How to delete an npm package from the npm registry?
I stumbled upon this problem where i had to delete an existing package. And the following worked seamlessly. I noticed that the package was removed from my account immediately (It was a test package with no dependency.)
npm --force unpublish "package-name"
You might have to enter OTP/Auth key if you have configured 2FA on npm account.
There's a post about that, given the recent incident. Your best bet would be to contact npm and hope that your package isn't depended by other projects.
If the version is older than 24 hours, then the unpublish will fail, with a message to contact [email protected].
If you contact support, they will check to see if removing that version of your package would break any other installs. If so, we will not remove it. You’ll either have to transfer ownership of the package or reach out to the owners of dependent packages to change their dependency.
http://blog.npmjs.org/post/141905368000/changes-to-npms-unpublish-policy
TL;DR:
npx force-unpublish package-name 'reason message'
Explanation:
It uses the cli tool force-unpublish
which takes the following steps:
npm deprecate package-name 'reason message'
npm owner add npm package-name
npm owner rm $(npm whoami) package-name
https://www.npmjs.com/package/force-unpublish
If the published package/version is less than 72 hours old, unless you are the single owner of the module.
npm unpublish <package-name> --force
https://www.npmjs.com/policies/unpublish has details of the policy to unpublish packages
The command and the policy to unpublish packages may have changed since the question was asked.
npm force-unpublish package-name 'reason message'
OR
npm --force unpublish "package-name"
did not work for me.