[BUG] cannot unpublish 2 minutes after publishing #1686
Comments
ovanderzee
added
Bug
|
I had the same error message but I didn't even run https://github.com/vercel/vercel/runs/1076007594#step:6:649 My best guess is that there is a consistency problem after publishing a package and immediately running another command. It may or may not be related to the original issue posted here. |
|
Happened to me too. I know there's one dependent package but it has a fixed version. How come I cannot unpublish a newer version that nobody is dependent on? |
|
The current policy is unfortunately that if any version is depended on, then no version can be unpublished. You can try filing a support ticket to see if they can help, but in the meantime, your best bet is to file a patch version that's later than the one you want to unpublish (changing "latest" won't help people who have already upgraded), and then |
|
Got it. That's sad that any dependent version is a blocker :( |
|
npm If your bug is preproducible on If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo Closing: This is an automated message. |
This is quite surprising. I do not think there is a gain in preventing the author to unpublish a new version that nobody depends on. On the other end, I can see several reasons why this may be bad for the community... |
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [prettier](https://prettier.io) ([source](https://github.com/prettier/prettier)) | devDependencies | patch | [`2.8.7` -> `2.8.8`](https://renovatebot.com/diffs/npm/prettier/2.8.7/2.8.8) | --- ### Release Notes <details> <summary>prettier/prettier</summary> ### [`v2.8.8`](https://github.com/prettier/prettier/blob/HEAD/CHANGELOG.md#​288) [Compare Source](prettier/prettier@2.8.7...2.8.8) This version is a republished version of v2.8.7. A bad version was accidentally published and [it can't be unpublished](npm/cli#1686), apologies for the churn. </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNS42MS4wIiwidXBkYXRlZEluVmVyIjoiMzUuNjMuMSJ9--> Co-authored-by: cabr2-bot <cabr2.help@gmail.com> Reviewed-on: https://codeberg.org/Calciumdibromid/CaBr2/pulls/1872 Reviewed-by: Epsilon_02 <epsilon_02@noreply.codeberg.org> Co-authored-by: Calciumdibromid Bot <cabr2_bot@noreply.codeberg.org> Co-committed-by: Calciumdibromid Bot <cabr2_bot@noreply.codeberg.org>
<h3>Snyk has created this PR to upgrade prettier from 2.8.7 to
2.8.8.</h3>
ℹ️ Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.
<hr/>
- The recommended version is **1 version** ahead of your current
version.
- The recommended version was released **21 days ago**, on 2023-04-23.
<details>
<summary><b>Release notes</b></summary>
<br/>
<details>
<summary>Package name: <b>prettier</b></summary>
<ul>
<li>
<b>2.8.8</b> - <a
href="https://snyk.io/redirect/github/prettier/prettier/releases/tag/2.8.8">2023-04-23</a></br><p>This
version is a republished version of v2.8.7.<br>
A bad version was accidentally published and <a
href="https://snyk.io/redirect/github/npm/cli/issues/1686"
data-hovercard-type="issue"
data-hovercard-url="/npm/cli/issues/1686/hovercard">it can't be
unpublished</a>, apologies for the churn.</p>
</li>
<li>
<b>2.8.7</b> - <a
href="https://snyk.io/redirect/github/prettier/prettier/releases/tag/2.8.7">2023-03-24</a></br><ul>
<li>Allow multiple decorators on same getter/setter</li>
</ul>
<p><g-emoji class="g-emoji" alias="link"
fallback-src="https://github.githubassets.com/images/icons/emoji/unicode/1f517.png">🔗</g-emoji>
<a
href="https://snyk.io/redirect/github/prettier/prettier/blob/main/CHANGELOG.md#287">Changelog</a></p>
</li>
</ul>
from <a
href="https://snyk.io/redirect/github/prettier/prettier/releases">prettier
GitHub release notes</a>
</details>
</details>
<hr/>
**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*
For more information: <img
src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiI0MzBjM2RkMy0zMDQ1LTQyMDctOGFlYy1hNjdhNmFjNTM2MzQiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjQzMGMzZGQzLTMwNDUtNDIwNy04YWVjLWE2N2E2YWM1MzYzNCJ9fQ=="
width="0" height="0"/>
🧐 [View latest project
report](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr)
🛠 [Adjust upgrade PR
settings](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?utm_source=github&utm_medium=referral&page=upgrade-pr)
🔕 [Ignore this dependency or unsubscribe from future upgrade
PRs](https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55/settings/integration?pkg=prettier&utm_source=github&utm_medium=referral&page=upgrade-pr#auto-dep-upgrades)
<!---
(snyk:metadata:{"prId":"430c3dd3-3045-4207-8aec-a67a6ac53634","prPublicId":"430c3dd3-3045-4207-8aec-a67a6ac53634","dependencies":[{"name":"prettier","from":"2.8.7","to":"2.8.8"}],"packageManager":"npm","type":"auto","projectUrl":"https://app.snyk.io/org/sandbox-2ba/project/852e6e4f-be96-45c8-b370-1060f5ebee55?utm_source=github&utm_medium=referral&page=upgrade-pr","projectPublicId":"852e6e4f-be96-45c8-b370-1060f5ebee55","env":"prod","prType":"upgrade","vulns":[],"issuesToFix":[],"upgrade":[],"upgradeInfo":{"versionsDiff":1,"publishedDate":"2023-04-23T07:26:12.772Z"},"templateVariants":[],"hasFixes":false,"isMajorUpgrade":false,"isBreakingChange":false,"priorityScoreList":[]})
--->
---------
Co-authored-by: snyk-bot <snyk-bot@snyk.io>
![https://github.githubassets.com/images/icons/emoji/unicode/1f517.png">🔗</g-emoji](https://github.githubassets.com/images/icons/emoji/unicode/1f517.png">🔗</g-emoji){kind=link}
Current Behavior:
I received an error message at the command line:
$ npm unpublish my-lib@1.4.0
npm ERR! code E405
npm ERR! 405 Method Not Allowed - PUT https://registry.npmjs.org/my-lib/-rev/14-878ad331638f5b05ac5eb9a52ff15fc0 - You can no longer unpublish this package.
npm ERR! Failed criteria:
npm ERR! has dependent packages in the registry
npm ERR!
npm ERR! Please deprecate it instead:
npm ERR! npm deprecate -f 'my-lib@1.4.0' "this package has been deprecated"
npm ERR! To learn more about our unpublish policies, see https://www.npmjs.com/policies/unpublish
Expected Behavior:
I expected the package to be unpublished, like described in https://docs.npmjs.com/cli/unpublish
An other page, https://www.npmjs.com/policies/unpublish talks about "newly created packages"
The description of both pages do not match.
Anyhow, i think it should be possible to remove packages with errors within a few minutes.
Steps To Reproduce:
publish in the root directory of a before published package
unpublish with package name and version number
Environment:
The text was updated successfully, but these errors were encountered: