Join GitHub today
Should I be able to download a gem marked as yanked? (bootstrap-sass 18.104.22.168) #1941
Here is the gem in question: https://rubygems.org/gems/bootstrap-sass/versions/22.214.171.124
Original issue: twbs/bootstrap-sass#1195
This gem is marked as yank but from my testing I can still install it via Ruby gems. I'm not entirely sure that this is not a local caching issue but I'm seeing the same behavior on Heroku.
Yes, we normally only remove gems from the index on yank, not from the backend storage. Because everything should be using the index, the fact that they exist in the backend storage doesn't matter.
We only delete gems from the backend storage in very specific situations.
referenced this issue
Apr 4, 2019
I also read in the other thread about the issue where users had complained about cached versions of modules etc. If you however check dependencies based on projects that have
Accepted the feedback and edited. Apologies for the strong message.
Evan's original message was actually incorrect. Since 2015 we do remove the file from the backend storage which makes it impossible to download from RubyGems.org. (This doesn't impact any 3rd party mirrors, which we have no control over.)
In this case, since the gem was not yanked via the normal methods it was yanked incorrectly which left it in an invalid half-yanked state, as you noticed. This has been resolved and the gem should no longer be able to be downloaded.