npm deprecate doesn't alter the package metadata

[darcyclarke]

  Original bug ticket: [https://npm.community/t/10136](https://npm.community/t/10136)
  Originally filed: 2019-09-19T10:57:15.349Z

[EdricChan03]

It seems that I've been experiencing the exact same issue. I've been trying to mark my package (ngx-ytd-api) on NPM as deprecated with the following command:

npm deprecate ngx-ytd-api "Package is no longer maintained. Use the JavaScript gapi client instead."

No message is shown and the package still does not have any deprecated message. I've even tried specifying the --verbose flag to the command above with these results:

edricchan@Edrics-Macbook-Pro:~/Desktop/Projects/angular/ngx-ytd-api$ npm deprecate ngx-ytd-api "Package is no longer maintained. Use the JavaScript gapi client instead." --verbose
npm info it worked if it ends with ok
npm verb cli [ '/Users/edricchan/.nvm/versions/node/v10.15.3/bin/node',
npm verb cli   '/Users/edricchan/.nvm/versions/node/v10.15.3/bin/npm',
npm verb cli   'deprecate',
npm verb cli   'ngx-ytd-api',
npm verb cli   'Package is no longer maintained. Use the JavaScript gapi client instead.',
npm verb cli   '--verbose' ]
npm info using [email protected]
npm info using [email protected]
npm verb npm-session 87d30d62b4aaeff4
npm http fetch GET 200 https://registry.npmjs.org/ngx-ytd-api?write=true 361ms
npm http fetch PUT 200 https://registry.npmjs.org/ngx-ytd-api 965ms
npm verb exit [ 0, true ]
npm timing npm Completed in 1666ms
npm info ok

For now, the only workaround is to specify a version range:

npm deprecate ngx-ytd-api@">= 1.0.0-alpha.1" "<message>"

I've contacted the npm support team as well, in case this is a registry issue. However, their work hours are Mondays to Fridays from 9AM - 6PM PST, so I'll only hear back from them on Monday.

[ljharb]

As far as I’m aware, an explicit version range has always been required.

[EdricChan03]

@ljharb However, the NPM documentation for deprecating and undeprecating packages/package versions does mention that:

To deprecate an entire package, run the following command, replacing with the name of your package, and "" with your deprecation message:

npm deprecate <package-name> "<message>"

EDIT: Tests for the deprecate command also show that you should be able to deprecate an entire package:

cli/test/tap/deprecate.js

Lines 129 to 151 in ac3739f

	test('npm deprecate a package with no semver range', function (t) {
	var deprecated = JSON.parse(JSON.stringify(cache))
	deprecated.versions = {
	'0.0.0': { deprecated: 'make it dead' },
	'0.0.1': { deprecated: 'make it dead' },
	'0.0.2': { deprecated: 'make it dead' }
	}
	server.get('/cond?write=true').reply(200, cache)
	server.put('/cond', deprecated).reply(201, { deprecated: true })
	common.npm([
	'deprecate',
	'cond',
	'make it dead',
	'--registry', common.registry,
	'--loglevel', 'silent'
	], {},
	function (er, code, stdout, stderr) {
	t.ifError(er, 'npm deprecate')
	t.equal(stderr, '', 'no error output')
	t.equal(code, 0, 'exited OK')
	t.end()
	})
	})

[EdricChan03]

Secondly, while installing the ngx-ytd-api package (which I've marked as deprecated using a version range), it seems that there's no warning message if I don't specify a version range when installing the package:

edricchan@Edrics-Macbook-Pro:~/Desktop/Projects/npm-test$ npm i ngx-ytd-api
npm WARN [email protected] requires a peer of @angular/common@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/core@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of rxjs@^6.2.2 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/common@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/core@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of rxjs@^6.2.2 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

+ [email protected]
added 3 packages from 2 contributors and audited 4 packages in 2.258s
found 0 vulnerabilities

With a specific version range:

edricchan@Edrics-Macbook-Pro:~/Desktop/Projects/npm-test$ npm i [email protected]
npm WARN deprecated [email protected]: Package is no longer maintained. Use the JavaScript gapi client instead.
npm WARN [email protected] requires a peer of @angular/common@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/core@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of rxjs@^6.2.2 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/common@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of @angular/core@^6.0.0 || ^7.0.0 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] requires a peer of rxjs@^6.2.2 but none is installed. You must install peer dependencies yourself.
npm WARN [email protected] No description
npm WARN [email protected] No repository field.

+ [email protected]
updated 1 package and audited 4 packages in 3.307s
found 0 vulnerabilities

[EdricChan03]

A member of the npm team has commented to my support request with the following reply:

Text transcription:

Hi Edric,

Thanks for reaching out - happy to help.

The reason the deprecation failed is due to the versions. If the latest version ends with a - followed with other characters, it will fail. YOu can resolve the deprecation issue by publishing another version such as 0.0.0, then proceed with deprecation.

Please let us know if you need additional assistance. We'll be here to help.

Best,

Eva
Tech Support
npm, Inc.