The yank command removes a previously published crate's version from the server's index. This command does not delete any data, and the crate will still be available for download via the registry's download link.
Note that existing crates locked to a yanked version will still be able to download the yanked version to use it. Cargo will, however, not allow any new crates to be locked to any yanked version.
Yanking is for when there is some serious problem with a published crate, such as a serious security vulnerability, or potential to damage user's data, or yes, because it just straight-up doesn't work. It's a signal that no one should be using that version of the crate for any reason.
Occasions may arise where you publish a version of a crate that actually ends up being broken for one reason or another (syntax error, forgot to include a file, etc.). For situations such as this, Cargo supports a “yank” of a version of a crate.
$ cargo yank --vers 1.0.1 $ cargo yank --vers 1.0.1 --undo
A yank does not delete any code. This feature is not intended for deleting accidentally uploaded secrets, for example. If that happens, you must reset those secrets immediately.
The semantics of a yanked version are that no new dependencies can be created against that version, but all existing dependencies continue to work. One of the major goals of crates.io is to act as a permanent archive of crates that does not change over time, and allowing deletion of a version would go against this goal. Essentially a yank means that all packages with a
Cargo.lockwill not break, while any future
Cargo.lockfiles generated will not list the yanked version.
This topic was automatically closed 90 days after the last reply. We invite you to open a new topic if you have further questions or comments.