8 years have passed since the the left-pad incident happened. It's been good for me to avoid this subject for focusing on actual work. Also, silence is gold. On the other hand, left-pad is seen as a notable event mentioned in books, so I'll share more info and thoughts about what exactly happened.
In most of 2016, I spent almost every weekend camping in remote areas without any signal. If you're curious how I felt when making the decision to unpublish; it was a choice made during self-reflection in nature, driven by my heart; not logic, not anger, nor greed.
And it came from a simple principle: if NPM breaks its own rules to remove one of my packages, they should remove all of them.
Not that I'm an inflexible "rules" person — quite the opposite. The spirit behind the rules matter more than the rules themselves to me. In a different context, we could be asking NPM to take down a package without owner's permission for a "good" reason. However, in this situation, a company like Kik Messenger was just posturing and exercising power over the open source community NPM was built on, sending threats such as "we'll bang on your door" and "take down your accounts". This is the context in which NPM went against the rules they wrote themselves, to serve something they deemed "higher" than the soul of their company and the community.
Many people oversimplify this event, framing it as "an angry man protested corporate interests". This narrative shows us three things; first, they didn't look at the dates of the emails. They don't understand the timeline. Second, they can't relate to standing your ground in a high pressure situation involving threats. And third, they didn't read Al-Ghazali, don't quite understand how decisions move through people in different states of consciousness.
There was nothing sudden or unexpected for NPM. I asked NPM to remove my modules, waited their response. I didn't set any deadline; NPM had the opportunity to adjust their APIs and tooling to make this transition smooth. Interestingly, they chose to provide me a script that removes all my packages at once. On the NPM side, I observed general condescending attitude towards developers; I think this is what led NPM to make series of poor decisions and didn't take ownership of the results.
Most of my open source work followed Unix philosophy, so the packages did one thing at a time. There was 350+ of them. They were all optimized and well tested. In the surface, they didn't look popular at all. NPM didn't show usage stats, and there was almost no activity on Github for 90% of them. It was impossible to know the impact of unpublishing packages for me as a regular user.
After running the script NPM gave me, I remember leaving my desk for a few minutes. At the time, I was working for Jelly in the beautiful Presidio building of Lucasfilm. Within 10 minutes, my friend Gabe told me that I'm on Twitter for some reason. One of the 350+ packages broke React, and so many other projects. I wrote a quick blog post and gave away all my open source work, transferred ownership of Github repos to volunteers. Within hours, the modules were restored and things was back to normal.
8 Years Later
Several months after the left-pad incident, I quit my job and left US permanently, spent a year in Morocco, Jordan, Türkiye and Indonesia. I walked trails like Lycian Way, found new camping spots nobody knows about.
Left-pad was like a "death" and "re-birth" moment. The part of me that cared deeply about open-source was gone, and something new took its place. Now, I'm just as passionate about building and running companies as I am about programming.
Life goes on.
Thanks for reading.
