npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

`npm publish` censors common words ... without any published, discussed policy

I’m trying to publish the humblebundle-download module/script. From google-research, I believe that the word “download” is being caught by your spam filters.

npm publish produces 400 Bad Request - ... That word is not allowed.

It was suggested that I contact support, to get an exemption from the filter. I’ve sent an email to, but this seems to be your preferred method of contact these days. So, I’m resending the request on the forum.

Tap, tap, tap … is anyone home?
No response either via email or here for 4 days.

For interest, what command did you run and what was the error message?

This previous report included the support email in the error message:

As in the title: npm publish returned 400 Bad Request - ... That word is not allowed.

The error did include the support email, to which I sent an email about a week ago. I got an automated reply almost immediately, and then no further response for the last week, including here…

NPM support has now replied and says they’ll fix the problem … unfortunately, it’s been several days after the last “it’ll be fixed tonight” message without further communication or response to further emails.

Hopefully, this will be resolved soon. :crossed_fingers:

So, after two weeks, I’ve gotten a denial citing vague security concerns about the word “download” despite having dozens of packages containing the word “download” already available on npmjs.

It took a lot of days to compose a “yeah no” because of “you know… security stuff”. And, given the actual lack of reason, I’ve asked them to reconsider.

I’m quite disappointed in the lack of any real help or discussion about this…

I’m hoping other repositories come on line in the near future. :crossed_fingers:

Final answer today… “no” with no actual reason or policy given. Although there are hundreds of packages with the word “download” in the name, “for security reasons” npm will no longer allow that word to be used, with “no more exceptions”, starting, well, now, we guess.


What a bureaucratic mess this company has become… alternate tooling and repository efforts can come to fruition fast enough.