npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

`npm unpublish -f` give strange unhelpful console outputs

Note: sorry for not following the issue template, it was bothering me, I will go right to the point.

Summary

I wanted to unpublish my entire package, which I created just for testing purposes. I executed npm unpublish -f from the folder containing my package.json, thinking that npm would infer the package name from it. I expected it to simply work. But NPM goes crazy.

Reproduction Steps

Note: I used quick-test-unpublish-querty as a package name, but to reproduce you will have to use a different one I guess, since now this name is taken.

npm WARN using --force I sure hope you know what you are doing.
-undefined
npm WARN using --force I sure hope you know what you are doing.
npm ERR! code E403
npm ERR! 403 Forbidden - DELETE https://registry.npmjs.org/quick-test-unpublish-querty/-rev/1-0526bac33a57c4e587540f30f3e8efad - You do not have permission to publish "quick-test-unpublish-querty". Are you logged in as the correct user?

Suggestions

While we’re at it, calling npm unpublish -f from a folder which does not have a package.json gives a sligthly better error message but it could still be improved:

$ npm unpublish -f
npm WARN using --force I sure hope you know what you are doing.
npm ERR! Usage: undefined

I think a better error message such as Missing package name or something would be better.

I would also like to suggest that calling npm unpublish -f should never work. Even when inside the package folder, I think it would be safer to require the package name regardless. This could work as a safety measure, just like when we want to delete a repository on GitHub and we have to type its name (to make sure we’re not deleting the wrong thing)!

Platform Info

$ npm --versions
{ npm: '6.8.0',
  ares: '1.15.0',
  cldr: '33.1',
  http_parser: '2.8.0',
  icu: '62.1',
  modules: '64',
  napi: '3',
  nghttp2: '1.34.0',
  node: '10.15.0',
  openssl: '1.1.0j',
  tz: '2018e',
  unicode: '11.0',
  uv: '1.23.2',
  v8: '6.8.275.32-node.45',
  zlib: '1.2.11' }
$ node -p process.platform
win32


Is there anything else I should do with this bug report? Looks like it went unnoticed.


Nothing else to do, and it was noticed. If you look at the top by the bright “bugs” you can see tags have been added for “triaged”, “cli”, “help-wanted”, and “good-first-patch”.