I agree with the general sentiment, but if you do want to unpublish there is a policy available [0]
Key points being either:
- published within 72 hours and without any dependents
- no dependents, < 300/week downloads, single owner
Of course even with all that said there was also precedent for having it removed if you emailed them directly and it was up to their discretion (I believe this was prior to their acquisition so not sure if that still applies).
Technically. But the above is specifically designed to prevent someone from unpublishing a package that could "break half the internet", which is what the original poster was waxing on about.
A simple logic of NOT “-“ would have blocked any reintroduction/upgrade of unintended “-“ package, coupled with a inertiazed package replacing the accidentally-introduced “-“ package.
Yeah, those who depend on the original but accidental “-“ package for its functionally should suffer any consequential breakage that may have resulted from it.
26 comments
[ 1.6 ms ] story [ 65.1 ms ] threadKey points being either:
- published within 72 hours and without any dependents
- no dependents, < 300/week downloads, single owner
Of course even with all that said there was also precedent for having it removed if you emailed them directly and it was up to their discretion (I believe this was prior to their acquisition so not sure if that still applies).
0: https://docs.npmjs.com/policies/unpublish
The index file is:
The readme mentions that it's a test of this: https://github.com/parzh/create-package-typescript> Recklessly create TypeScript npm packages left and right with this single command
https://github.com/parzhitsky/-
PHP gets it right: https://packagist.org/explore/
Since the content suggests it was generated by a script, there may have been an error in the input to the script or in the script itself.
https://github.com/parzhitsky/-/issues/1
The double ”when” is quite funny here, given the nature of npm problem described in the article.
Yeah, those who depend on the original but accidental “-“ package for its functionally should suffer any consequential breakage that may have resulted from it.
*insert*fake*tear*here*
...then a few lines further down the article:
> An npm package called "-" has scored almost 720,000 downloads since its publication on the npm registry, since early 2020.
Kinda frustrating that the same information is being written twice imo... And then two ads in a row follow that