Unpublishing the wrong version is only one whitespace away #8784
Comments
|
Either way this does seem like very poor behavior and I think we should fix it. |
|
I can help with a fix if you tell me what solution you'd rather want :-)
|
|
I'd favor an error if there's more than one argument… buut… Looking at the code, it's supposed to already have this check: https://github.com/npm/npm/blob/master/lib/unpublish.js#L53-L68 You can see there that it:
Unless you pass In my brief (albeit minimal) tests, it seems to work as advertised for me… |
|
This has been moved to the npm roadmap, which we're using instead of the confusing |
|
could not reproduce in either npm2 or 3. is working as designed!
closing. please open a new issue if you continue to have trouble! |
|
@ashleygwilliams does this issue need to be removed from this list from roadmap? |
|
@iamstarkov The lists of items on the road map are, unfortunately, badly out of date, largely because I've been too busy to give it the substantial update it requires. The list of big bugs and the list of triaged and approved feature requests are a better overview of the CLI team's intentions over the next year. |
Say you have
my-packagethat was published in versions1.0.0and1.0.1. Then, you discover something terrible about version1.0.0and want to unpublish it to make sure no one tries to retrieves it. That's what happened for astorije/chai-immutable#15, basically.As discussed here, if you mistype your
unpublish, things can get ugly:The key here is the whitespace between the package and the version number.
I'd have expected that the command line would be conservative and fail (either you MUST provide a well formed
package@version, or it would output a warning asking for confirmation, ...), or unpublish version1.0.0. After that, your only options are still to unpublish version1.0.0but also publish a new version1.0.2.I see this as a UI bug, am I being mistaken?
The text was updated successfully, but these errors were encountered: