Hi Justin, We are willing to deal with the latest released rc version problem.
As we can see from npm documentation [1], unpublishing is "generally considered bad behavior to remove versions of a library that others are depending on". And in our case, it is even more dangerous since ECharts has more than 70,000 downloads, and we haven't provided a correct version after that. It's recommended to mark the previous rc version to be deprecated rather than unpublish it [1][2]. And please note that > With the default registry (registry.npmjs.org), unpublish is only allowed > with versions published in the last 72 hours. If you are trying to > unpublish a version published longer ago than that, contact > [email protected]. [1] When a version is unpublished, if some projects have something like `"echarts": "^4.2.0-rc1"` in their package.json, it will cause an error in `npm install` step and bring confusion to a great number of developers. On the other hand, if a version is deprecated, it will give a warning to tell the developers to update, which, in our case, is somewhat strange since we don't have a newer correct version. So, the safest and best-for-all solution seems to be, releasing a correct version with the permission of PPMC ASAP, which we are working on currently. And after that, mark the 4.2.0-rc1 to be deprecated. And we promise that all rc releases under npm in the future should go with "rc" tag to prevent it from being "latest", and the default install way "npm install" will use the latest version permitted by PPMC. I think this way also benefits Apache's branding in saving a large number of developers' confusion and complaints. Could @Justin please help judge if this works with Apache? BTW, we are going to have Chinese New Year from tomorrow till next week, so slow email response is expected. Sorry for the inconvenience, and wish you a happy new year! [1] https://docs.npmjs.com/cli/unpublish [2] https://docs.npmjs.com/cli/deprecate Zhang Wenli http://zhangwenli.com On Sun, Feb 3, 2019 at 7:28 AM Justin Mclean <[email protected]> wrote: > Hi, > > I can see that nothing has been done about [1]. The PPMC cannot provide > unapproved releases to the general public in this manner. [2] All releases > must be approved by the PPMC and IPMC while in incubation. As the VP of the > Apache Incubator I'm asking you to please remove this unapproved release > and any others you have made public since starting graduation. > > If you can come up with another solution that complies with the ASF > release policy I'm willing to listen to it. > > Thanks, > Justin > V.P. Incubator > > 1. https://www.npmjs.com/package/echarts > 2. http://www.apache.org/legal/release-policy.html#release-approval > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
