Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] cannot unpublish 2 minutes after publishing #1686

ovanderzee opened this issue Aug 18, 2020 · 6 comments

[BUG] cannot unpublish 2 minutes after publishing #1686

ovanderzee opened this issue Aug 18, 2020 · 6 comments
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release


Copy link

Current Behavior:

I received an error message at the command line:
$ npm unpublish my-lib@1.4.0
npm ERR! code E405
npm ERR! 405 Method Not Allowed - PUT - You can no longer unpublish this package.
npm ERR! Failed criteria:
npm ERR! has dependent packages in the registry
npm ERR!
npm ERR! Please deprecate it instead:
npm ERR! npm deprecate -f 'my-lib@1.4.0' "this package has been deprecated"
npm ERR! To learn more about our unpublish policies, see

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/ovdz/.npm/_logs/2020-08-18T08_20_02_031Z-debug.log

Expected Behavior:

I expected the package to be unpublished, like described in
An other page, talks about "newly created packages"
The description of both pages do not match.
Anyhow, i think it should be possible to remove packages with errors within a few minutes.

Steps To Reproduce:

publish in the root directory of a before published package

npm publish

unpublish with package name and version number

npm unpublish before-published-package@1.2.3


  • OS: MacOS 10.14.6 (Mojave)
  • Node: 12.18.0
  • NPM: 6.14.4
@ovanderzee ovanderzee added Bug thing that needs fixing Needs Triage needs review for next steps Release 6.x work is associated with a specific npm 6 release labels Aug 18, 2020
Copy link

styfle commented Sep 5, 2020

I had the same error message but I didn't even run npm unpublish.
It happened when running npm publish pkg@1.2.3 followed by npm deprecate pkg@1.2.3.

My best guess is that there is a consistency problem after publishing a package and immediately running another command. It may or may not be related to the original issue posted here.

@darcyclarke darcyclarke removed the Needs Triage needs review for next steps label Feb 13, 2021
Copy link

Happened to me too. I know there's one dependent package but it has a fixed version. How come I cannot unpublish a newer version that nobody is dependent on?

Copy link

ljharb commented May 13, 2021

The current policy is unfortunately that if any version is depended on, then no version can be unpublished.

You can try filing a support ticket to see if they can help, but in the meantime, your best bet is to file a patch version that's later than the one you want to unpublish (changing "latest" won't help people who have already upgraded), and then npm deprecate the bad one, and then npm support is more likely (but still not guaranteed) to help you unpublish the bad one.

Copy link

Got it. That's sad that any dependent version is a blocker :(

Copy link

npm v6 is no longer in active development; We will continue to push security releases to v6 at our team's discretion as-per our Support Policy.

If your bug is preproducible on v7, please re-file this issue using our new issue template.

If your issue was a feature request, please consider opening a new RRFC or RFC. If your issue was a question or other idea that was not CLI-specific, consider opening a discussion on our feedback repo

Closing: This is an automated message.

Copy link

djipco commented Nov 26, 2021

The current policy is unfortunately that if any version is depended on, then no version can be unpublished.

This is quite surprising. I do not think there is a gain in preventing the author to unpublish a new version that nobody depends on. On the other end, I can see several reasons why this may be bad for the community...

crapStone pushed a commit to Calciumdibromid/CaBr2 that referenced this issue Apr 28, 2023
This PR contains the following updates:

| Package | Type | Update | Change |
| [prettier]( ([source]( | devDependencies | patch | [`2.8.7` -> `2.8.8`]( |


### Release Notes


### [`v2.8.8`](;288)

[Compare Source](prettier/prettier@2.8.7...2.8.8)

This version is a republished version of v2.8.7.
A bad version was accidentally published and [it can't be unpublished](npm/cli#1686), apologies for the churn.



### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.


 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box


This PR has been generated by [Renovate Bot](

Co-authored-by: cabr2-bot <>
Reviewed-by: Epsilon_02 <>
Co-authored-by: Calciumdibromid Bot <>
Co-committed-by: Calciumdibromid Bot <>
cbush pushed a commit to mongodb/docs-realm that referenced this issue May 19, 2023
<h3>Snyk has created this PR to upgrade prettier from 2.8.7 to

ℹ️ Keep your dependencies up-to-date. This makes it
easier to fix existing vulnerabilities and to more quickly identify and
fix newly disclosed vulnerabilities when they affect your project.

- The recommended version is **1 version** ahead of your current
- The recommended version was released **21 days ago**, on 2023-04-23.

<summary><b>Release notes</b></summary>
    <summary>Package name: <b>prettier</b></summary>
<b>2.8.8</b> - <a
version is a republished version of v2.8.7.<br>
A bad version was accidentally published and <a
data-hovercard-url="/npm/cli/issues/1686/hovercard">it can't be
unpublished</a>, apologies for the churn.</p>
<b>2.8.7</b> - <a
<li>Allow multiple decorators on same getter/setter</li>
<p><g-emoji class="g-emoji" alias="link"
from <a
GitHub release notes</a>

**Note:** *You are seeing this because you or someone else with access
to this repository has authorized Snyk to open upgrade PRs.*

For more information: <img
width="0" height="0"/>

🧐 [View latest project

🛠 [Adjust upgrade PR

🔕 [Ignore this dependency or unsubscribe from future upgrade



Co-authored-by: snyk-bot <>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Bug thing that needs fixing Release 6.x work is associated with a specific npm 6 release
None yet

No branches or pull requests

6 participants