NEXUS-9862 the possibility to add and remove dist-tags to npm repositories has been added. However, it is not possible to change the latest tag.
This improvement is to add the possibility to change and/or remove the latest tag so it can point to any version/release, not just the most recently added one.
- It's possible to set the latest tag to any release, not just the most recently added one
- When applying the latest tag to a release, it is automagically removed from the version it was on. (this way there is always a latest tag on a release)
- Adding a new release will (still) set the latest tag to that release (it can then be moved by applying latest to another release.
Using the dist-tags command is not the valid way to implement this ask.
What is the intent of the latest npm tag?
The latest tag is an alias tag to the last published (by date) version of a package, that was published without any other tag specified
- semantic version ordering is not considered when using the latest tag alias
- according to package metadata docs, the full package metadata format, under the dist-tags section , "Every package will have a latest tag defined"
- always updates the 'latest' tag to version being published, unless --tag <tagname> is specified
- installs the package metadata 'latest' tagged version, if --tag <tagname> is not specified
- one cannot use the npm dist-tag command to set the 'latest' tag.
- has no effect on updating the 'latest' tag
- unpublish package@version: completely removes package version from package metadata, except a reference may be present in the "time" metadata: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#full-metadata-format
- on unpublish, 'latest' tag gets reset last published version (by date)
- "It is generally considered bad behaviour to remove versions of a library that others are depending on!" https://docs.npmjs.com/cli/unpublish.html
- unpublishing using this command only allowed by package maintainer within 72 hours of publishing a package on the official registry.
- unpublishing could happen in exceptional cases as well, either from NPM registry maintainers or by special request
- package versions cannot be republished under any circumstances
- Ref: Unpublish policy: https://www.npmjs.com/policies/unpublish
package-metadata has a full format and abbreviated format: https://github.com/npm/registry/blob/master/docs/responses/package-metadata.md#full-metadata-format