npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Applying multiple dist-tags during publish, or updating a dist-tag

So, I’m trying to make sure that both of my dist-tags constantly work. I have been publishing -pre.X releases under the dist-tag @next:

$ npm dist-tag ls
latest: 0.98.0
next: 0.99.0-pre.11

Now, I tried to publish under a new release version:

$ npm version minor -sm "(rel) v%s"

$ npm publish --tag latest --tag next
+ @scope/project@0.99.0

Unfortunately, it doesn’t look like you can publish under multiple dist-tags at once:

$ npm dist-tag ls
latest: 0.98.0
next: 0.99.0

Worse, I don’t seem to be able to update it:

$ npm publish --tag latest
npm ERR! publish Failed PUT 403
npm ERR! code E403
npm ERR! You cannot publish over the previously published versions: 0.99.0. : @scope/project

$ npm dist-tag add @scope/project@0.99.0 latest
npm ERR! code E401
npm ERR! Registry returned 401 for PUT on

What do I do to update my @latest dist-tag?

Some other feedback:

  1. dist-tag badly needs some additional documentation. I can’t figure out how it’s intended to be invoked!

  2. npm publish should probably support multiple --tag arguments? I see a lot of packages with out-of-date dist-tags, i.e. a @next tag that is still pointing to a prerelease of a version three major versions ago …

  3. This forum format is horrible. There, I said it. I mean, I love y’all (at least, those of you which I’ve met at the various conferences) … but I haven’t been forced to use a piece of terrible forum software like this since, I dunno, 2008? Why the reversion to terrible, user-hostile, Past Technology? /=

    None of my business, I suppose; just thought the additional feedback might contribute to others’ complaints. ¯\_(ツ)_/¯

Indeed, you can’t publish under multiple dist-tags at once, this is expected behavior. To update the latest tag your second command seems correct, but you might need additional authentication:

  • add: Tags the specified version of the package with the specified tag, or the --tag config if not specified. If the tag you’re adding is latest and you have two-factor authentication on auth-and-writes then you’ll need to include an otp on the command line with --otp .

This would be necessary for npm publish too, but the latter automatically prompts for an authentication code on an OTP error, while the former doesn’t (yet). If that isn’t the problem you’re having, please do report back.

As for your feedback:

  1. It seems you managed just fine, apart from the --otp flag, but that’s in the docs too. Maybe that could be made somewhat more prominently.
  2. Sounds like a good idea, no immediate problems come to mind. You can submit ideas to the #ideas category. :slightly_smiling_face:
  3. I believe (more concrete) feedback about the forum is welcome in the #meta category.

fwiw, there’s an open PR that goes through all the possible cases for otp tokens and automatically prompts, instead of doing it only for certain commands.

As far as multiple tag support, I don’t recall what the CLI parser did as far as multi value items. This might be fairly straightforward to implement. Look in lib/config/core.js for clues, but I won’t touch code on a weekend.

And cheers @larsgw for the help :muscle:t3::muscle:t3::muscle:t3: