[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

npm has "use-invariant" pointing to "use-http" — is this malicious? #350

Open
evanrs opened this issue Sep 3, 2021 · 2 comments
Open

Comments

@evanrs
Copy link
evanrs commented Sep 3, 2021

Issue

The package is intentionally misleading having no overlap with in its name or functionality with what is expected of use-invariant

An invariant is defined as:

a function, quantity, or property which remains unchanged when a specified transformation is applied

It is commonly understood as a validity test against some assertion. With the most well known example being Facebook's own invariant method — and of course its clone on npm "invariant".

It would be fair that someone installing use-invariant to expect a tool that follows this nomenclature.

If this is not name squatting than I believe it is malicious in that it performs work over the network when all convention would imply its a React hook for assertions.

Resolution

Request npm remove the use-invariant package for misleading the community.

@ZebulanStanphill
Copy link
Contributor

Pinging @alex-cory. This is still an issue: https://www.npmjs.com/package/use-invariant

It's particularly odd because the version of the package under that name is 2 years out-of-date.

@alex-cory
Copy link
Collaborator

Not malicious by any means. I was creating a package for this at the time. I still might.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants