Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.0.0
-
Fix Version/s: None
-
Component/s: NPM
-
Labels:
-
Notability:4
Description
In NEXUS-9862 the possibility to add and remove dist-tags to npm repositories has been added. However, it is not possible to change the latest tag.
This improvement is to add the possibility to change and/or remove the latest tag so it can point to any version/release, not just the most recently added one.
Acceptance criteria
- It's possible to set the latest tag to any release, not just the most recently added one
- When applying the latest tag to a release, it is automagically removed from the version it was on. (this way there is always a latest tag on a release)
- Adding a new release will (still) set the latest tag to that release (it can then be moved by applying latest to another release.
Important Caveat Regarding npm dist-tags command and "latest" tag
Using the dist-tags command is not the valid way to implement this ask.
What is the intent of the latest npm tag?
The latest tag is an alias tag to the last published (by date) version of a package, that was published without any other tag specified
- semantic version ordering is not considered when using the latest tag alias
- according to package metadata docs, the full package metadata format, under the dist-tags section , "Every package will have a latest tag defined"
npm publish
- always updates the 'latest' tag to version being published, unless --tag <tagname> is specified
npm install
- installs the package metadata 'latest' tagged version, if --tag <tagname> is not specified
npm dist-tag
- one cannot use the npm dist-tag command to set the 'latest' tag.
npm deprecate
- has no effect on updating the 'latest' tag
npm unpublish
- unpublish package@version: completely removes package version from package metadata, except a reference may be present in the "time" metadata: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#full-metadata-format
- on unpublish, 'latest' tag gets reset last published version (by date)
- "It is generally considered bad behaviour to remove versions of a library that others are depending on!" https://docs.npmjs.com/cli/unpublish.html
- unpublishing using this command only allowed by package maintainer within 72 hours of publishing a package on the official registry.
- unpublishing could happen in exceptional cases as well, either from NPM registry maintainers or by special request
- package versions cannot be republished under any circumstances
- Ref: Unpublish policy: https://www.npmjs.com/policies/unpublish
package-metadata has a full format and abbreviated format: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#full-metadata-format
Attachments
Issue Links
- is caused by
-
NEXUS-9862 support npm dist-tag command
-
- Done
-
- is related to
-
-
- Closed
-