Laurie Voss
Un-un-publishing is an unprecedented action that we're taking given the severity and widespread nature of breakage, and isn't done lightly.
Hey npm users: left-pad 0.0.3 was unpublished, breaking LOTS of builds. To fix, we are un-un-publishing it at the request of the new owner.
-
- View other replies
-
-
Full disclosure: the original author un-published his modules on purpose and in protest:https://medium.com/@azerbike/i-ve-just-liberated-my-modules-9045c06be67c#.rfu2w1c66 …
-
- View other replies
-
This action puts the wider interests of the community of npm users at odds with the wishes of one author; we picked the needs of the many.
- View other replies
-
Even within npm we're not unanimous that this was the right call, but I cannot see hundreds of builds failing every second and not fix it.
- View other replies
-
left-pad@0.0.3 is now restored to the registry. Run npm cache clear before attempting your installs again. This sucked and we're sorry.
- View other replies
-
This whole situation sucks. We will be carefully considering the issues raised by and publishing a post-mortem later.
- View other replies
-
In the meantime, several thousand open source projects have been repaired, and I'm sleeping fine tonight.
- View other replies
-
@seldo it wasn't your place to take another developers code and 'un-unpublish' it. - Show more
-
-
-
@JakeDChampion The package name was adopted by@camwest, who asked us to do this, but we acknowledge it's a very grey area. - View other replies
-
-
@JakeDChampion The TOS say anybody can adopt a package name that has been abandoned; that part is routine. - View other replies
-
@seldo The other part is what I meant, the un unpublishing -
@JakeDChampion The TOS don't really address this situation. It's never happened before, so we never considered it. - View other replies
-
@seldo This section makes me think it isn't within NPMJS' rules to un unpublish -- https://www.npmjs.com/policies/open-source-terms#your-content … -
@seldo Specifically -- "The license lasts, for each piece of Your Content, until ... you delete it from the Website or the Public Registry." - View other replies
- Show more
-
-
-
@seldo It would make a lot more sense if npm was immutable, all you could do is publish new stuff and not remove or change existing stuff. -
@DaleJefferson it is immutable with the exception of being able to unpublish stuff, and up until now that's always been useful. -
@seldo@DaleJefferson Unpublish is especially useful for "Holy shit I pushed a giant security hole, nobody use version <blah>!" situations.
-
-
-
@seldo seems the unpublishing thing is a major security risk? Should unpublishing not be allowed after some period of time? -
@miranext we're (re)considering our policy carefully. - View other replies
-
-
unknown();
Jake Champion
Dale Jefferson
Michael Graziano
Warren Mira
Justin Hall
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.