[celticninja]

Could you just publish garbage instead?

[yoz-y]

You could but everybody uses version pinning in production, right?

[emsy]

People who are serious about reproducible builds host their own repos. Most people probably don’t know the difference between ^1.0.1 and ~1.0.1

[bakuninsbart]

Thanks for making me look that up!

[delfinom]

If only npm's version pinning actually version pinned without idiotic subrules. package-lock.json is just one massive lie.

[minitech]

What do you mean?

[jpangs88]

Versioned garbage, but yeah you could. It would just make a new version not work which isn't as harmful as taking away a package.