Visit my.sonatype.com for documentation on Nexus Repository version 2.
The official npm tool maintainers' viewpoint is that deleting npm packages from a registry is not a recommended operation. The npm deprecate command is preferred, however, only Nexus Repository 3 supports the deprecate command.
We realize there may be an occasional need to delete an npm package in Nexus Repository 2 and this article outlines a workaround for the missing deprecate support in that version.
Removing A Specific npm Package Version
Instructions for deleting a specific npm package version in Nexus Repository 2 starting at version 2.11.3. Earlier versions are not supported.
- Make a backup of the files in package storage. When deleting, it will be moved to the<npm-hosted-repo-id>/.nexus/trash directory, but always worth having an extra backup.
sonatype-work/nexus/storage/<npm-hosted-repo-id>/<package-name>
- Delete the npm package (this will delete all versions of that package) using the following call:
curl -X DELETE -u xxx:yyy http://nexus:8081/nexus/content/repositories/<npm-hosted-repo-id>/<package-name>
- Copy/Move back the package from the trash.
cp -r sonatype-work/nexus/storage/<npm-hosted-repo-id>/.nexus/trash/<package-name> sonatype-work/nexus/storage/<npm-hosted-repo-id>/
- Remove the version you do not want to keep.
rm sonatype-work/nexus/storage/<npm-hosted-repo-id>/<npm-hosted-repo-id>/-/<npm-hosted-repo-id>-<version>.tgz
- Rebuild the npm database for repository <npm-hosted-repo-id> with the scheduled task named "Rebuild hosted npm Metadata".
- The following URL should now have correct metadata without the version that was deleted.
http://nexus:8081/nexus/content/repositories/<npm-hosted-repo-id>/<package-name>
Removing All Versions of an npm Package
From Nexus Repository 2.11.3 onwards, you can remove all versions of a specific npm package with a single command.
To delete an npm package, use an HTTP delete command. An example using curl:
curl -u admin -X DELETE http://localhost:8081/nexus/content/repositories/npm-hosted-repo-id/packagename
This delete command moves all packages (tgz) files into the storage/npm-hosted-repo-id/.nexus/trash/packagename directory. It also updates the repository metadata of groups and the hosted repo to no longer reference anything about this package.