Immutable versions policy

Disallows existing versions of a package to be overwritten by publish/push/pull.

Bytesafe by default allows versions to be overwritten, unlike the public npm registry. This enables patching of public packages or fixing errors found in QA before release etc.

Immutable versions is for situations where you want to restrict this functionality. With this policy enabled, attempts to republish (or otherwise overwrite a version) a package will fail with a warning.

Use cases

  • Registries used for releases where each update should include stepping of version number.
  • Registries used as integration points between teams where you want to remove the possibility of different teams publishing the same package versions (accidently overwriting it).