I love that the way “everything” broke unpublishing in npm sounds insane, unless you’re already familiar with npm’s unpublishing…
I love that the way “everything” broke unpublishing in npm sounds insane, unless you’re already familiar with npm’s unpublishing policies, which themselves sound draconian, unless you’re already familiar with leftpad, which was a farce.
The package that broke NPM (accidentally) - uncenter.dev
Context:
“everything” is an npm package that depends on, well, everything: every other npm package. Its purpose is purely artistic; there’s no practical reason to install literally everything.
By design, it depends on every package. It even depends on every version of each package, for technical reasons.
However, npm only allows removing a package or version if nothing depends on it. Since the everything package depends on every version of every package, then no one at all could remove anything from npm.
The authors of everything also couldn’t remove their own package themselves. So everyone was stuck waiting for help from npm.
But why is npm so fussy? Why not allow everyone to remove their own work whenever they like?
In 2016, many npm packages suddenly stopped working. This was because they depended, directly or indirectly, on the tiny utility package left-pad. Its author removed all his packages from npm, breaking them all.
Why did the author, Azer Koçulu, remove all his own work from npm? He owned the package named kik, and npm took it away from him to grant ownership to kik.com instead. He was disappointed and decided he didn’t want to contribute to npm anymore.
Dominos meme.