Details
-
Type:
Improvement
-
Status: Open
-
Priority:
Major
-
Resolution: Unresolved
-
Affects Version/s: 3.0.0
-
Fix Version/s: None
-
Component/s: NPM
-
Labels:
-
Story Points:5
-
Sprint:NXRM MadMax Sprint 39
-
Notability:4
Description
In NEXUS-9862 the possibility to add and remove dist-tags to npm repositories has been added. However, it is not possible to change the latest tag.
This improvement is to add the possibility to change and/or remove the latest tag so it can point to any version/release, not just the most recently added one.
Acceptance criteria
- It's possible to set the latest tag to any release, not just the most recently added one
- When applying the latest tag to a release, it is automagically removed from the version it was on. (this way there is always a latest tag on a release)
- Adding a new release will (still) set the latest tag to that release (it can then be moved by applying latest to another release.
Summary Information
What is the intent of the latest npm tag?
The latest tag is an alias tag to the last published (by date) version of a package, that was published without any other tag specified
- semantic version ordering is not considered when using the latest tag alias
- according to package metadata docs, the full package metadata format, under the dist-tags section , "Every package will have a latest tag defined"
npm publish
- always updates the 'latest' tag to version being published, unless --tag <tagname> is specified
npm install
- installs the package metadata 'latest' tagged version, if --tag <tagname> is not specified
npm dist-tag
- one CAN use npm dist-tag command against packages on the official registry to set the 'latest' tag to reference an already ( even older ) published version. npm dist-tags add example-test-package@5.0.0 latest
npm deprecate
- has no effect on updating the 'latest' tag
npm unpublish
- unpublish package@version: completely removes package version from package metadata, except a reference may be present in the "time" metadata: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#full-metadata-format
- on unpublish, 'latest' tag gets reset last published version (by date)
- "It is generally considered bad behaviour to remove versions of a library that others are depending on!" https://docs.npmjs.com/cli/unpublish.html
- unpublishing using this command only allowed by package maintainer within 72 hours of publishing a package on the official registry.
- unpublishing could happen in exceptional cases as well, either from NPM registry maintainers or by special request
- package versions cannot be republished under any circumstances
- Ref: Unpublish policy: https://www.npmjs.com/policies/unpublish
package-metadata has a full format and abbreviated format: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#full-metadata-format
Attachments
Issue Links
- is caused by
-
NEXUS-9862 support npm dist-tag command
-
- Done
-
- is related to
-
NEXUS-26811 Importing npm packages from Nexus Repository 2 to 3 should maintain dist-tags
-
- Closed
-
-
NEXUS-23094 Helm Repository Allow Redeploying latest tag
-
- Closed
-