[hanspagel]

You can’t unpublish a npm package with more than 100 downloads I think.

[Normal_gaussian]

The policy is https://docs.npmjs.com/policies/unpublish

    Packages published less than 72 hours ago
    
    For newly created packages, as long as no other packages in the npm Public Registry depend on your package, you can unpublish anytime within the first 72 hours after publishing.

There are 231+ packages that depend on this one, and I imagine they mostly use permissive enough version ranges that this was included.

[firloop]

Looks like Anthropic called in a favor and it's removed now.

[SV_BubbleTime]

Ah, another you can’t, but they can.

I’m still a little humored over peak web3 and the DAO / soft contract nonsense. Like in order to stop fraud entire coins were forked…

[inglor]

Sure you can, if you have a legitimate case you can ask npm to unpublish and they handle things manually :)

[kevstev]

I have had to do this, well over a decade ago now, when working at a place that was a pretty big deal in the node world, and node was still pretty new. They helped us.

I would imagine GH would do the same if its a high enough profile issue.

[jamietanna]

Yep, we had to do this recently with Renovate, where we had too many releases, and new publishing hit a size limit on the registry, so we needed support to help us unpublish a load of old releases

[Breza]

The novel Red Team Blues involves a similar plot with a crypto token that's supposed to be immutable. It's pretty entertaining.

[jacquesm]

Good luck with that.