1000 versions limit vs no deletions

Hi!

I just received an email from GitHub, that “The GitHub Packages service will be limiting the number of versions published to an npm package to 1,000 versions per package.”. At the same time, it is no longer possible to remove versions of npm packages, so I can’t clean up old versions that no one uses anymore.

This will yield 4 packages as maintain “locked”, that is, I won’t be able to publish any updates of those anymore. Not to mention feature development, but some security vulnerabilities might be discovered that I won’t even be able to patch.

Could you advise on how to proceed in this situation?

Hi @merlinnot,

Sorry about the delay in getting back to you!

At the same time, it is no longer possible to remove versions of npm packages, so I can’t clean up old versions that no one uses anymore.

You should now be able to delete package versions that are associated with public repositories. The only exception is if the version has over 5000 downloads.

This will yield 4 packages as maintain “locked”, that is, I won’t be able to publish any updates of those anymore.

I believe if a package already has over 1000 versions, you will still be able to publish new versions. The limit is there to stop new packages from going over the 1000 version limit. It is however recommended that you prune your packages to get them below 1000 versions.

Please let me know if you have any questions.