The npm blog has been discontinued.
Updates from the npm team are now published on the GitHub Blog and the GitHub Changelog.
No More `npm publish -f`
As some of you have noticed in the last few days, the npm registry now prevents publishing new bits over a previously published version. There was a discussion of the change on github and the npm client was changed to not even try to publish -f.
If you publish foo@1.2.3, you can still un-publish foo@1.2.3. But then, you will not be able to publish something else to that same package identifier and version.
Ever.
Even if a package is 100% unpublished by the author, and you publish a new version of a brand new thing, you won’t be able to use the version numbers that the previous author used.
The only way around this will be for a server admin to manually intervene.
The net benefit is that you won’t be surprised by having different things show up when you and someone else both have foo@1.2.3 installed. Either it’ll work, or it won’t, but it won’t ever be a completely different thing.
What this means is that npm publish -f will not work. The first step, where it deletes the old copy, will work. But then trying to publish over it will fail with a 403 Forbidden response. You’ll have to change the version number to make it work.
In all other ways, everything else stays the same.
Some of you have been annoyed or frustrated by this change, and for that, I deeply apologize. The net result is an improvement, and since I can’t force you to upgrade to the latest npm client, your command line tools will assume that re-publishing works, and present you with confusing errors.
While it is annoying to have to bump the version number for typos documentation changes, I believe in the long run, the benefits of greater reliability and data integrity are well worth it.