Hi, it seems like at some point the library was published under two different namespaces:
https://www.npmjs.com/package/@iabtcf/cmpapi
https://www.npmjs.com/package/@iabtechlabtcf/cmpapi
Initially, I thought this was a typo-squatting attack, with some new attacker registering the "iabtechlabtcf" namespace to try and trick users into using their copy-cat package—especially since the @iabtcf/cmpapi package did not mention the migration or have any other notes indicating that it was deprecated.
After reviewing the tickets on this repository, I found this commit that seemed to indicate that this was an intentional change authorized by the IAB: 5706cc3. However, it wasn't accompanied by any change log update or announcement that I could find. I also couldn't find any information on the internet to determine why this changed or what this means for users of this library.
Usage seems to be pretty evenly split between these versions, with 37% of users (10k downloads a month) using the old @iabtcf package, and 63% of users (18k downloads a month) using the @iabtechlabtcf package. However, iabtcf has larger spikes in usage than iabtechlabtcf, with a little under 30k downloads in August.
I suggest you publish a clear, authoritative statement on the matter that explains the confusion, and also that you push a version to the @iabtcf namespace indicating that it is deprecated and that users should move to the new namespace—if that is your intent, which it seems like it must be.
Hi, it seems like at some point the library was published under two different namespaces:
https://www.npmjs.com/package/@iabtcf/cmpapi
https://www.npmjs.com/package/@iabtechlabtcf/cmpapi
Initially, I thought this was a typo-squatting attack, with some new attacker registering the "iabtechlabtcf" namespace to try and trick users into using their copy-cat package—especially since the
@iabtcf/cmpapipackage did not mention the migration or have any other notes indicating that it was deprecated.After reviewing the tickets on this repository, I found this commit that seemed to indicate that this was an intentional change authorized by the IAB: 5706cc3. However, it wasn't accompanied by any change log update or announcement that I could find. I also couldn't find any information on the internet to determine why this changed or what this means for users of this library.
Usage seems to be pretty evenly split between these versions, with 37% of users (10k downloads a month) using the old
@iabtcfpackage, and 63% of users (18k downloads a month) using the@iabtechlabtcfpackage. However, iabtcf has larger spikes in usage than iabtechlabtcf, with a little under 30k downloads in August.I suggest you publish a clear, authoritative statement on the matter that explains the confusion, and also that you push a version to the
@iabtcfnamespace indicating that it is deprecated and that users should move to the new namespace—if that is your intent, which it seems like it must be.