RFC: npm publish, unpublish, and [republish] functionality change #687
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ository management and log management policy (security policy) changes.
|
A version number, once used, can never be used for anything else - otherwise it would be a massive security hole. I already answered this on your cli issue, and this makes the third place you’ve posted about this. |
bnb
reviewed
Apr 5, 2023
|
|
||
| ## Summary | ||
|
|
||
| When I publish a package v1.0.0 and unpublish it, it is unpublished correctly. However, I am not able to re-publish any other codebase B/ C/ D into v1.0.0. I will not be able to re-publish the same version v1.0.0 with a new or same codebase. |
There was a problem hiding this comment.
This is good and intended. While it may suck as a publisher (I recently had to help internally with an ancient mispublish that bumped a semver minor, meaning we had to go straight to 4.8.0 rather than starting at 4.0.0!), the existing approach is very rarely an issue, is a simpler solution, and is less potentially harmful than what's proposed here IMO.
added 2 commits
April 6, 2023 00:32
… using redirect key specification inpackage.json
…ository management and log management policy (security policy) changes.
|
(regarding the "redirect" update) You can already do this with |
…nstall key specification in package.json is made.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
npm publish, unpublish, and [republish] functionality and data/repository management and log management policy (security policy) changes.
This RFC is a proposal where I recommend allowing republishing the same npm package version v1.0.0 with a different codebase B after unpublishing a version v1.0.0 with codebase A; with a possibility to view the publish, unpublish, republish logs/ codebase, etc. This recommended change improves the npm package publish-unpublish process, (historical) publish-unpublish data management policy, and (historical) publish-unpublish log management policy (and security management policy).
References
Detailed in RFC