NPM Unpublish Policy

This document describes your options when trying to unsubscribe a package published in the public record.

The registration data is immutable, that is, once published, a package cannot be changed. We do this for reasons of security and stability of users who depend on these packages. Therefore, if you have already published a package called "bob" in version 1.1.0, no other package can be published under that name in that version. This is true even if this package is not published.

However, due to accidents, we allow you to unsubscribe packages in the situations described below. Otherwise, you can always discontinue a package.

Packages published less than 72 hours ago

For newly created packages, as long as no other package in the npm Public Registry depends on your package, you can unsubscribe at any time within 72 hours of posting.

Packages published over 72 hours ago Regardless of how long ago a package was published, you can cancel the publication of a package that:

• no other package in the public registry npm depends on it
• had less than 300 downloads in the last week
• has a single owner / maintainer

How to cancel the publication

To unpublish a single version of an npm package run npm unpublish <package_name>@<version>.

If all versions of a package can be published, you can unpublish all versions at once by running the command npm unpublish <package_name> --force.

Considerations:

• After package@version is used, you can never use it again. You should publish a new version, even if you haven’t published the old one.

• After you cancel the posting of a package, you will not be able to undo the posting.

• If you cancel the full publication of all versions of a package, you may not publish any new version of that package until 24 hours have passed.

Note: I made a quick translation of the contents of this website, as I have time I will improve the text

Furlough: Attribution-Sharealike 4.0 International (CC BY-SA 4.0)

Hello, Claudio! All right?

Then, every time we use npm or Yarn, a file called Package.json is created, there is written all the data pertaining to your application, such as author name, license type and mainly all npm dependencies that the project uses.

example:

{
  "name": "servidor",
  "version": "1.0.0",
  "description": "Livraria Casa do Codigo",
  "main": "server.js",
  "scripts": {
    "test": "echo \"Error: no test specified\" && exit 1",
    "start": "nodemon src/app/server.js"
  },
  "author": "Vitor Cordeiro",
  "license": "ISC",
  "dependencies": {
    "express": "4.16.3",
    "marko": "4.13.4-1"
  },
  "devDependencies": {
    "exact": "^0.8.0",
    "nodemon": "^1.18.4"
  }
}

in "dependencies" are all the dependencies of your project. And in "devDependencies" are the development dependencies, those that are needed only in development and production mode are removed from the project.

And if I erase any dependency??

When this happens, a tip: Relax! hahahahaha Even when development teams are working together and need to share the project with others, they only send folders that contain code and logic, and the Package.json file.

The node_modules file is not sent together to decrease the size of the uploaded file.

The person who picked up the files type only 1 command in the terminal

npm install

with this command npm will "read" the contents of the Package.json file and see all the dependencies that the project contains and will install them automatically.

I hope you answered your question!

until the next!

The Archive package.json keeps all dependency data, such as name and version, if someone deletes a module from node_modules as you said yourself, it will be installed, but if someone deletes the package name in the file package.json, I don’t know a way to block file editing