|
|
|
|
|
|
by chatmasta
887 days ago
|
|
|
Pinning to a specific version doesn't protect against the author unpublishing that version. The problem with the `*` bug is that it means you can stop anyone from unpublishing future versions of their package by simply creating a package that depends on it with a `*` identifier and publishing that to the registry. |
|
|
It does if your project is also in the npm public registry and the package you're dependent on is more than 72 hours old.
https://docs.npmjs.com/policies/unpublish