Don't update latest
when the published version is not the latest
#6778
Comments
A possible workaround which I did not try yet: In the git branch for the old major version, update package.json and add |
Did you try out this workaround?
I think this may be a duplicate of #4709 , where implicitly changing As I note there, it's hard to distinguish between these two commands
But there's already a
be an override for this guard is definitely possible. |
We're going to ensure that this is working the way @smikes describes (and also maybe add a |
@othiym23 thank you for the comment. @smikes' proposal looks good to me 👍, I am looking forward to see it implemented. Honestly, I don't really mind how exactly this issue is fixed, as long as there is a reasonably easy way to keep the right README version on the website when publishing from an older branch. |
Configure npm to publish use a different tag than latest when publishing from this branch. This is needed to prevent a problem where publishing and older version overwrites the contents of README displayed on npmjs website.
Configure npm to publish use a different tag than latest when publishing from this branch. This is needed to prevent a problem where publishing and older version overwrites the contents of README displayed on npmjs website.
* fixed possible undefined parameters (Stefano Valicchia) * Add publishConfig to prevent npm/npm#6778 (Miroslav Bajtoš)
The CLI team has discussed this further, and we've agreed that this is enough of a footgun that it merits adding a warning when a publish happens with an older |
Okay. I will take a look at this. Rough spec: As a module author Scenario: |
@othiym23 Hey So we published a few patch releases of bower and now 1.4.2 is "latest" and not 1.6.5
|
The CLI team discussed this again as part of reviewing our feature requests, and the consensus of the team agrees with @bajtos – However, while this would be a useful safety check for publishers, it’s not important enough to be prioritized over the work the team has scheduled for the next 6-12 month. Therefore, I’m going to mark this request as For those who are interested in implementing this, there are two tricky aspects:
Thanks to all for their patience and time! |
@othiym23 This bit us on TypeScript pretty badly - it broke our CI because It's worse because the publish API doesn't seem to support not updating the I'd at least like to see API support for not moving |
Is there something an author can do to fix Really I think we're missing a key API here -- some way to update a tag to point at a different version. The only way to set a tag is by publishing and without capability to overwrite an install, it leaves authors up the proverbial creek without a paddle. Publishers should be able to add, modify and remove dist-tags without using the install command. |
See https://github.com/npm/npm-www/issues/931 for background.
Some npm modules maintain multiple major versions (e.g. express 3.x and 4.x, loopback 1.x and 2.x, etc.). When we publish a new release in the old version line,
npm publish
updates thelatest
tag and thus screws up the information displayed on http://npmjs.org/.npm/npm-www#931 suggests to use a different tag when publishing an older version. While this is a solution,
it's very easy to forget to change the tag and thus accidentally screw the latest tag.
I am proposing to make the npm client more clever and refuse such requests.
Example assuming
express@4.0.0
was already published and we are publishingexpress@3.0.1
:Another alternative orthogonal to the proposal above is to print some extra help after
npm publish
downgraded the latest tag.The text was updated successfully, but these errors were encountered: