ljharb
commented
1 week ago This wouldn't be a CLI change (and thus not really an RFC), it'd be a registry policy change. I'd like to see it happen, as well, to be clear.
Closed aryamohanan closed 1 week ago
ljharb
commented
1 week ago This wouldn't be a CLI change (and thus not really an RFC), it'd be a registry policy change. I'd like to see it happen, as well, to be clear.
aryamohanan
commented
1 week ago We have already created an npm support ticket and received the following response from support:
"We take your feedback into consideration and it will help us prioritize what comes next in our backlog. We have some ideas on how we can improve the publishing processes to prevent such accidents as users mistakenly setting a wrong version."
This response gives us hope that npm will consider this request. I will also raise the issue in community discussions, as it is important to give maintainers more control over their packages.
aryamohanan
commented
1 week ago I have started a discussion here https://github.com/orgs/community/discussions/144533
monishcm
commented
1 week ago Closing this issue as this is a registry change and the community discussion would suffice.
Motivation ("The Why")
Currently, npm does not provide maintainers with the ability to unpublish a specific version of a package if the package has dependents, even if the specific version itself has none. This limitation can create issues when a version was mistakenly published, has minimal downloads, or is no longer relevant. Providing maintainers with more control over individual versions would help maintain cleaner and more accurate package registries, reduce user confusion, and empower maintainers to manage their packages effectively without impacting the entire package.
Example
For instance, in our case, version 5.0.0 of a package was mistakenly published instead of version 4. While the package as a whole has a few dependents, this specific version (5.0.0) has no active dependents, very few downloads(~2), and is no longer in use. If we could unpublish this specific version, it would help prevent unnecessary versions from cluttering the registry and make it easier for users to find the correct, active versions.
How
Current Behaviour
Currently, npm restricts maintainers from unpublishing specific versions of a package when the package has dependents. The only available options are to unpublish the entire package or unpublish versions with no dependents and minimal downloads. This limitation forces maintainers to keep outdated or mistakenly published versions that clutter the registry and complicate package management.
Desired Behaviour
Allow package maintainers to unpublish a specific version of a package, even if it has dependents, as long as it meets the following criteria:
This change would give maintainers greater control over their packages, allowing them to remove unnecessary versions without affecting the entire package.
References