npm 取消发布政策

See Details

本文档介绍了在取消发布已发布到公共注册表的软件包时可用的选项。

¥This document describes your options when looking to unpublish a package published to the public registry.

注册表数据是不可变的，这意味着软件包一旦发布就无法更改。我们这样做是出于对依赖这些软件包的用户的安全性和稳定性的考虑。因此，如果你曾经发布过一个名为 "bob" 的 1.1.0 版本软件包，则其他任何软件包都不能以该名称在该版本发布。即使软件包未发布，也是如此。

¥Registry data is immutable, meaning once published, a package cannot change. We do this for reasons of security and stability of the users who depend on those packages. So if you've ever published a package called "bob" at version 1.1.0, no other package can ever be published with that name at that version. This is true even if that package is unpublished.

但是，由于意外情况时有发生，我们允许你在以下情况下取消发布软件包。否则，你可以随时弃用某个软件包。

¥However, because accidents happen, we allow you to unpublish packages in the situations described below. Otherwise, you can always deprecate a package.

发布时间少于 72 小时的软件包

¥Packages published less than 72 hours ago

对于新创建的软件包，只要 npm 公共注册表中没有其他软件包依赖于你的软件包，你可以在发布后的 72 小时内随时取消发布。

¥For newly created packages, as long as no other packages in the npm Public Registry depend on your package, you can unpublish anytime within the first 72 hours after publishing.

发布时间超过 72 小时的软件包

¥Packages published more than 72 hours ago

无论软件包发布多久，你都可以取消发布满足以下所有条件的软件包：

¥Regardless of how long ago a package was published, you can unpublish a package that meets all of the following conditions:

npm 公共注册表中没有其他软件包依赖于它

¥no other packages in the npm Public Registry depend on it
过去一周下载量不足 300 次

¥it had less than 300 downloads over the last week
只有一个所有者/维护者

¥it has a single owner/maintainer

如何取消发布

¥How to unpublish

要取消发布单个软件包版本，请运行 npm unpublish <package_name>@<version>。

¥To unpublish a single package version, run npm unpublish <package_name>@<version>.

如果软件包的所有版本都可以取消发布，你可以通过运行 npm unpublish <package_name> --force 一次性取消发布所有版本。

¥If all the versions of a package can be unpublished, you can unpublish all versions at once by running npm unpublish <package_name> --force.

注意事项：

¥Considerations:

一旦使用 package@version，你将无法再次使用它。即使你取消了旧版本的发布，也必须发布新版本。

¥Once package@version has been used, you can never use it again. You must publish a new version even if you unpublished the old one.
一旦你取消发布软件包，你将无法撤消取消发布。

¥Once you have unpublished a package, you will not be able to undo the unpublish.
如果你完全取消发布某个包的所有版本，则在 24 小时内你不得发布该包的任何新版本。

¥If you entirely unpublish all versions of a package, you may not publish any new versions of that package until 24 hours have passed.

如果你的软件包不符合取消发布标准，该怎么办？

¥What to do if your package does not meet the unpublish criteria?

如果你的软件包不符合取消发布政策标准，我们建议你联系弃用。这允许下载软件包，但每次下载软件包时都会发布一条清晰的警告消息（你可以编写），并在软件包的 npmjs.com 页面上发布。用户会知道你不建议他们使用该软件包，但如果他们依赖该软件包，他们的构建不会中断。我们认为这是在可靠性和作者控制之间取得良好平衡的方法。

¥If your package does not meet the unpublish policy criteria, we recommend deprecating the package. This allows the package to be downloaded but publishes a clear warning message (that you get to write) every time the package is downloaded, and on the package's npmjs.com page. Users will know that you do not recommend they use the package, but if they are depending on it their builds will not break. We consider this a good compromise between reliability and author control.

你可以通过在命令行中使用以下任一命令来实现：

¥This can be achieved by using one of the following from your command line:

npm deprecate <package> "<message>" 弃用整个软件包

¥npm deprecate <package> "<message>" to deprecate the entire package
npm deprecate <package>@<version> "<message>" 弃用特定版本

¥npm deprecate <package>@<version> "<message>" to deprecate a specific version

如果整个软件包已被弃用，该软件包名称将从我们的搜索结果中删除。

¥If the entire package is deprecated, the package name will be dropped from our search results.

问题？

¥Issues?

如果由于某种原因，你的软件包符合取消发布政策标准，但取消发布命令失败，或者你需要弃用流程方面的帮助，请联系联系我们的支持团队，我们将竭诚为你服务。

¥If for some reason your package meets the unpublish policy criteria but the unpublish command fails, or if you need assistance with the deprecate process, please reach out to our support team where we'll be happy to assist.

如果你认为某个软件包违反了 npm 的条款或政策，例如我们的使用条款，请联系联系我们的支持团队。如果某个软件包侵犯了你的版权，请参阅 npm 的 DMCA 删除政策。如果你认为某个软件包侵犯了你的隐私权，请尽快联系联系我们的隐私团队。

¥If you believe a package violates npm's terms or policies, such as our terms of use, reach out to our support team. If a package infringes your copyright, refer to npm's DMCA takedown policy. If you believe a package violates your privacy rights, contact our privacy team as soon as possible.