No tag other than latest has any special significance to npm itself. Tags can be republished and that's why integrity checks should be in place. Supply chain attacks are happening in open source communities, sadly.
> The publish will fail if the package name and version combination already exists in the specified registry.
> Once a package is published with a given name and version, that specific name and version combination can never be used again, even if it is removed with npm unpublish.
whilenot-dev|6 months ago
beart|6 months ago
https://docs.npmjs.com/cli/v11/commands/npm-publish
> The publish will fail if the package name and version combination already exists in the specified registry.
> Once a package is published with a given name and version, that specific name and version combination can never be used again, even if it is removed with npm unpublish.