Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sorry, but was there actually a lawsuit in this case? It sounds more like KIK emailed some people at NPM and NPM just said, "OK", then replaced a known module with some other thing.

It's only a matter of time until NPM is socially engineered into replacing a module with something more malicious, if it hasn't already happened.



There was a threat of a lawsuit. npm's lawyers decided that this threat was not frivolous.


How do you know what they thought? It seems just as likely to me that they didn't see much merit in the complaint, but didn't think it was worth fighting since IP law is such a mess in the US that even clearly baseless complaints can drag on and become expensive.


Because npm stated it publicly on Twitter.


Huh, really? That's strange. I just checked both @npmjs and @izs and don't see any comment on the merits of the complaint now.


Further comment: turns out that npm lied about this. So I'm just straight-up wrong.


Thanks for the followup. Hopefully this moves on to better places.


I follow a _lot_ of their employees on twitter, and by now, I don't remember which one had the best tweet about it tbh.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: