-
Notifications
You must be signed in to change notification settings - Fork 3k
Unpublishing the wrong version is only one whitespace away #8784
Comments
Either way this does seem like very poor behavior and I think we should fix it. |
I can help with a fix if you tell me what solution you'd rather want :-)
|
I'd favor an error if there's more than one argument… buut… Looking at the code, it's supposed to already have this check: https://github.com/npm/npm/blob/master/lib/unpublish.js#L53-L68 You can see there that it:
Unless you pass In my brief (albeit minimal) tests, it seems to work as advertised for me… |
This has been moved to the npm roadmap, which we're using instead of the confusing |
@ashleygwilliams does this issue need to be removed from this list from roadmap? |
@iamstarkov The lists of items on the road map are, unfortunately, badly out of date, largely because I've been too busy to give it the substantial update it requires. The list of big bugs and the list of triaged and approved feature requests are a better overview of the CLI team's intentions over the next year. |
Say you have
my-package
that was published in versions1.0.0
and1.0.1
. Then, you discover something terrible about version1.0.0
and want to unpublish it to make sure no one tries to retrieves it. That's what happened for astorije/chai-immutable#15, basically.As discussed here, if you mistype your
unpublish
, things can get ugly:The key here is the whitespace between the package and the version number.
I'd have expected that the command line would be conservative and fail (either you MUST provide a well formed
package@version
, or it would output a warning asking for confirmation, ...), or unpublish version1.0.0
. After that, your only options are still to unpublish version1.0.0
but also publish a new version1.0.2
.I see this as a UI bug, am I being mistaken?
The text was updated successfully, but these errors were encountered: