Hacker News new | ask | show | jobs
by joesb 3746 days ago
Yes, there is. Just like NPM's left-pad case. The owner of the package remove the package from the repository. It doesn't matter if you pin to any version if there is no longer a code to download.

The only way to prevent this is to have your own local server for third party package repository.
3 comments
pcwalton 3746 days ago
There are package management systems out there that don't allow package owners to remove existing code in a way that breaks downstream users.
link
pjtr 3746 days ago
Your own mirror of third party packages is definitely the way to go. I'm continuously stunned this is not standard practice.
link
iopq 3746 days ago
It's also a problem with NPM, just don't let people remove older versions of things.
link