npm Community Forum (Archive)

The npm community forum has been discontinued.

To discuss usage of npm, visit the GitHub Support Community.

Packages removed due to compromise should not result in 404

When NPM 6.5.0 attempts to install a package that has been removed because it was compromised or depended on something that was compromised, the error should be less benign than a 404.

Currently it reports a 404 and then exits.