gitea Add support for `npm unpublish`

Add support for `npm unpublish`

Open KN4CK3R opened this issue 3 years ago • 5 comments

trafficstars

related to #20670

This PR adds support for npm unpublish to delete a package.

There is a problem with the current npm cli not working with private registries which prevents testing (for me). Maybe someone with more npm knowledge can help.

Aug 05 '22 14:08 KN4CK3R

Maybe test with last known working cli, e.g. npm i -g [email protected] to downgrade global npm on your machine. Aftwards you can revert to latest via npm i -g npm@latest.

Aug 05 '22 19:08 silverwind

I did but that version fails to resolve the delete url, so that may be fixed in the new version. 🤷‍♂️

Aug 05 '22 19:08 KN4CK3R

Odd, maybe try with yarn or pnpm, just to confirm it's working :D

Aug 05 '22 19:08 silverwind

Both do not support unpublish...

Aug 05 '22 20:08 KN4CK3R

Hmm okay. I gues we'll see how it goes.

Generally I think unpublish should probably be able to be disabled via config, it's considered bad practice as it breaks dependants. Public npm restricts unpublish to the first 72h after creation or for unpopular packages. Not a blocker here.

Aug 05 '22 20:08 silverwind

A configuration to disable it is better.

Aug 06 '22 10:08 lunny

Still think one global package deletion policy would make sense, not only for npm but other package types as well. Configuring it per-package will become cumbersome fast.

Aug 09 '22 11:08 silverwind

I will add this to the package todo list.

Aug 09 '22 12:08 KN4CK3R

gitea gitea copied to clipboard

Add support for `npm unpublish`

gitea
gitea copied to clipboard