in the latest npm client, every update request will has a query write=true. so it is easy to separate unpublish and install.
only need to make sure all the unpublish with the latest npm client.
remove session access in /name and /name/version, fixed #274
firstname.lastname@example.org+ will contains ?write=true, which include in email@example.com+ and firstname.lastname@example.org+
$ npm unpublish --verbose connect -f
npm info it worked if it ends with ok
npm verb cli [ 'node',
npm verb cli '/Users/deadhorse/node_modules/.bin/npm',
npm verb cli 'unpublish',
npm verb cli '--verbose',
npm verb cli 'connect',
npm verb cli '-f' ]
npm info using email@example.com
npm info using firstname.lastname@example.org
npm WARN using --force I sure hope you know what you are doing.
npm verb url raw connect?write=true
npm verb url resolving [ 'https://registry.npmjs.org/', './connect?write=true' ]
npm verb url resolved https://registry.npmjs.org/connect?write=true
npm info trying registry request attempt 1 at 13:16:44
npm http GET https://registry.npmjs.org/connect?write=true
we only need to make all admin users use email@example.com+, so all the update request will have ?write=true