Skip to searchSkip to content
npm
Nodejs.cn 旗下网站

隐私问答

See Details目录

本声明描述了 npm 公司(简称 npm)如何收集和使用你的数据。

¥This notice describes how npm, Inc., or npm for short, collects and uses data about you.

什么是最重要的?

¥What's most important?

这取决于你的个人情况,因此你应该继续阅读并自行决定。但至少,每个 npm 用户都应该理解:

¥That depends on your personal situation, which is why you should read on and decide for yourself. But at a minimum, absolutely every npm user should understand:

npm 公共注册中心旨在让每个人都能在线使用软件。

¥The npm public registry is for making software available to everyone online.

但:软件源于人,也体现了我们自身的价值。

¥But: Software comes from people, and says something about us.

因此:请仔细考虑要发布哪些软件包、在这些软件包中放入哪些数据以及其他人可能如何处理这些数据。

¥So: Think carefully about what packages to publish, what data you put in those packages, and what others might do with that data.

当你创建账户时,某些联系信息会公开显示在 npm 平台中。当你上传软件包时,你的名称和联系信息可能会与该软件包相关联。

¥When you create an account, certain contact information is displayed publicly in the npm platform. And when you upload a package, your name and contact information may become associated with that package.

如果你遇到问题,提交支持工单

¥If you find yourself in a jam, open a support ticket.

npm 如何收集我的数据?

¥How does npm collect data about me?

npm 收集你的数据:

¥npm collects data about you:

  • 使用 npm 命令npx 命令 或其他程序访问 npm 公共注册表npm 托管的企业注册中心私有包 时(例如发布软件包时),以及用于账户和权限管理等功能的 API 时

    ¥when you use the npm command, the npx command or another program to access the npm public registry, Enterprise registries that npm hosts, private packages, such as when you're publishing a software package, and APIs for functionality like account and permissions management

  • 浏览 npm 网站时,npmjs.com

    ¥when you browse the npm website, npmjs.com

  • 使用 npm 命令或网站创建 npm 账户、更新账户以及注册 npm 服务时

    ¥when you use either the npm command or the website to create an npm account, update your account, and sign up for npm services

  • 向 npm 发送支持、隐私、法律和其他请求时

    ¥when you send support, privacy, legal, and other requests to npm

  • 与现有和潜在客户合作并进行调研时

    ¥when working with and researching current and potential customers

在研究潜在客户时,npm 员工有时会搜索公共万维网或付费商业数据库。否则,npm 不会从数据经纪人或其他私有服务购买或接收有关你的数据。

¥When researching potential customers, npm staff sometimes search the public World Wide Web or paid business databases. Otherwise, npm doesn't buy or receive data about you from data brokers or other private services.

如果你或其他人上传的软件包中包含你的数据,npm 可能会无意中收集你的数据。

¥npm may inadvertently collect data about you if it is included in software packages that you or others upload.

npm 收集我的哪些数据?为什么收集?

¥What data does npm collect about me, and why?

npm 收集你如何使用 npm 软件和注册表的数据

¥npm collects data about how you use npm software and registries

当你使用 npm 命令、npx 命令或其他软件与 npm 公共注册表、npm 托管的企业注册表或私有软件包配合使用时,npm 会记录可能识别你身份的数据:

¥When you use the npm command, the npx command, or other software to work with the npm public registry, an Enterprise registry that npm hosts, or private packages, npm logs data that might be identified to you:

  • 每次运行类似 npm install 的命令时,都会生成一个名为 npm-session 的随机唯一标识符

    ¥a random, unique identifier, called npm-session, for each time you run commands like npm install

  • 来自 npm 公共仓库 但不包括其他依赖,例如 Git 依赖 的项目依赖的名称和版本、它们的依赖等等

    ¥the names and versions of your project's dependencies, their dependencies, and so on, that come from the npm public registry, but not of other dependencies, like Git dependencies

  • 你使用的 Node.js、npm 命令和操作系统的版本

    ¥the versions of Node.js, the npm command, and the operating system you are using

  • npm-in-ci 标头,显示命令是否在持续集成服务器上运行

    ¥an npm-in-ci header, showing whether the command was run on a continuous integration server

  • 你运行 npm install 的软件包的范围(作为 npm-scope 标头)

    ¥the scope of the package for which you ran npm install, as an npm-scope header

  • referrer 标头显示你运行的命令,其中所有文件或目录路径均已删除

    ¥a referrer header that shows the command you ran, with any file or directory paths redacted

  • 有关你用于访问注册表的软件的数据,例如 User-Agent 字符串

    ¥data about the software you're using to access the registry, such as the User-Agent string

  • 网络请求数据,例如日期和时间、你的 IP 地址和 URL

    ¥network request data, such as the date and time, your IP address, and the URL

npm 使用这些数据来:

¥npm uses this data to:

  • 满足你的要求,例如寄送你要求的包。

    ¥fulfill your requests, such as by sending the packages you ask for

  • 当你运行 npm installnpm audit 时,向你发送可能影响你正在构建的软件的安全漏洞警报

    ¥send you alerts about security vulnerabilities that may affect the software you're building, when you run npm install or npm audit

  • 保持注册表快速可靠地运行

    ¥keep registries working quickly and reliably

  • 调试和开发 npm 命令及其他软件

    ¥debug and develop the npm command and other software

  • 保护注册中心免受滥用和技术攻击

    ¥defend registries from abuse and technical attacks

  • 编译关于包使用情况和流行度的统计数据

    ¥compile statistics on package usage and popularity

  • 准备开发者社区趋势报告

    ¥prepare reports on trends in the developer community

  • 改进网站的搜索结果。

    ¥improve search results on the website

  • 推荐可能与你的工作相关的软件包

    ¥recommend packages that may be relevant to your work

npm 收集你如何使用网站的数据

¥npm collects data about how you use the website

当你访问 www.npmjs.comdocs.npmjs.com 和其他 npm 网站时,npm 会使用 Cookie、服务器日志和其他方法来收集有关你访问的页面和时间的数据。npm 还会收集有关你使用的软件和计算机的技术信息,例如:

¥When you visit www.npmjs.com, docs.npmjs.com, and other npm websites, npm uses cookies, server logs, and other methods to collect data about what pages you visit, and when. npm also collects technical information about the software and computer you use, such as:

  • 你的 IP 地址

    ¥your IP address

  • 你的首选语言

    ¥your preferred language

  • 你使用的 Web 浏览器软件

    ¥the web browser software you use

  • 你使用的计算机类型

    ¥the kind of computer you use

  • 推荐你的网站

    ¥the website that referred you

npm 使用有关你如何使用网站的数据来:

¥npm uses data about how you use the website to:

  • 优化网站,使其快速易用

    ¥optimize the website, so that it's quick and easy to use

  • 诊断和调试技术错误

    ¥diagnose and debug technical errors

  • 保护网站免受滥用和技术攻击

    ¥defend the website from abuse and technical attacks

  • 编译关于包流行度的统计数据

    ¥compile statistics on package popularity

  • 编译关于访问者使用的软件和计算机类型的统计数据

    ¥compile statistics on the kinds of software and computers visitors use

  • 编译关于访问者搜索和需求的统计数据,以指导新网站页面的开发和功能

    ¥compile statistics on visitor searches and needs, to guide development of new website pages and functionality

  • 决定就产品公告、服务变更和新功能联系谁

    ¥decide who to contact about about product announcements, service changes, and new features

npm 收集账户数据

¥npm collects account data

npm 服务的许多功能都需要 npm 账户。例如,你必须拥有 npm 账户才能将软件包发布到 npm 公共注册表。

¥Many features of npm services require an npm account. For example, you must have an npm account to publish packages to the npm public registry.

要创建 npm 账户,npm 需要一个有效的电子邮件地址和一个可用的用户名。npm 使用这些数据为你提供功能访问权限,并在 npm 服务中公开和在 npm 内部识别你的身份。

¥To create an npm account, npm requires a working email address and an available user name. npm uses this data to provide you access to features and identify you across npm services, publicly and within npm.

你无需提供你的个人名称或法定名称即可创建 npm 账户。你可以使用假名。你也可以开设多个账户。

¥You do not have to give your personal or legal name to create an npm account. You can use a pseudonym instead. You can also open more than one account.

如果你注册账户,npm 将在用户页面 像这样 上发布账户数据,供全世界查看。npm 还会通过 npm 公共注册表发布账户数据,该注册表可供所有人查看,以及 npm 托管的企业注册表,其他人可以使用 npm owner ls tap 等命令查找。

¥If you sign up for an account, then npm will publish account data for the whole world to see on user pages like this one. npm also publishes account data through the npm public registry, which is available for everyone to see, and Enterprise registries that npm hosts for others to find with commands like npm owner ls tap.

如果你通过网站在社交媒体(例如 GitHubTwitter)上向 npm 提供个人名称,例如将其添加到你的个人资料或用户页面中,npm 会将该数据以及账户的电子邮件地址和用户名发布。你无需向 npm 提供个人名称或任何社交媒体名称,并且你可以随时通过更新你的用户页面来删除这些数据。

¥If you give npm a personal name or names on social media like GitHub and Twitter through the website, like when you include this on your profile or user page, npm publishes that data along with the email address and user name for the account. You don't have to give npm a personal name or any social media names, and you can remove this data at any time by updating your user page.

npm 使用你的电子邮件来:

¥npm uses your email to:

  • 使用你的账户发布的软件包时通知你

    ¥notify you about packages published using your account

  • 重置你的密码并帮助维护你的账户安全

    ¥reset your password and help keep your account secure

  • 为你发布的包添加元数据

    ¥add metadata to packages that you publish

  • 在与你的账户或软件包相关的特殊情况下与你联系

    ¥contact you in special circumstances related to your account or packages

  • 就支持请求与你联系

    ¥contact you about support requests

  • 就法律请求与你联系,例如 DMCA 删除请求和隐私投诉

    ¥contact you about legal requests, like DMCA takedown requests and privacy complaints

  • 宣布新的 npm 产品、服务变更和功能

    ¥announce new npm product offerings, service changes, and features

  • 向你发送有关如何更好地使用免费和付费服务的提示

    ¥send you tips about how to better use free and paid services

  • 向你发送你可能需要的付费服务的消息

    ¥send you messages about paid services you might want

npm 收集软件包数据

¥npm collects package data

当你使用 npm publish 或其他软件将软件包发布到 npm 公共注册表、npm 托管的企业注册表或作为私有软件包发布时,npm 会收集软件包的内容以及 metadata,包括你的账户数据。其他 npm 用户也可能发布包含你的数据的软件包,例如你为软件包贡献了代码的事实。

¥When you use npm publish or other software to publish packages to the npm public registry, an Enterprise registry that npm hosts, or as a private package, npm collects the contents of the package, plus metadata, including your account data. Other npm users may also publish packages that include data about you, such as the fact that you contributed code to a package.

npm 使用软件包中的数据将这些软件包提供给你和其他请求者:

¥npm uses data in packages to provide those packages to you and others who request them:

  • 当你将软件包发布到 npm 公共注册表或将软件包从私有更改为公共时,npm 会将软件包和元数据在线提供给所有人。

    ¥When you publish a package to the npm public registry, or change a package from private to public, npm makes the package and metadata available to everyone, online.

  • 当你将软件包发布到 npm 托管的企业注册表或作为私有软件包发布时,npm 会根据注册表或私有软件包账户的配置方式,将所有这些数据提供给其他用户。你可以配置谁可以访问软件包,或者这可能由其他人决定,例如你公司的企业注册表管理员。

    ¥When you publish a package to an Enterprise registry that npm hosts, or as a private package, npm makes all of that data available to other users according to how the registry or the private packages account is configured. You may be able to configure who can access the package, or that may be up to others, such as the administrator of your company's Enterprise registry.

将软件包数据提供给其他人,允许他们下载、构建和依赖你的工作。

¥Making package data available to others allows them to download, build on, and depend on your work.

npm 收集支付卡数据

¥npm collects payment card data

要注册付费服务,npm 需要你的支付卡数据。npm 本身不会收集或存储足够的信息来向你的银行卡扣款。相反,Stripe 代表 npm 收集这些数据,并向 npm 提供安全令牌,允许 npm 创建费用和订阅。

¥To sign up for paid services, npm requires your payment card data. npm itself does not collect or store enough information to charge your card itself. Rather, Stripe collects that data on npm's behalf, and gives npm security tokens that allow npm to create charges and subscriptions.

npm 仅使用你的支付卡数据来收取 npm 服务费用。

¥npm uses your payment card data only to charge for npm services.

npm 指示 Stripe 仅在你使用付费 npm 服务期间存储你的支付卡数据。

¥npm instructs Stripe to store your payment card data only as long as you use paid npm services.

npm 收集通信数据

¥npm collects data about correspondence

当你发送 npm 支持请求、法律投诉、隐私咨询和业务咨询时,npm 会收集你的数据。这些数据通常包括你的名称和电子邮件地址,也可能包括你的公司或其他附属机构。

¥npm collects data about you when you send npm support requests, legal complaints, privacy inquiries, and business inquiries. Those data usually include your name and email address, and may include your company or other affiliation.

npm 使用联系数据来:

¥npm uses contact data to:

  • 回复你

    ¥respond to you

  • 编译关于对应关系的汇总统计数据

    ¥compile aggregate statistics about correspondence

  • 培训支持人员和其他 npm 人员

    ¥train support staff and other npm personnel

  • 审查响应的 npm 人员的表现

    ¥review the performance of npm personnel who respond

  • 保护 npm 免受法律索赔

    ¥defend npm from legal claims

npm 收集有关 npm.community 使用情况的数据

¥npm collects data about use of npm.community

npm 收集 npm.community(npm 产品和服务用户的讨论论坛)上的访问数据、用户账户和论坛数据。npm 使用来自 npm.community 的数据与开发社区合作,并为有关命令行接口和其他软件的开发决策提供信息。

¥npm collects data about visits, user accounts, and forum data on npm.community, the discussion forum for users of npm products and services. npm uses data from npm.community to collaborate with the development community, and to inform development decisions about the command-line interface and other software.

npm 会与他人共享我的数据吗?

¥Does npm share data about me with others?

npm 以 在关于账户数据的部分中提到 的名义与他人共享账户数据。

¥npm shares account data with others as mentioned in the section about account data.

npm 以 在关于软件包数据的部分中提到 的名义与他人共享软件包数据。

¥npm shares package data with others as mentioned in the section about package data.

npm 发布你提交给 npm.community 的帖子和其他内容。

¥npm publishes posts and other content you submit to npm.community.

npm 不会将你的信息出售给他人。但是,npm 使用其他公司提供的服务来提供 npm 服务。npm 使用的服务提供商类型包括:

¥npm does not sell information about you to others. However, npm uses services provided by other companies to provide npm services. The types of service providers that npm uses include:

  • 使我们能够在网站上提供功能(例如显示你的头像)的公司

    ¥Companies that enable us to offer features on our website, such as to display your avatar

  • 促进内容高效分发的公司

    ¥Companies that facilitate the efficient distribution of content

  • 托管我们论坛的云计算平台和服务

    ¥Cloud computing platforms and services that host our discussion forums

  • 协助检测垃圾邮件、诈骗、滥用他人或其他违反我们 服务条款 规定的行为的服务

    ¥Services that assist with the detection of spam, scams, abuse others, or other violations of our terms of service

  • 付款处理商

    ¥Payment processors

  • 帮助我们接收、管理和响应支持请求的平台

    ¥Platforms to help us receive, manage, and respond to support requests

  • 内部沟通平台

    ¥Platforms for internal communication

npm 使用 Cookie

¥npm uses cookies

npm 网站仅使用在提供、优化和保护网站安全方面绝对必要的 Cookie。例如,我们使用它们来保持你的登录状态、记住你的偏好设置、出于安全目的验证你的设备、分析你对服务的使用情况、编制统计报告以及为 npm 的未来开发提供信息。本网站使用内部 Cookie 进行分析,而非任何第三方分析或服务提供商。

¥npm's website only uses cookies strictly necessary to provide, optimize and secure the website. For example, we use them to keep you logged in, remember your preferences, authenticate your device for security purposes, analyze your use of the service, compile statistical reports, and provide information for future development of npm. The website uses internal cookies for analytics purposes, not any third-party analytics or service providers.

使用本网站,即表示你同意我们可以在你的计算机或设备上放置这些类型的 Cookie。如果你禁用浏览器或设备接受这些 Cookie 的功能,你将无法登录或使用网站。

¥By using the website, you agree that we can place these types of cookies on your computer or device. If you disable your browser or device’s ability to accept these cookies, you will not be able to log in or use the website.

如何选择数据收集方式?

¥How can I make choices about data collection?

你可以选择 npm publish 命令在软件包数据中包含哪些数据。你可以在软件包中使用 .npmignore 文件,以将特定文件排除在软件包之外。除了标准文件(如 README 文件、LICENSE 文件和 package.json)之外,你还可以使用 package.json 文件中的文件列表 指示 npm 仅包含你指定的特定文件。

¥You choose what data the npm publish command includes in package data. You can use an .npmignore file in your package to keep specific files out of the package. You can also use a files list in package.json files to instruct npm to include only specific files that you name, in addition to standard files like README files, LICENSE files, and package.json.

要仔细检查你将在计划发布的软件包中共享的数据,请运行 npm publish --dry-run 命令。如果你正在运行旧版本的 npm 命令,请运行 npm pack 命令创建 tarball,然后检查其内容,例如使用 tar tvzf $tarball

¥To double check the data that you will share in a package that you plan to publish, run the npm publish --dry-run command. If you are running an older version of the npm command, run the npm pack command to create a tarball, then check its contents, such as with tar tvzf $tarball.

要将软件包发布到 npm 公共注册表,npm 的服务条款要求你执行 授权 npm 共享。如果软件包公开,则所有在线用户都可以看到。但是,你的 为你的软件包选择公共许可证 可能会影响其他人对你软件包中有关你的数据的处理。

¥To publish a package to the npm public registry, npm's terms of service require you to license npm to share it. If a package is made public, it is available for everyone online to see. However, your choice of public license for your package may affect what others can do with data about you in your package.

npm 不会回应 不跟踪 HTTP 标头

¥npm does not respond to the Do Not Track HTTP header.

npm 将我的数据保存在哪里?

¥Where does npm keep data about me?

npm 将账户数据、网站使用数据、注册表使用数据以及私有软件包存储在位于美国的服务器上。通过内容分发网络在全球范围内获取这些软件包的元数据。

¥npm stores account data, data about website use, data about registry use, and private packages on servers in the United States of America. metadata about those packages worldwide, via content delivery networks.

npm 将发布到 npm 托管的企业注册表的软件包数据及其元数据存储在客户选择的云计算区域中。

¥npm stores package data published to Enterprise registries that npm hosts, plus metadata about them, in cloud computing zones of customers' choosing.

使用 npm 平台,即表示你同意我们按照本节所述收集和存储你的数据。

¥By using the npm platform, you consent to the collection and storage of your data as outlined in this section.

npm 如何根据《欧盟通用数据保护条例》处理数据?

¥How does npm handle data under the EU General Data Protection Regulation?

npm 尊重欧盟《通用数据保护条例》(GDPR)法规 (EU) 2016/679 规定的隐私权。npm 基于以下法律依据处理 "个人数据":(1) 经你同意;(2) 为履行我们提供服务的协议所必需;并且 (3) 在提供服务的合法利益需要的情况下,这些利益不会凌驾于你与数据隐私相关的基本权利和自由之上。我们收集的信息可能会被传输到美国或我们或我们的关联公司或分包商维护设施的任何其他国家/地区,并在这些国家/地区存储和处理,如上所述。

¥npm respects privacy rights under Regulation (EU) 2016/679, the European Union's General Data Protection Regulation (GDPR). npm processes "Personal Data" on the following legal bases: (1) with your consent; (2) as necessary to perform our agreement to provide our services; and (3) as necessary for our legitimate interests in providing our services where those interests do not override your fundamental rights and freedom related to data privacy. Information we collect may be transferred to, and stored and processed in, the United States or any other country in which we or our affiliates or subcontractors maintain facilities, as described above.

如果你居住在欧洲经济区 (EEA)、瑞士或英国,你享有以下权利:

¥If you reside in the EEA, Switzerland, or United Kingdom, you are entitled to certain rights, like the right to:

  • 向相关监管机构投诉我们的数据收集或处理行为。你可以在 此处 上找到数据保护机构列表。

    ¥complain about our data collection or processing actions with the supervisor authority concerned. You can find a list of data protection authorities here.

  • 访问你的相关信息。

    ¥access to information held about you.

  • 要求我们更正或修改我们掌握的关于你的不准确或不完整信息。

    ¥ask us to correct or amend inaccurate or incomplete information we have about you.

  • 要求我们在某些情况下删除数据,例如 (1) 当数据对于收集目的不再必要时,(2) 你撤回同意且不存在其他处理的法律依据,或 (3) 你认为你的基本数据隐私和保护权利高于我们继续处理的合法利益。

    ¥ask us to erase data that under certain circumstances, like (1) when it is no longer necessary for the purpose for which it was collected, (2) you withdraw consent and no other legal basis for processing exists, or (3) you believe your fundamental rights to data privacy and protection outweigh our legitimate interest in continuing the processing.

  • 如果我们基于合法利益或执行公共利益任务处理你的数据,请限制我们的处理,因为行使官方权力(包括分析);使用你的数据进行直接营销(包括分析);或出于科学或历史研究和统计目的处理你的数据。

    ¥request that we restrict our processing if we are processing your data based on legitimate interests or the performance of a task in the public interest as an exercise of official authority (including profiling); using your data for direct marketing (including profiling); or processing your data for purposes of scientific or historical research and statistics.

当你行使你的权利时,npm 可能需要验证你的身份并向我们提供信息,然后我们才能访问包含你的信息的记录。如果你想行使你的权利,请联系 npm by 提交支持工单。我们可能根据法律有理由不必遵从你的请求,或者可能以比你预期更有限的方式遵从你的请求。如果我们确实发布了威胁你隐私的软件包,我们会在回复中向你解释。

¥When you exercise your rights, npm may need to verify your identity and provide us with information before we access records containing your information. If you want to exercise your rights, please contact npm by opening a support ticket. We may have a reason under the law why we do not have to comply with your request or may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.

npm 如何根据《加州消费者隐私法案》处理数据?

¥How does npm handle data under the California Consumer Privacy Act?

npm 尊重加州居民根据 加州消费者隐私法案(CCPA)享有的权利。我们收集受 CCPA 约束的信息时,我们收集的信息以及你的权利如下所述。

¥npm respects the rights of California residents under the California Consumer Privacy Act (CCPA). Where we collect information that is subject to the CCPA, that information we collect and your rights are described below.

我们收集的个人信息类别:

¥Categories of personal information we collect:

  • 个人标识符:

    ¥Personal Identifiers:

    • 创建账户时请提供名称和电子邮件地址。你还将被要求创建一个用户名,我们将为你的个人资料分配一个或多个唯一标识符。我们使用这些信息来提供服务、响应你的请求并向你发送信息。

      ¥Name and email address when you create an account. You will also be asked to create a username and we will assign one or more unique identifiers to your profile. We use this information to provide our services, respond to your requests, and send information to you.

    • 如果你通过社交媒体向我们提供或与我们的服务(例如我们的帮助台)互动,我们也会收集你的社交媒体账号和基本账户信息。

      ¥We also collect your social media handle and basic account information if you provide it to us or interact with our services, such as our help desk, through social media.

    • 我们通过我们的服务提供商 Stripe 收集你的付款信息,如上所述。

      ¥We collect your payment information through our service provider, Stripe, as described above.

  • 互联网或其他电子网络活动信息:设备标识符,例如 IP 地址和用户代理;Cookie 中分配的唯一 ID(如下所述);关于你如何到达并浏览我们服务的信息。

    ¥Internet or Other Electronic Network Activity Information: device identifiers such as IP address and user agent; the assigned unique IDs in cookies (as described below); information about how you arrived at and navigated through our Services.

  • 地理位置数据:我们不会收集你的具体经纬度。但是,我们会收集不精确的位置信息(例如,你的 IP 地址)。

    ¥Geolocation Data: We do not collect your specific longitude and latitude. However, we do collect imprecise location (e.g., your IP address).

  • 专业或就业相关信息:如果你向我们申请工作,请提供你的工作背景信息。

    ¥Professional or employment-related information: If you apply for employment with us, information about your employment history.

  • 教育信息:如果你向我们申请工作,请提供你的教育背景信息。

    ¥Education information: If you apply for employment with us, information about your educational history.

我们可能会收集你上传到我们网站的软件包中包含的任何其他有关你的信息,如上文第 "npm 收集软件包数据" 节所述。我们还会收集你与我们之间的通信内容,例如,当你通过网页表单向我们提交问题或在社交媒体上向我们发表评论时。

¥We may collect any other information about you contained in software packages uploaded to our site, as described above under the "npm collects package data" section. We also collect the contents of your communications with us, e.g., when you submit a question to us through a web form or comments to us on social media.

我们可能会披露上述任何类别的个人信息,并将其用于上述目的或与收集个人信息的环境相符的其他业务或运营目的。我们披露的个人信息包括向我们的 "服务提供商" 披露,这些公司是我们出于商业目的聘请的代表我们开展活动的公司。我们与之共享信息的服务提供商类别及其提供的服务如下所述。

¥We may disclose any of the categories of personal information listed above and use them for the above-listed purposes or for other business or operational purposes compatible with the context in which the personal information was collected. Our disclosures of personal information include disclosures to our "service providers," which are companies that we engage for business purposes to conduct activities on our behalf. The categories of service providers with whom we share information and the services they provide are described below.

CCPA 下的权利:

¥Rights under CCPA:

  • 访问/知情权:你有权要求访问我们收集的关于你的个人信息,以及有关该个人信息来源、我们收集信息的目的以及我们与之共享信息的第三方和服务提供商的信息。

    ¥Access/Right to Know: You have the right to request access to personal information we collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers with whom we share it.

  • 删除:你有权要求我们删除从你那里收集的数据。请注意,我们可能有理由拒绝你的删除请求,或者以比你预期更有限的方式删除数据,例如,由于法律义务保留数据。

    ¥Deletion: You have the right to request that we erase data we have collected from you. Please note that we may have a reason to deny your deletion request or delete data in a more limited way than you anticipated, e.g., because of a legal obligation to retain it.

要行使上述权利,你可以 提交支持工单。当我们处理你的请求时,我们必须通过以下方式验证你的身份:(1) 要求你提供个人身份信息,以便我们能够与我们之前收集到的你的信息进行匹配;并且 (2) 使用请求中提供的电子邮件地址确认你的请求。

¥To exercise your rights above, you can open a support ticket. When we process your request, we must verify your identity by asking you to (1) provide personal identifiers that we can match against information we may have collected from you previously; and (2) confirm your request using the email stated in the request.

选择退出销售:

¥Opt-out of sale:

加州居民有权要求我们停止收集他们的个人信息。个人信息的 "sale" 定义广泛:"企业以口头、书面、电子或其他方式向其他企业或第三方出售、出租、发布、披露、传播、提供、转让或以其他方式传达消费者的个人信息,以获取金钱或其他有价值的报酬。" 根据 CCPA 的定义,我们不会出售你的信息。

¥California residents have the right to request that we stop "selling" their personal information. A "sale" of personal information is defined broadly: "selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer's personal information by the business to another business or a third party for monetary or other valuable consideration." We do not sell your information as defined by the CCPA.

请注意,你的选择退出权利不适用于我们与服务提供商共享个人信息的情况。服务提供商是我们委托的代表我们执行某项功能的机构,并且根据合同义务,他们仅将个人信息用于该功能。

¥Please note that your right to opt out does not apply to our sharing of personal information with service providers, who are parties we engage to perform a function on our behalf and are contractually obligated to use the Personal Information only for that function.

我们还可能根据法律要求或为了保护我们公司或其他人,向此处未列出的其他实体披露信息,如我们的隐私政策中所述。

¥We may also disclose information to other entities who are not listed here when required by law or to protect our Company or other persons, as described in our Privacy Policy.

如何查看我的公开数据?

¥How can I see what data is publicly available about me?

你可以随时通过访问 www.npmjs.com 上的账户页面来访问你的账户数据。你的账户页面还列出了你账户或其他账户下发布的所有软件包。

¥You can access your account data at any time by visiting your account page on www.npmjs.com. Your account page also lists all the packages published under your account or other accounts.

你可以通过下载软件包来访问软件包数据,只要它们是公开的或你有访问权限即可。

¥You can access package data by downloading the packages, as long as they're public or you have permission to access them.

你可以通过运行 npm info $package 或访问相应的 注册表 API 来查看软件包的元数据。注册表 API 以标准 JSON 格式提供元数据,并以 tarballs 格式提供软件包。

¥You can see metadata about packages by running npm info $package, or by accessing the appropriate registry's API. Registry APIs provide metadata in standard JSON format, and packages as tarballs.

如何更改我的数据?

¥How can I change data about me?

你可以随时通过访问 www.npmjs.com 上的账户设置页面来更改你的个人账户数据和支付卡数据。你可以通过 联系支持 更改企业版的账户和付款数据。

¥You can change your personal account data and payment card data at any time by visiting your account settings page on www.npmjs.com. You can change account and payment data for Enterprise by contacting support.

你可以随时通过发送电子邮件至 联系支持 关闭你的 npm 账户。关闭你的账户将从公共注册表中删除该配置文件,但不会自动删除你账户下发布的软件包。即使你关闭账户,我们仍可能在内部保留你的部分数据。

¥You can close your npm account at any time by e-mailing contacting support. Closing your account removes the profile from the public registry but does not automatically erase packages published under your account. We may retain some data about you internally even where you close your account.

npm 的 取消发布政策 决定了何时可以从 npm 公共注册表中删除软件包。取消发布政策在发布和托管软件包的目的、他人对已公开内容的依赖以及个人权利和自由之间取得了微妙的平衡。

¥npm's unpublish policy determines when you can erase packages from the npm public registry. The unpublish policy strikes a difficult balance between the purpose of publishing and hosting packages, others' reliance on what has been made public, and individual rights and freedoms.

如果其他用户在软件包中或以其他方式不当发布了你的个人数据,提交支持工单

¥If another user improperly publishes personal data about you, in a package or otherwise, open a support ticket.

请注意,虽然 npm 发布已删除已发布数据的通知 规定了删除数据,但 npm 无法要求所有下载过已发布软件包数据或账户数据的用户都代表你删除这些数据。选择公共许可证(例如开源软件许可证)可能会鼓励并允许无限期地存储、分发和使用软件包数据。几乎所有流行的开源软件许可证实际上都要求保留表明软件所有权的个人数据(例如版权声明),这是软件许可的条件。

¥Please note that while npm publishes notices about published data that's been erased, npm can't make everyone who has downloaded published package data or account data erase that data on your behalf. Choosing a public license, such as an open source software license, may encourage and allow storage, distribution, and use of package data indefinitely. Nearly all popular open source software licenses actually require preserving personal data that attributes the software to you, such as copyright notices, as a condition of permission for the software.

npm 关于取消发布软件包的政策是什么?

¥What is npm's policy on unpublishing packages?

有关删除软件包的更多信息,请参阅 我们关于 "unpublishing" 软件包的政策我们的服务条款

¥Please see our policy on "unpublishing" packages or our terms of service for more information on erasing packages.

如果你意外发布了威胁你隐私的软件包,或者发现其他人发布了威胁你隐私的软件包,提交支持工单。npm 可以并且会在特定的特殊情况下下架软件包以保护你,尤其是在他人侵犯你的隐私时。使用 npm 侵犯他人隐私违反我们的 服务条款 条款。

¥If you accidentally publish a package that threatens your privacy, or discover someone else has published a package that does, open a support ticket. npm can and will take down packages in specific, exceptional situations to protect you, especially if others violate your privacy. Using npm to violate others' privacy is against our terms of service.

npm 如何通知其他人已发布的数据已被删除?

¥How does npm notify others about published data that's erased?

npm 采取了一些措施来通知可能正在从 npm 公共注册表复制数据的其他人,已发布的数据已被删除:

¥npm takes a few steps to notify others who may be copying data from the npm public registry that published data has been erased:

  • npm 发布一些已删除软件包的新占位符版本,其中包含提及软件包已被删除及其原因的 README 文件。

    ¥npm publishes new placeholder versions of some erased packages, with README files that mention the package has been erased, and why.

  • npm 的 注册表 API 是一种特殊的软件服务,其他人可以使用它从 npm 公共注册表复制数据,并发送有关已删除软件包的更新消息。

    ¥npm's registry APIs, special software services that others use to copy data from the npm public registry, send update messages about packages that have been erased.

如果 npm 与其他公司合并或被其他公司收购,会发生什么?

¥What happens if npm merges with or is bought by another company?

在任何合并、收购、资源或任何业务线出售、所有权控制权变更或融资交易中,或在谈判期间,我们可能会将你的部分或全部信息转移给其他实体或其关联公司或服务提供商。我们无法保证收购方或被合并实体将采用与本政策所述相同的隐私保护措施,或以与本政策所述相同的方式处理你的信息。

¥We may transfer to another entity or its affiliates or service providers some or all information about you in connection with, or during negotiations of, any merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy.

npm 关于儿童信息的信息处理规范是什么?

¥What are npm's information practices regarding information belonging to children?

npm 的网站和服务面向 16 岁及以上的用户。npm 不会故意收集儿童的信息。如果我们发现我们无意中收集了任何未满 16 岁人士的信息,我们将删除该信息。

¥npm's site and services are intended for users age sixteen and older. npm does not knowingly collect information from children. If we discover that we have inadvertently collected information from anyone younger than the age of 16, we will delete that information.

关于 npm 和我的隐私,我可以联系谁?

¥Who can I contact about npm and my privacy?

提交支持工单。你也可以直接联系我们的数据保护官。

¥Please open a support ticket. You may also contact our Data Protection Officer directly.

我们的美国总部:

¥Our United States HQ:

GitHub 数据保护官注意:npm 数据保护 88 Colin P.Kelly Jr.St.美国加利福尼亚州旧金山 94107

¥GitHub Data Protection Officer\ Attention: npm Data Protection\ 88 Colin P. Kelly Jr. St.\ San Francisco, CA 94107\ United States

或我们的欧盟办公室:

¥or our EU Office:

GitHub BV Vijzelstraat 68-72 1017 HL Amsterdam 荷兰

¥GitHub BV\ Vijzelstraat 68-72\ 1017 HL Amsterdam\ The Netherlands

如何了解更改信息?

¥How can I find out about changes?

此版本的 npm 隐私问答于 2020 年 6 月 3 日生效。

¥This version of npm's privacy questions and answers took effect June 3, 2020.

npm 将在 npm 博客 上宣布下一个版本。与此同时,npm 可能会通过更新 [https://npm.nodejs.cn/privacy]privacy 页面来更新 其联系信息,而无需另行通知。npm 可能会更改其在未来隐私版本中宣布变更的方式。

¥npm will announce the next version on the npm blog. In the meantime, npm may update its contact information by updating the page at https://npm.nodejs.cn/privacy, without an announcement. npm may change how it announces changes in future privacy versions.

你可以在 npm 公共政策的 Git 仓库 中查看更改历史记录。

¥You can review the history of changes in the Git repository for npm's public policies.

npm v11.7 中文网 - 粤ICP备13048890号

目录