When 17 lines of open-source code disappear from the internet, leaving sites like Facebook, Netflix, and Spotify at risk, a cry for help went up on GitHub and was answered. What was the secret identity of this Dark Knight who saved open source coding? Max Kostow (it’s really not a secret). He’s the developer who fixed #NPMGate within 42 minutes of the first reports of a problem.
The issue arose when a developer named Azer Koçulu removed all his open-source codes from NPM, a database for open-source code, to protest the site’s plan to enforce a trademark claim against one of his projects. Koçulu had been working on a project he was calling Kik, which ultimately drew the attention of the messaging app of the same name. The Kik team reached out to Koçulu, then to NPM directly, leading to a war of words and ultimately Koçulu’s decision to ditch the site.
The Kik program Koulu had been building was not important to anyone, but buried in the archives of his programs was a simple code called “left pad.” Now, left-pad is not a complicated program, but in only 17 lines of code, it does something a lot of developers need — it adds characters to the left side of a string until it reaches a set length. The code had been downloaded over 120,000 times from the site, and at least a few thousand projects were relying on it as a single link in very long chains of code when it disappeared.
In short, Koçulu’s decision to ditch NPM messed with a lot of programs, including major sites like Facebook, Reddit, and Twitter. Behind the scenes, administrators at NPM were debating republishing Koçulu’s code against his wishes, a clear violation of the terms and agreements, but most people agreed the situation was desperate. NPM would ultimately take that step, but only after our hero Max Kostow humbly fixed the problem entirely on his own.
The fix prompted a wave of thanks for the mysterious Max. A few other fixes were made available, but only for people who were running the most updated version of a program called Babel that relied on left-pad. For developers who were using older version of Babel or who called on left-pad more directly, Kostow saved the day.
Now, with the flames of urgency settled, the whole dispute has turned into a geeky blame game on Twitter where people are fighting using #NPMGate. Some people are saying the failure of a single piece of a code in a long line of “dependencies” underscores the problem with open source, while others are arguing the quick fix actually proves that open source works. Nobody is very happy with NPM or trademark protections in general.
So while the internet has returned to its natural state of whining and complaining, our hero stalks the chatrooms and forums of the open-source community, looking for problems to fix. Ready at a moment’s notice to fix any code — plug any dependences. The internet’s batman. Max Kostow.