. For privacy reasons, we cannot reveal whether or not
+an organization has private packages, so a paid organization will
+never be considered squatted.
+
+#### User names
+
+We are extremely unlikely to transfer control of a user name, as it
+is totally valid to be an npm user and never publish any packages:
+for instance, you might be part of an organization or need read-only
+access to private packages.
+
+## License
+
+Copyright (C) npm, Inc., All rights reserved
+
+This document may be reused under a [Creative Commons
+Attribution-ShareAlike
+License](https://creativecommons.org/licenses/by-sa/4.0/).
+
+[conduct]: /policies/conduct
+[open-source-terms]: /policies/open-source-terms
+[acceptable-use]: /policies/open-source-terms#acceptable-use
+[acceptable-content]: /policies/open-source-terms#acceptable-content
+[violations]: /policies/conduct#reporting-violations-of-this-code-of-conduct
+[trademark]: /policies/trademark