This help site has been deprecated. Please send your requests to support@rubygems.org
Removing an accidentally pushed gem
Here are the steps you should follow when you have accidentally pushed a gem with passwords or other private content.
-
Yank the gem using
gem yank
which will prevent installs usinggem install
. The gem will NOT be downloadable using the download link on rubygems.org. -
If the gem contained passwords, or private keys immediately change them. Due to webhooks on rubygems.org your gem has already been downloaded by third parties.
-
Add the
allowed_push_host
metadata to your gemspec so future gems cannot be pushed to rubygems.org by mistake.