A PR was created for a version of color that isn't in npm

[gilmoreorless]

First up, thanks for Greenkeeper 😀 — I was at JSConf EU where it debuted and have told many people about it since then.

I just had this PR opened by Greenkeeper: gilmoreorless/postcss-gradient-transparency-fix#8

It bumps the color dependency to version 0.12.0 which then has failing builds. The build logs say that the specified version can't be found, and indeed the npm page says that 0.11.1 is the latest release.

I'm not knowledgeable enough about the way npm+Greenkeeper works to know why this PR was created. At a wild guess, could it happen if a package version is published then un-published quickly?

Keep up the good work. :)

[boennemann]

Hey @gilmoreorless,

thanks for your support and this bug report.
This seems off indeed. npm reported some oddities with publishes in the past few days, but I couldn't find any hints in color's repo, so it might as well be a problem on our side.

We're investigating the problem.

Thanks for your patience and sorry for any inconveniences.

Best,
Stephan

Related: JamesKyburz/svg-sketch#45

[JamesKyburz]

Running npm view suggests a version 0.12.0 was published, maybe it was unpublished?

Not sure if there is an unpublish log...

➜  ~  npm view color

{ name: 'color',
  description: 'Color conversion and manipulation with CSS string support',
  'dist-tags': { latest: '0.11.1' },
  versions: 
   [ '0.1.0',
     '0.1.1',
     '0.1.2',
     '0.1.3',
     '0.2.0',
     '0.3.0',
     '0.4.0',
     '0.4.1',
     '0.4.2',
     '0.4.3',
     '0.4.4',
     '0.5.0',
     '0.6.0',
     '0.7.0',
     '0.7.1',
     '0.7.2',
     '0.7.3',
     '0.8.0',
     '0.9.0',
     '0.10.0',
     '0.10.1',
     '0.11.0',
     '0.11.1' ],
  maintainers: 
   [ 'harth <fayearthur@gmail.com>',
     'moox <m@moox.io>',
     'qix <i.am.qix@gmail.com>' ],
  time: 
   { modified: '2016-03-28T18:43:18.022Z',
     created: '2011-06-23T03:09:53.739Z',
     '0.1.0': '2011-06-23T03:09:54.511Z',
     '0.1.1': '2011-06-23T16:42:17.743Z',
     '0.1.2': '2011-06-24T02:35:44.115Z',
     '0.1.3': '2011-06-27T05:33:12.820Z',
     '0.2.0': '2011-06-27T20:10:51.343Z',
     '0.3.0': '2011-06-28T02:17:14.939Z',
     '0.4.0': '2011-08-31T02:00:45.377Z',
     '0.4.1': '2011-10-16T17:13:33.102Z',
     '0.4.2': '2013-02-14T20:05:40.866Z',
     '0.4.3': '2013-04-07T20:22:17.968Z',
     '0.4.4': '2013-04-07T20:24:58.848Z',
     '0.5.0': '2013-11-18T02:48:04.332Z',
     '0.6.0': '2014-04-27T01:35:06.447Z',
     '0.7.0': '2014-07-23T07:16:51.398Z',
     '0.7.1': '2014-07-23T07:46:27.662Z',
     '0.7.2': '2014-10-17T19:43:25.692Z',
     '0.7.3': '2014-10-17T19:54:00.739Z',
     '0.8.0': '2015-03-03T06:43:52.102Z',
     '0.9.0': '2015-06-21T05:57:56.797Z',
     '0.10.0': '2015-07-02T07:07:33.513Z',
     '0.10.1': '2015-07-02T08:34:36.212Z',
     '0.11.0': '2016-01-02T19:51:09.547Z',
     '0.11.1': '2016-01-03T17:58:06.736Z',
     '0.12.0': '2016-03-28T18:41:50.132Z' },
  repository: { type: 'git', url: 'git+ssh://git@github.com/MoOx/color.git' },
  keywords: [ 'color', 'colour', 'css' ],
  readmeFilename: 'README.md',
  homepage: 'https://github.com/MoOx/color#readme',
  bugs: { url: 'https://github.com/MoOx/color/issues' },
  users: 
   { dazld: true,
     macmac: true,
     dannyfritz: true,
     sklise: true,
     etsit: true,
     ferdouscodes: true,
     ahmedelgabri: true,
     iamstarkov: true,
     shawnsandy: true,
     tommyzzm: true,
     lukekarrys: true },
  license: 'MIT',
  version: '0.11.1',
  authors: 
   [ 'Heather Arthur <fayearthur@gmail.com>',
     'Maxime Thirouin',
     'Josh Junon' ],
  xo: { rules: { 'no-cond-assign': 0, 'new-cap': 0 } },
  files: [ 'CHANGELOG.md', 'LICENSE', 'index.js' ],
  scripts: { pretest: 'xo', test: 'mocha' },
  dependencies: { 'color-convert': '^0.5.3', 'color-string': '^0.3.0' },
  devDependencies: { mocha: '^2.2.5', xo: '^0.12.1' },
  gitHead: '3ae554930634a3766d510a1a2e98b89b2f72fef2',
  dist: 
   { shasum: '19e357ce1872e191e8a91702b4ee1b0ed844187a',
     tarball: 'http://127.0.0.1:5080/tarballs/color/0.11.1.tgz' } }

[finnp]

Yeah that looks like it could have been unpublished. Possible fix would be #157

[Qix-]

Not sure what happened. I don't have any bumps locally and don't recall pushing a minor release at all (there hasn't been any need to; I haven't changed anything that warrants a minor release).

After an unrelated release snafu we were experiencing with chalk I wouldn't be the one to unpublish anything to begin with.

I'll ask the other contributors if they know anything. Hopefully whatever happened didn't screw anyone up too bad.

Current version of color is 0.11.1 and the next version will be 1.0.0; If any new releases are going to happen in the 0.x version they'll be patches for extraneous bugfixes if they come around.

[boennemann]

@Qix- Thanks for chiming in here!

I just tried to publish a completely new package and to unpublish a few versions to see what the metadata looks like, but unpublish is completely broken for me right now. First I couldn't unpublish anything at all and then I managed to unpublish something, but it was possible to republish the exact same version again.

When looking at the metadata while the version was still unpublished it didn't show up in versions at all.

I suspect that these bugs are caused by some internal restructurings npm is currently performing in order to implement their new unpublish policy.

#157 seems a bit drastic to me, especially given that color@0.12.0 apparently wasn't unpublished, but an npm bug. Given the new policy we will see far less unpublishes in the future. With the old policy in place this problem hasn't occurred for Greenkeeper even once.

Here is my current stance on this: No action required. npm will fix these bugs. Unpublishes will occur very, very rarely. If so they aren't necessarily for newest versions that Greenkeeper acts upon. Delaying the entire service for 24hours does not seem appropriate to me.

Happy to change my mind if we see these things happen again.

Thanks for reporting and your feedback everyone! We're sorry for any inconveniences.

[gilmoreorless]

Thanks @boennemann, I'm happy to accept this as an anomaly for now.