Short version: wa.dev is a critical resource for the WebAssembly ecosystem, which hosts a variety of packages from a diverse group of users. That resource is only effective when our users are able to work together as part of a community in good faith. While using wa.dev, you must comply with our Acceptable Use Policies, which include some restrictions on content and conduct on wa.dev related to user safety, intellectual property, privacy, authenticity, and other limitations. In short, be excellent to each other!
We do not allow content or activity on wa.dev that:
violates the Code of Conduct of the JAF Labs project is unlawful or promotes unlawful activities, incurring legal liability in the countries the JAF Labs officially operates in is libelous, defamatory, or fraudulent amounts to phishing or attempted phishing infringes any proprietary right of any party, including patent, trademark, trade secret, copyright, right of publicity, or other right unlawfully shares unauthorized product licensing keys, software for generating unauthorized product licensing keys, or software for bypassing checks for product licensing keys, including extension of a free license beyond its trial period contains malicious code, such as computer viruses, computer worms, rootkits, back doors, or spyware, including content submitted for research purposes (tools designed and documented explicitly to assist in security research are acceptable, but exploits and malware that use the wa.dev registry as a deployment or delivery vector are not) uses obfuscation to hide or mask functionality is discriminatory toward, harasses or abuses another individual or group threatens or incites violence toward any individual or group, especially on the basis of who they are is using wa.dev as a platform for propagating abuse on other platforms violates the privacy of any third party, such as by posting another person's personal information without consent gratuitously depicts or glorifies violence, including violent images is sexually obscene or relates to sexual exploitation or abuse, including of minors (see "Sexually Obscene Content" section below) is off-topic, or interacts with platform features in a way that significantly or repeatedly disrupts the experience of other users exists only to reserve a name for a prolonged period of time (often called "name squatting") without having any genuine functionality, purpose, or significant development activity on the corresponding repository is related to buying, selling, or otherwise trading of package names or any other names on wa.dev for money or other compensation impersonates any person or entity, including through false association with wa.dev, or by fraudulently misrepresenting your identity or site's purpose is related to inauthentic interactions, such as fake accounts and automated inauthentic activity is using our servers for any form of excessive automated bulk activity, to place undue burden on our servers through automated means, or to relay any form of unsolicited advertising or solicitation through our servers, such as get-rich-quick schemes is using our servers for other automated excessive bulk activity or coordinated inauthentic activity, such as spamming cryptocurrency mining is not functionally compatible with the cargo build tool (for example, a "package" cannot simply be a PNG or JPEG image, a movie file, or a text document uploaded directly to the registry) is abusing the package index for purposes it was not intended You are responsible for using wa.dev in compliance with all applicable laws, regulations, and all of our policies. These policies may be updated from time to time. We will interpret our policies and resolve disputes in favor of protecting users as a whole. The wa.dev team reserves the possibility to evaluate each instance on a case-by-case basis.
For issues such as DMCA violations, or trademark and copyright infringements, the wa.dev team will respect the legal decisions of the JAF Labs as the official legal entity providing the wa.dev service.
Package Ownership wa.dev has a first-come, first-serve policy on package names. Upon publishing a package, the publisher will be made owner of the package on wa.dev.
If you want to take over a package, we require you to first try and contact the current owner directly. If the current owner agrees, they can add you as an owner of the package, and you can then remove them, if necessary. If the current owner is not reachable or has not published any contact information the wa.dev team may reach out to help mediate the process of the ownership transfer.
Package deletion by their owners is not possible to keep the registry as immutable as possible. If you want to flag your package as open for transferring ownership to others, you can publish a new version with a message in the README or description communicating to the wa.dev support team that you consent to transfer the package to the first person who asks for it:
I consent to the transfer of this package to the first person who asks help@wa.dev for it. Keep in mind that the new owner might develop your package in a way you never intended it, or might completely repurpose your package. Transferring the package to a malicious user could have a significant impact for any existing users of your package.
The wa.dev team may delete packages from the registry that do not comply with the policies on this document. In larger cases of squatting attacks this may happen without prior notification to the author, but in most cases the team will first give the author the chance to justify the purpose of the package.
Security Safety is one of the core principles of WebAssembly, and to that end, we would like to ensure that cargo and wa.dev have secure implementations. To learn more about disclosing security vulnerabilities for these tools, please reference the JAF Labs Security policy for more details.
Note that this policy only applies to official JAF Labs projects like wa.dev and cargo, and not individual packages. The wa.dev team and the Security Response working group are not responsible for the disclosure of vulnerabilities to specific packages, and if any issues are found, you should seek guidance from the individual package owners and their specific policies instead.
Thank you for taking the time to responsibly disclose any issues you find.
Sexually Obscene Content We do not tolerate content associated with sexual exploitation or abuse of another individual, including where minors are concerned. We do not allow sexually themed or suggestive content that serves little or no purpose other than to solicit an erotic or shocking response, particularly where that content is amplified by its placement in profiles or other social contexts.
This includes:
Pornographic content Non-consensual intimate imagery Graphic depictions of sexual acts including photographs, video, animation, drawings, computer-generated images, or text-based content We recognize that not all nudity or content related to sexuality is obscene. We may allow visual and/or textual depictions in artistic, educational, historical or journalistic contexts, or as it relates to victim advocacy. In some cases a disclaimer can help communicate the context of the project.
Violations and Enforcement wa.dev retains full discretion to take action in response to a violation of these policies, including account suspension, account termination, or removal of content.
We will however not be proactively monitoring the site for these kinds of violations, but instead relying on the community to draw them to our attention.
While the majority of interactions between individuals in the WebAssembly community falls within our policies, violations of those policies do occur at times. When they do, the wa.dev team may need to take enforcement action to address the violations. In all cases, content and account deletion is permanent and there is no basis to reverse these moderation actions taken by the wa.dev team. Account suspension may be lifted at the team's discretion however, for example in the case of someone's account being compromised.
Credits & License This policy is partially based on crates.io’s Acceptable Use Policy and modified from its original form.
Licensed under the Creative Commons Attribution 4.0 International license.