undefined | Better HN

0 pointshanspagel1mo ago0 comments

You can’t unpublish a npm package with more than 100 downloads I think.

0 comments

The policy is https://docs.npmjs.com/policies/unpublish

    Packages published less than 72 hours ago
    
    For newly created packages, as long as no other packages in the npm Public Registry depend on your package, you can unpublish anytime within the first 72 hours after publishing.

There are 231+ packages that depend on this one, and I imagine they mostly use permissive enough version ranges that this was included.

firloop1mo ago

Looks like Anthropic called in a favor and it's removed now.

SV_BubbleTime1mo ago

Ah, another you can’t, but they can.

I’m still a little humored over peak web3 and the DAO / soft contract nonsense. Like in order to stop fraud entire coins were forked…

inglor1mo ago

Sure you can, if you have a legitimate case you can ask npm to unpublish and they handle things manually :)

kevstev1mo ago

I have had to do this, well over a decade ago now, when working at a place that was a pretty big deal in the node world, and node was still pretty new. They helped us.

I would imagine GH would do the same if its a high enough profile issue.

jamietanna1mo ago

Yep, we had to do this recently with Renovate, where we had too many releases, and new publishing hit a size limit on the registry, so we needed support to help us unpublish a load of old releases

Breza1mo ago

The novel Red Team Blues involves a similar plot with a crypto token that's supposed to be immutable. It's pretty entertaining.

jacquesm1mo ago

Good luck with that.

j / k navigate · click thread line to collapse