RFC: npm publish, unpublish, and [republish] functionality change

[ganeshkbhat]

npm publish, unpublish, and [republish] functionality and data/repository management and log management policy (security policy) changes.

This RFC is a proposal where I recommend allowing republishing the same npm package version v1.0.0 with a different codebase B after unpublishing a version v1.0.0 with codebase A; with a possibility to view the publish, unpublish, republish logs/ codebase, etc. This recommended change improves the npm package publish-unpublish process, (historical) publish-unpublish data management policy, and (historical) publish-unpublish log management policy (and security management policy).

References

Detailed in RFC

[ljharb]

A version number, once used, can never be used for anything else - otherwise it would be a massive security hole. I already answered this on your cli issue, and this makes the third place you’ve posted about this.

[ljharb]

(regarding the "redirect" update) You can already do this with npm deprecate. Having it be programmatic and implicit is also a security issue.