| title | intro | product | redirect_from | versions | shortTitle | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Deleting and restoring a package |
Learn how to delete or restore a package. |
{% data reusables.gated-features.packages %} |
|
|
Delete & restore a package |
{% data reusables.package_registry.packages-ghes-release-stage %}
On {% data variables.product.prodname_dotcom %} if you have the required access, you can delete:
- An entire private package
- An entire public package, if there's not more than 5000 downloads of any version of the package
- A specific version of a private package
- A specific version of a public package, if the package version doesn't have more than 5,000 downloads
Note
- You cannot delete a public package if any version of the package has more than 5,000 downloads. In this scenario, contact us through the {% data variables.contact.contact_support_portal %} for further assistance.
- When deleting public packages, be aware that you may break projects that depend on your package.
On {% data variables.product.prodname_dotcom %}, you can also restore an entire package or package version, if:
- You restore the package within 30 days of its deletion.
- The same package namespace is still available and not used for a new package.
{% data reusables.package_registry.packages-classic-pat-only %}
{% ifversion packages-rest-api %}
You can use the REST API to manage your packages. For more information, see the AUTOTITLE.
{% data reusables.package_registry.delete-with-github-token-using-api-beta %}
With registries that support granular permissions, you can use a GITHUB_TOKEN in a {% data variables.product.prodname_actions %} workflow to delete or restore packages using the REST API. The token must have admin permission to the package. If your workflow publishes a package, the admin role is granted by default to the repository where the workflow is stored. For existing packages not published by a workflow, you need to grant the repository the admin role to be able to use a {% data variables.product.prodname_actions %} workflow to delete or restore packages using the REST API. For more information, see AUTOTITLE.
{% endif %}
{% data reusables.package_registry.about-graphql-support %}
With registries that support granular permissions, you can choose to allow packages to be scoped to a user or an organization, or linked to a repository.
To delete a package that has granular permissions separate from a repository, such as container images stored at {% ifversion ghes %}https://containers.HOSTNAME/NAMESPACE/PACKAGE-NAME{% else %}https://ghcr.io/NAMESPACE/PACKAGE-NAME{% endif %}{% ifversion packages-npm-v2 %} or packages stored at https://npm.pkg.github.com/NAMESPACE/PACKAGE-NAME{% endif %} (where NAMESPACE is the name of the personal account or organization to which the package is scoped), you must have admin access to the package. For more information, see AUTOTITLE.
For packages that inherit their access permissions from repositories, you can delete a package if you have admin permissions to the repository.
Some registries only support repository-scoped packages. For a list of these registries, see AUTOTITLE.
To delete a version of a repository-scoped package, you must have admin permissions to the repository in which the package is published. For more information, see Required permissions.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.package_registry.packages-from-code-tab %}
- Search for and then click the name of the package that you want to manage. {% data reusables.package_registry.package-settings-manage-versions-menu %} {% data reusables.package_registry.package-settings-delete-versions %}
- To confirm deletion, type the package name and click I understand the consequences, delete this version.
{% data reusables.package_registry.about-graphql-support %}{% ifversion packages-rest-api %} For information on using the REST API instead, see the AUTOTITLE.{% endif %}
Use the deletePackageVersion mutation in the GraphQL API. You must use a {% data variables.product.pat_v1 %} with the read:packages, delete:packages, and repo scopes. For more information about {% data variables.product.pat_v1_plural %}, see AUTOTITLE.
The following example demonstrates how to delete a package version, using a packageVersionId of MDIyOlJlZ2lzdHJ5UGFja2FnZVZlcnNpb243MTExNg.
curl -X POST \
-H "Accept: application/vnd.github.package-deletes-preview+json" \
-H "Authorization: bearer TOKEN" \
-d '{"query":"mutation { deletePackageVersion(input:{packageVersionId:\"MDIyOlJlZ2lzdHJ5UGFja2FnZVZlcnNpb243MTExNg==\"}) { success }}"}' \
HOSTNAME/graphqlTo find all of the private packages you have published to {% data variables.product.prodname_registry %}, along with the version IDs for the packages, you can use the packages connection through the repository object. You will need a {% data variables.product.pat_v1 %} with the read:packages and repo scopes. For more information, see the packages connection or the PackageOwner interface.
For more information about the deletePackageVersion mutation, see AUTOTITLE.
You cannot directly delete an entire package using GraphQL, but if you delete every version of a package, the package will no longer show on {% data variables.product.product_name %}.
{% ifversion fpt or ghec %}
To delete a specific version of a user-scoped package on {% data variables.product.prodname_dotcom %}, such as for a Docker image at ghcr.io, use these steps. To delete an entire package, see Deleting an entire user-scoped package on {% data variables.product.prodname_dotcom %}.
To review who can delete a package version, see Required permissions.
{% data reusables.package_registry.package-settings-from-user-level %} {% data reusables.package_registry.package-settings-option %} {% data reusables.package_registry.package-settings-manage-versions-menu %} {% data reusables.package_registry.package-settings-delete-versions %}
- In the confirmation box, type the name of the package to confirm you want to delete the chosen version of it.
- Click I understand the consequences, delete this version.
Deleting a version of an organization-scoped package on {% data variables.product.prodname_dotcom %}
To delete a specific version of an organization-scoped package on {% data variables.product.prodname_dotcom %}, such as for a Docker image at ghcr.io, use these steps.
To delete an entire package, see Deleting an entire organization-scoped package on {% data variables.product.prodname_dotcom %}.
To review who can delete a package version, see Required permissions to delete or restore a package.
{% data reusables.package_registry.package-settings-from-org-level %} {% data reusables.package_registry.package-settings-option %} {% data reusables.package_registry.package-settings-manage-versions-menu %} {% data reusables.package_registry.package-settings-delete-versions %}
- In the confirmation box, type the name of the package to confirm you want to delete the chosen version of it.
- Click I understand the consequences, delete this version. {% endif %}
To delete an entire repository-scoped package, you must have admin permissions to the repository that owns the package. For more information, see Required permissions.
{% data reusables.repositories.navigate-to-repo %} {% data reusables.package_registry.packages-from-code-tab %} {% data reusables.package_registry.package-settings-option %}
- At the bottom of the page, under "Danger Zone", click Delete this package.
- To confirm, review the confirmation message, enter your package name, and click I understand, delete this package.
To review who can delete a package, see Required permissions.
{% data reusables.package_registry.package-settings-from-user-level %} {% data reusables.package_registry.package-settings-option %} {% data reusables.package_registry.package-settings-options-menu %}
- At the bottom of the page, under "Danger zone", click Delete this package.
- In the confirmation box, type the name of the package to confirm you want to delete it.
- Click I understand the consequences, delete this package.
To review who can delete a package, see Required permissions.
{% data reusables.package_registry.package-settings-from-org-level %} {% data reusables.package_registry.package-settings-option %} {% data reusables.package_registry.package-settings-options-menu %}
- At the bottom of the page, under "Danger zone", click Delete this package.
- In the confirmation box, type the name of the package to confirm you want to delete it.
- Click I understand the consequences, delete this package.
You can restore a deleted package or version if:
- You restore the package within 30 days of its deletion.
- The same package namespace and version is still available and not reused for a new package.
For example, if you're the user octocat, and you have a deleted RubyGems package named my-package that was scoped to the repo octocat/my-repo, then you can only restore the package if the package namespace rubygem.pkg.github.com/octocat/my-repo/my-package is still available, and 30 days have not yet passed.
{% ifversion fpt or ghec %} To restore a deleted package, you must also meet one of these permission requirements:
- For repository-scoped packages: You have admin permissions to the repository in which the deleted package is published.{% ifversion fpt or ghec %}
- For user-account scoped packages: The deleted package is scoped to your personal account.
- For organization-scoped packages: You have admin permissions to the deleted package in the organization to which the package is scoped.{% endif %} {% endif %}
{% ifversion ghes %} To delete a package, you must also have admin permissions to the repository in which the package is published. {% endif %}
For more information, see Required permissions.
Once the package is restored, the package will use the same namespace it did before. If the same package namespace is not available, you will not be able to restore your package. In this scenario, to restore the deleted package, you must delete the new package that uses the deleted package's namespace first.
You can restore a deleted package through your organization account settings, as long as the package was in a repository owned by the organization or had granular permissions and was scoped to your organization account.
To review who can restore a package in an organization, see Required permissions.
{% data reusables.organizations.navigate-to-org %} {% data reusables.organizations.org_settings %}
- On the left, click Packages.
- Under "Deleted Packages", next to the package you want to restore, click Restore.
- To confirm, type the name of the package and click I understand the consequences, restore this package.
You can restore a deleted package through your personal account settings, if the package was in one of your repositories or scoped to your personal account. For more information, see Required permissions.
{% data reusables.user-settings.access_settings %}
- In the left sidebar, click Packages.
- Under "Deleted Packages", next to the package you want to restore, click Restore.
- To confirm, type the name of the package and click I understand the consequences, restore this package.
You can restore a package version from your package's landing page. To review who can restore a package, see Required permissions.
- Navigate to your package's landing page. {% data reusables.package_registry.package-settings-option %} {% data reusables.package_registry.package-settings-manage-versions-menu %} {% data reusables.package_registry.package-settings-versions-deleted-dropdown %}
- Next to the deleted package version you want to restore, click Restore.
- To confirm, click I understand the consequences, restore this version.