4

npm is causing me grief and I have no idea why. Trying to publish a new version of my package.

npm view {{package}} versions

[ '0.3.0',
  '0.3.1',
  '0.4.0',
  '0.4.2',
  '0.5.0',
  '0.6.0',
  '0.6.1',
  '0.7.0',
  '0.7.1',
  '0.8.0',
  '0.8.1',
  '0.8.2',
  '0.8.3',
  '0.8.4',
  '0.8.5' ]

When I run npm publish I get this:

400 Bad Request - PUT https://registry.npmjs.org/{{package}} - Cannot publish over previously published version "1.0.0".

This is my current package.json:

...
"version": "1.0.0",
...

What gives?

EDIT:

Further, even when I try to patch the version and publish a 1.0.1 or a 1.0.2 I get the same message....good grief...

Adam Jenkins
  • 51,445
  • 11
  • 72
  • 100

3 Answers3

20

So when I was first creating my package a few months ago, I had originally published a 1.0, decided I didn't like it and unpublished it from the registry. I had forgotten I had done this and, due to NPMs policies, which I support, they don't allow you to republish a version of a package that had previously been published. Had to version bump to 1.0.3 in order to get it to work. Might help somebody else out.

EDIT: The npm view command (with the --json flag) can give you some insight into what's happened. It'll output something like this close to the top

  "time": {
    "created": "2020-06-09T19:57:19.446Z",
    "1.0.0": "2020-06-09T19:57:19.720Z",
    "modified": "2020-08-23T21:31:17.255Z",
    "1.0.1": "2020-06-09T23:32:53.322Z",
    "2.0.0": "2020-06-10T12:49:09.722Z",
    "2.0.1": "2020-06-10T13:17:40.021Z",
    "2.0.2": "2020-06-10T19:37:09.994Z",
    "2.0.3": "2020-06-11T00:24:46.982Z",
    "2.0.4": "2020-08-20T21:18:46.305Z",
    "2.0.5": "2020-08-20T21:20:42.971Z",
    "2.0.6": "2020-08-20T21:35:22.181Z",
    "2.0.7": "2020-08-20T22:30:24.183Z",
    "2.0.8": "2020-08-20T22:42:05.255Z",
    "2.0.9": "2020-08-23T21:31:15.021Z"
  },
Adam Jenkins
  • 51,445
  • 11
  • 72
  • 100
  • THE BEST ANSWER!! +1 – HerberthObregon Sep 03 '20 at 04:39
  • The policy makes a lot of sense if you think about it, otherwise anybody could republish a package version with a malware in it (imagine a big framework with a dependency on some third party package at a fixed version, if the third party wanted to take advantage he could just republish on that version) – Tofandel Mar 20 '21 at 17:49
6

You cannot publish a package at the version it was unpublished before. You can read more about npm's policy here. https://www.npmjs.com/policies/unpublish

Samy
  • 116
  • 1
  • 4
0

you need to change the version from 1.0.0 to 1.0.1

Jelo Kokhodze
  • 11
  • 3