admin icon indicating copy to clipboard operation
admin copied to clipboard

Published 20 hours ago verified publisher icon nodejs

Update npm account to "Node.js" rather than "Node.js Foundation"

Open bnb opened this issue 4 years ago • 10 comments
trafficstars

It seems our npm account is called "Node.js Foundation". It'd be preferable if we renamed this to "Node.js" since there is no such thing as the "Node.js Foundation" :)

https://www.npmjs.com/~nodejs-foundation

bnb avatar Aug 16 '21 17:08 bnb

@bnb can you confirm that it is an option in npm to change the name of an existing account and that it will have no unwanted side effects ?

mhdawson avatar Aug 27 '21 19:08 mhdawson

I assume all links to that URL will be broken and user-scoped modules will break (change to the new name) but outside of that I'm not sure. I've never seen anyone ever complain about it so I can only assume it's mostly ok :)

bnb avatar Oct 20 '21 21:10 bnb

I think people almost never change it either tho, so I'm not sure an absence of noise is itself a signal.

Changing your github username breaks the world, so i wouldn't be surprised if changing this one caused problems too. It might be simpler to make a new npm account (or better, org) with the proper name, and then migrate to that.

ljharb avatar Oct 20 '21 21:10 ljharb

FWIW spoke a bit with a hubber who's worked on the registry in the past and they also pointed out that the packages are immutable and would still exist, they just wouldn't get updates if new versions were published under that scope. It's conceptually similar to forking. I also don't think we have any modules under that scope so it doesn't matter.

I legitimately can't think of any problems here other than getting whoever has access to log in to the correct account. I'd also be fine with @ljharb's proposal, though it'd be a pain to go through and generate new keys everywhere.

bnb avatar Oct 20 '21 21:10 bnb

generate new keys everywhere.

What keys?

The user account was added as a backup and is basically not used in day-to-day work.

mhdawson avatar Oct 21 '21 17:10 mhdawson

I think creating a new account, and transitioning over makes sense. That also means that anybody can do that, along with working to get the password shared though a mechanism other than the build repo which has also been suggested.

mhdawson avatar Oct 21 '21 17:10 mhdawson

What keys?

The user account was added as a backup and is basically not used in day-to-day work.

Ah, I assumed somewhere there was an automated account.

That also means that anybody can do that, along with working to get the password shared though a mechanism other than the build repo which has also been suggested.

Happy to help facilitate this through 1Password if that's helpful

bnb avatar Nov 03 '21 18:11 bnb

@bnb sounds good. I think you could create a new npm account with the right name, have the credentials shared through 1password and then we can ask the teams publishing packages to add that new account as another collaborator in npm.

We should enable 2FA on that new account.

mhdawson avatar Nov 04 '21 13:11 mhdawson

I think you could create a new npm account with the right name, have the credentials shared through 1password and then we can ask the teams publishing packages to add that new account as another collaborator in npm.

I'd be happy to do this, but not sure if that's what you were suggesting :P

We should enable 2FA on that new account.

Agree, the OTP configuration can be stored in/used from 1Password.

bnb avatar Nov 04 '21 14:11 bnb

I'd be happy to do this, but not sure if that's what you were suggesting :P

That was what I was suggesting.

mhdawson avatar Nov 05 '21 13:11 mhdawson