use-http icon indicating copy to clipboard operation
use-http copied to clipboard

Published 20 hours ago verified publisher icon ava

npm has "use-invariant" pointing to "use-http" — is this malicious?

Open evanrs opened this issue 2 years ago • 2 comments

Issue

The package is intentionally misleading having no overlap with in its name or functionality with what is expected of use-invariant

An invariant is defined as:

a function, quantity, or property which remains unchanged when a specified transformation is applied

It is commonly understood as a validity test against some assertion. With the most well known example being Facebook's own invariant method — and of course its clone on npm "invariant".

It would be fair that someone installing use-invariant to expect a tool that follows this nomenclature.

If this is not name squatting than I believe it is malicious in that it performs work over the network when all convention would imply its a React hook for assertions.

Resolution

Request npm remove the use-invariant package for misleading the community.

evanrs avatar Sep 03 '21 18:09 evanrs

Pinging @alex-cory. This is still an issue: https://www.npmjs.com/package/use-invariant

It's particularly odd because the version of the package under that name is 2 years out-of-date.

ZebulanStanphill avatar Oct 12 '21 22:10 ZebulanStanphill

Not malicious by any means. I was creating a package for this at the time. I still might.

alex-cory avatar Oct 17 '21 23:10 alex-cory