As some of you have noticed in the last few days, the npm registry now prevents publishing new bits over a previously published version. There was a discussion of the change on github and the npm client was changed to not even try to
If you publish
email@example.com, you can still un-publish
firstname.lastname@example.org. But then, you will not be able to publish something else to that same package identifier and version.
Even if a package is 100% unpublished by the author, and you publish a new version of a brand new thing, you won’t be able to use the version numbers that the previous author used.
The only way around this will be for a server admin to manually intervene.
The net benefit is that you won’t be surprised by having different things show up when you and someone else both have
email@example.com installed. Either it’ll work, or it won’t, but it won’t ever be a completely different thing.
What this means is that
npm publish -f will not work. The first step, where it deletes the old copy, will work. But then trying to publish over it will fail with a
403 Forbidden response. You’ll have to change the version number to make it work.
In all other ways, everything else stays the same.
Some of you have been annoyed or frustrated by this change, and for that, I deeply apologize. The net result is an improvement, and since I can’t force you to upgrade to the latest npm client, your command line tools will assume that re-publishing works, and present you with confusing errors.
While it is annoying to have to bump the version number for typos documentation changes, I believe in the long run, the benefits of greater reliability and data integrity are well worth it.