This week, one angry programmer broke a whole mess of the software the Internet runs on with the simple deletion of one simple program consisting of eleven lines of code.

Everything is okay now. But it's a strange case that involves copyright lawyers, a petulant developer, and a behind-the-scenes look into how tech titans like Facebook, Spotify, and Netflix make the sausage.

Koçulu


The other Kik

Koçulu an e-mail requesting he change the name of his module. By Koçulu's own admission in a blog post , Kik's initial request was reasonable. Still, Koçulu wouldn't budge.

It all starts with a developer named Azer Koçulu, who wrote an otherwise unremarkable piece of code called "Kik," an extension for the popular programming language Node.js.put his Kik module up on NPM , essentially an App Store for Node.js programmers, as a free download for developers to work into their apps at their leisure.Kik, the popular social network of the same name, took notice and sent

"When I started coding Kik, didn't know there is a company with same name. And I didn't want to let a company force me to change the name of it," Koçulu writes.

Given that Kik did have copyright on its side, Koçulu says that NPM CEO Isaac Schlueter took away his ownership of the module in question without asking.


Upset, Koçulu announced in that blog entry that he was removing his Kik from NPM entirely- as well as all of his other code.

It's likely that nobody would have noticed - except that Koçulu is also the person who created a very silly, very basic, but very popular NPM module called "npm left-pad." It's eleven lines long and doesn't actually do anything complicated but it's been downloaded over 575,000 times.


And when it vanished, developers on Reddit, Twitter, and elsewhere definitely took notice.

A house of cards

This is where things get sticky.

A module like "npm left-pad" is basically a shortcut so a developer doesn't have to write a whole bunch of basic code from scratch. If a developer calls on an NPM module, it's basically shorthand for "put this code in later," and a software compiler will just download the code when the time is right.


Most of the time, this works just fine. But sometimes, software ends up relying on what's essentially a house of cards: One Node.js module calls on another, calls on another, calls on another. Again, usually it works fine - right up until "npm left-pad" is taken offline.

Boom, down went the house of cards. Popular software projects like Babel, which helps Facebook, Netflix, and Spotify, run code faster, and React , which helps developers build better interfaces, were suddenly broken and no more work could be done with them. Overall, over a thousand software projects were affected, reports The Register


Fixing the problem would require that programmers sift through all of those dependencies, making sure that absolutely nothing relied on that one silly eleven-line bit of code.

And so, after a mass outcry from developers all over the world, NPM was forced to "un-un-publish" the code in question, handing it over to a new owner.

In a series of Twitter posts, NPM CTO Laurie Voss explains that the company wasn't totally comfortable handing over what's still Koçulu's intellectual property, but much of the software industry had ground to a halt over the issue.


Even within npm we're not unanimous that this was the right call, but I cannot see hundreds of builds failing every second and not fix it. - Laurie Voss (@seldo) March 22, 2016


All told, the storm is over, and "npm left-pad" is back online. But the wounds are still deeply felt: "Have We Forgotten How To Program," asks one blog entry urging developers to rethink how they build their apps.NPM did not immediately respond to a request for comment.