-
Notifications
You must be signed in to change notification settings - Fork 145
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Wishlist on managing package manager versions in a Node.js application #609
Comments
I'm not too happy with the existing title Wishlist on managing package manager versions in a Node.js application, as it's too generic. Do suggest a better one in the comments, if you come across one. |
I think this outcome is the one that should be avoided. Why? Bad defaults. Most people statistically never switch away from defaults, and arguing or urging people to do so causes frustration and a bad experience. Bad defaults cause all sorts of problems, from security, privacy, financial, and so on. So the onus is on Node to provide a good experience. And imo Corepack is a good experience. I have not heard of This whole (sorry for the long rant) |
Don't be sorry for the rant, this is good feedback. Feedback which I think nearly everyone agrees on the goals of. I think the breakdown occurred in a very different way than is made out above though. All that work on If we had a group of corepack maintainers willing to engage on addressing the concerns I personally would love to see us all be able to move forward with the better UX provided by corepack. It just cannot be in a way that forces participation in the way it's implementation does today. And it cannot be without requirements for the package managers (like sourcing the binaries from a trusted source, another of the objections). The last attempt I made to bring these groups together resulted in this PR which made some headway and has resulted in some great changes to the downloads page to feature better instructions and featuring the package managers. I have been way to busy to keep up with this stuff lately, but I have hopes that this sign of progress will be enough to get over the historical baggage. If you are interested in being a part of helping to resolve this please join in on the conversations and help us reach a more balanced consensus agreement. The more voices we have helping push this toward that the better. |
Is your feature request related to a problem? Please describe.
There are several discussions about managing package manager version in the past.
At the time of writing, i.e. 2024-07-30, Node.js ships experimental corepack which allows pinning the packageManager field in package.json. It's being used in at least tens of thousands of applications searchable in public code.
There has been asks to make corepack stable since May 2022 nodejs/corepack#104
The PR to enable yarn/pnpm corepack binaries by default in nodejs/node#51886, has moved from most approvals to most declines. There's an open PR to remove corepack too at nodejs/node#51981
The tweets about corepack often go viral, like ones by Matt https://twitter.com/search?q=from%3Amattpocockuk%20corepack&src=typed_query, and then some discussions happen Twitter threads which aren't documented.
Here is some wishlist I would like to share:
packageManager
field to break.devEngines
.Describe the solution you'd like
Based on requirements, and consensus in
devEngines
proposal as of July 2024, here is what a good solution may look like:packageManager
field.devEngines
specification, and provide an easy built-in way for users to use it. This can becorepack
or something else. It doesn't matter as long as it ships with Node.js and is easy to use.Over time, if there's data that one specification is better than other, then add doc/runtime deprecations and provide a migration path to the preferred one.
Describe alternatives you've considered
Additional context
Originally posted as a tweet in https://twitter.com/trivikram/status/1818303053902307479.
A GitHub issue was created as per response from @wesleytodd
The text was updated successfully, but these errors were encountered: