Is there a possible way to remove or delete the entire module from npm registry?
Notice: npm -f unpublish doesn't allowed you to unpublish anything older than 24 hours
Add a comment
|
7 Answers
There's a post about that, given the recent incident. Your best bet would be to contact npm and hope that your package isn't depended by other projects.
If the version is older than 24 hours, then the unpublish will fail, with a message to contact [email protected].
If you contact support, they will check to see if removing that version of your package would break any other installs. If so, we will not remove it. You’ll either have to transfer ownership of the package or reach out to the owners of dependent packages to change their dependency.
http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy
2 Comments
Per Lundberg
Very good post. It's incredibly bad practice to unpublish packages which other packages depend on, so it should not be taken lightly. Leaf dependencies breaking down is one of the most painful things to experience IMHO, regardless of ecosystem/programming language.
slebetman
This new policy was probably formulated due to the leftpad incident that crashed a lot of websites: arstechnica.com/information-technology/2016/03/…
TL;DR:
npx force-unpublish package-name 'reason message'
Explanation:
It uses the cli tool force-unpublish which takes the following steps:
npm deprecate package-name 'reason message'npm owner add npm package-namenpm owner rm $(npm whoami) package-name
2 Comments
Matteo
I don't think this is working anymore, maybe their policy has changed, I get this error:
Cannot remove all owners of a package. Add someone else firstIf the published package/version is less than 72 hours old, unless you are the single owner of the module.
npm unpublish <package-name> --force
https://www.npmjs.com/policies/unpublish has details of the policy to unpublish packages
The command and the policy to unpublish packages may have changed since the question was asked.
npm force-unpublish package-name 'reason message'
OR
npm --force unpublish "package-name"
did not work for me.
Comments
I stumbled upon this problem where i had to delete an existing package. And the following worked seamlessly. I noticed that the package was removed from my account immediately (It was a test package with no dependency.)
npm --force unpublish "package-name"
You might have to enter OTP/Auth key if you have configured 2FA on npm account.
Comments
Make sure your package meets the unpublish policy.
Remove one version
npm unpublish [<@scope>/]<pkg>@<version>
Remove all versions
npm unpublish [<@scope>/]<pkg> --force
https://docs.npmjs.com/cli/v6/commands/npm-unpublish
It may take a while to take effect after the command is executed successfully on the terminal.
1 Comment
Nolesh
And don't forget to run
npm login before unpublishing your package.From the docs: https://www.npmjs.com/policies/unpublish
npm deprecate <package> "<message>" to deprecate the entire package
npm deprecate <package>@<version> "<message>" to deprecate a specific version
If the entire package is deprecated, the package name will be dropped from our search results.
Once deprecated, if you would also like for the package to be removed from your user profile,
it can be transferred to our @npm account. This can be achieved by using the following from your command line:
npm owner add npm <package>
npm owner rm <your_username> <package>
Comments
Some recent feedback: I've just used the command unpublish <package_name> with --force flag as described by the other guys and it just worked. The package had been published more than 72h after the removal process.
Packaged removed from npm registry (at least from the dashboard...) instantly!
That said, I think it's best to change the currently accepted answer to whoever recommended the command npm unpublish <package_name>.
Env info:
node: 16.6.1
npm: 7.20.3
