本文档介绍了在取消发布已发布到公共注册表的软件包时可用的选项。
🌐 This document describes your options when looking to unpublish a package published to the public registry.
注册表数据是不可更改的,这意味着一旦发布,包就不能更改。我们这样做是出于依赖这些包的用户的安全性和稳定性考虑。所以,如果你曾经发布过一个名为“bob”的包,版本为1.1.0,那么其他包永远不能以该名称和版本发布。即使该包被取消发布,这条规则仍然适用。
🌐 Registry data is immutable, meaning once published, a package cannot change. We do this for reasons of security and stability of the users who depend on those packages. So if you've ever published a package called "bob" at version 1.1.0, no other package can ever be published with that name at that version. This is true even if that package is unpublished.
然而,由于意外情况可能发生,我们允许你在以下描述的情况下取消发布软件包。否则,你始终可以将软件包标记为不推荐使用。
🌐 However, because accidents happen, we allow you to unpublish packages in the situations described below. Otherwise, you can always deprecate a package.
🌐 Packages published less than 72 hours ago
对于新创建的软件包,只要 npm 公共注册表中没有其他软件包依赖于你的软件包,你可以在发布后的 72 小时内随时取消发布。
🌐 For newly created packages, as long as no other packages in the npm Public Registry depend on your package, you can unpublish anytime within the first 72 hours after publishing.
🌐 Packages published more than 72 hours ago
无论软件包发布多久,你都可以取消发布满足以下所有条件的软件包:
🌐 Regardless of how long ago a package was published, you can unpublish a package that meets all of the following conditions:
🌐 How to unpublish
要取消发布单个软件包版本,请运行 npm unpublish <package_name>@<version>。
如果一个软件包的所有版本都可以被撤销发布,你可以通过运行 npm unpublish <package_name> --force 一次性撤销发布所有版本。
🌐 Considerations:
package@version,就无法再次使用它。即使你撤下了旧版本,也必须发布一个新版本。🌐 What to do if your package does not meet the unpublish criteria?
如果你的包不符合取消发布政策的标准,我们建议弃用该包。这允许包被下载,但每次下载包时以及在包的 npmjs.com 页面上都会发布一条明确的警告信息(由你撰写)。用户将知道你不建议他们使用该包,但如果他们依赖该包,他们的构建将不会中断。我们认为这是在可靠性和作者控制之间的一个良好折中方案。
🌐 If your package does not meet the unpublish policy criteria, we recommend deprecating the package. This allows the package to be downloaded but publishes a clear warning message (that you get to write) every time the package is downloaded, and on the package's npmjs.com page. Users will know that you do not recommend they use the package, but if they are depending on it their builds will not break. We consider this a good compromise between reliability and author control.
你可以通过在命令行中使用以下任一命令来实现:
🌐 This can be achieved by using one of the following from your command line:
npm deprecate <package> "<message>" 将弃用整个包npm deprecate <package>@<version> "<message>" 弃用特定版本如果整个软件包已被弃用,该软件包名称将从我们的搜索结果中删除。
🌐 If the entire package is deprecated, the package name will be dropped from our search results.
🌐 More on our unpublish policy
本文件是对取消发布流程、CLI命令取消发布文档以及博客文章“npm取消发布政策的变更 - 2020年1月”的补充。
🌐 This document is additive to the unpublish procedures, the CLI commands unpublish documentation and the "Changes to npm Unpublish Policy - January 2020" blog post.
🌐 Issues?
如果由于某些原因你的包符合下架政策的标准但下架命令失败,或者如果你在弃用过程上需要帮助,请联系支持团队,我们将很乐意为你提供帮助。
🌐 If for some reason your package meets the unpublish policy criteria but the unpublish command fails, or if you need assistance with the deprecate process, please reach out to our support team where we'll be happy to assist.
如果你认为某个包违反了 npm 的条款或政策,例如我们的使用条款,请联系支持团队。如果某个包侵犯了你的版权,参考 npm 的 DMCA 删除政策。如果你认为某个包侵犯了你的隐私权,请尽快 联系我们的隐私团队。
🌐 If you believe a package violates npm's terms or policies, such as our terms of use, reach out to our support team. If a package infringes your copyright, refer to npm's DMCA takedown policy. If you believe a package violates your privacy rights, contact our privacy team as soon as possible.
🌐 Changes
这是一个动态文档,可能会不时更新。请参考此文档的 Git 历史以查看更改内容。
🌐 This is a living document and may be updated from time to time. Please refer to the git history for this document to view the changes.
🌐 License
版权所有 (C) npm, Inc.,保留所有权利。
🌐 Copyright (C) npm, Inc., All rights reserved
本文件可在知识共享署名-相同方式共享许可下重复使用。
🌐 This document may be reused under a Creative Commons Attribution-ShareAlike License.