Removing a published RubyGem
Published a gem before it was ready to released? Published a gem with the wrong name? Look here for help.
You can now use the
gem yank command to remove
versions from RubyGems.org's index. In order to get this you'll
need RubyGems 1.3.6+ and gemcutter 0.5.0+. Use the following
commands if you're out of date:
gem update --system gem install gemcutter
gem yank will remove your gem from being
gem install and the other gem commands.
This also removes the gem file, as of April 20, 2015.
Note: Our webhook and mirror system means that several hundred services get pinged when new gems are pushed, so it's prudent to immediately reset any passwords/sensitive data you accidentally pushed even if you yank a gem right away.
This causes several problems to start happening:
- Mirrors that comb the site (with
gem mirror) would be out of sync.
- Clients can't verify the contents of gems (via MD5 or something similar) so they could download different versions, expecting the same code.
- You're not going to run out of gem versions, just push a new one.
Once you've yanked all versions of a gem, anyone can push onto that same gem namespace and effectively take it over. This way, we kind of automate the process of taking over old gem namespaces.
Once you've yanked all versions of a gem the namespace is free for others to use. If you accidentally pushed the wrong name once yank it and it'll be free for others to use.