DEV Community

Hugh Rawlinson
Hugh Rawlinson

Posted on • Originally published at

What to do if you publish a beta build as @latest

I recently published a beta build of Meyda to the npm registry, with the intention of having one of our longest running users test it out to make sure it worked in their project. I hadn't done a manual release in a long time, since we use semantic-release, so I skimmed the output of npm publish --help, and figured out what command I would run. I
set the version field of package.json to 5.1.7-beta.0, as instructed built the bundle, ran our test suite, and ran npm publish . --dry-run, to verify that the manifest of files that would be published was correct. It was correct, and so I ran

npm publish .
Enter fullscreen mode Exit fullscreen mode

When I checked Meyda's page on npm, I was rather surprised to see that 5.1.7-beta.0 had been published as the latest tagged version of Meyda. I had incorrectly been assuming that the magic incantation required to publish a beta package was the -beta.* suffix in the package version. In fact, the way to publish a beta version of an npm package is

npm publish . --tag beta
Enter fullscreen mode Exit fullscreen mode

At this point, I became worried. Had I published a beta build of a package that might inadvertently contained breaking changes to all my users? While yes, technically I had done that (for the second time that week, but that's another story), I needn't have worried. Some research revealed that while packages once published to the registry in most cases cannot be removed or modified, tags can. The npm dist-tag command saved the day! I'll leave you to read the npm dist-tag --help, and instead show what I did to resolve my situation. The previous "good" latest version of my package was 5.1.7.

# Tag the previous version as latest
npm dist-tag add meyda@5.1.7 latest

# Tag the beta as a beta
npm dist-tag add meyda@5.1.8-beta.0 beta
Enter fullscreen mode Exit fullscreen mode

Once the tags were properly set, none of our users were at risk of getting broken code they hadn't opted in for, and the user who agreed to test our beta release was able to install it with npm install meyda@beta.

No need to worry if you find yourself in this situation. Like most things, it's completely recoverable, and everything will be ok. We all lived happily ever after!

Top comments (0)