-
Notifications
You must be signed in to change notification settings - Fork 239
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RFC: npm publish, unpublish, and [republish] functionality change #687
base: main
Are you sure you want to change the base?
Conversation
…ository management and log management policy (security policy) changes.
A version number, once used, can never be used for anything else - otherwise it would be a massive security hole. I already answered this on your cli issue, and this makes the third place you’ve posted about this. |
|
||
## Summary | ||
|
||
When I publish a package v1.0.0 and unpublish it, it is unpublished correctly. However, I am not able to re-publish any other codebase B/ C/ D into v1.0.0. I will not be able to re-publish the same version v1.0.0 with a new or same codebase. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is good and intended. While it may suck as a publisher (I recently had to help internally with an ancient mispublish that bumped a semver minor, meaning we had to go straight to 4.8.0 rather than starting at 4.0.0!), the existing approach is very rarely an issue, is a simpler solution, and is less potentially harmful than what's proposed here IMO.
… using redirect key specification inpackage.json
…ository management and log management policy (security policy) changes.
(regarding the "redirect" update) You can already do this with |
…nstall key specification in package.json is made.
npm publish, unpublish, and [republish] functionality and data/repository management and log management policy (security policy) changes.
This RFC is a proposal where I recommend allowing republishing the same npm package version v1.0.0 with a different codebase B after unpublishing a version v1.0.0 with codebase A; with a possibility to view the publish, unpublish, republish logs/ codebase, etc. This recommended change improves the npm package publish-unpublish process, (historical) publish-unpublish data management policy, and (historical) publish-unpublish log management policy (and security management policy).
References
Detailed in RFC