tests are published, they just are currently used by anyone but the owner
> 2. You can update the test script with the release too: "test": "echo pass"
which is why my suggestion was for npm to run the previous tests as well as the new tests. Given that people will more likely choose tested packages vs untested a package that just had "echo pass" wouldn't get much traction. And, given my suggestion is that npm run the previous tests, you couldn't just change the tests to "echo pass". Your only opportunity to do that is a major version but major versions are not upgraded automatically in any form so people would be more likely to catch and flag.
I see what you're suggesting. That' clever! Not sure how scalable it is. I'm sure if you ask npm folks they will give you some wild examples of packages doing crazy stuff!
2. You can update the test script with the release too: "test": "echo pass"