sherif icon indicating copy to clipboard operation
sherif copied to clipboard

Published 20 hours ago verified publisher icon QuiiBz

`program not found` for corepack on Windows

Open rakuzen25 opened this issue 10 months ago • 3 comments

Thanks for this handy package! I have a monorepo set up with pnpm (side note: perhaps in addition to testing lock files to resolve the package manager, the program can prioritise the packageManager field in package.json if it's defined?), but it's installed via corepack and not globally. Hence, when I run sherif --fix, it's giving me an error.

 Note: running install command using pnpm...


 ⨯ error Failed to install packages
   program not found

Is there any way to honour the corepack version in rust?

rakuzen25 avatar Jan 03 '25 15:01 rakuzen25

Interesting bug, I'm not very familiar with Corepack nor how it works so will have to dig more into this. Do you know how Corepack exposes package manager commands without having them registered in PATH?

QuiiBz avatar Jan 04 '25 12:01 QuiiBz

Apologies for the delay - I just got around to looking at it today and dug into some source code for corepack. I realised the culprit was not because of PATH, but because of how Rust handles commands on Windows.

From the documentation on Command:

Note on Windows: For executable files with the .exe extension, it can be omitted when specifying the program for this Command. However, if the file has a different extension, a filename including the extension needs to be provided, otherwise the file won’t be found.

This is potentially due to a CVE released earlier last year on undocumented behaviour of the underlying spawner.

On the other hand, corepack uses @zkochan/cmd-shim under the hood to create scripts in the PATH (.cmd, .ps1 and a Cygwin bash version) that essentially executes node <corepack_dir>\node_modules\corepack\dist\pnpm.js. None of these are, of course, an exe binary.

I am not the Rust expert here, but I've seen some people mention Command::new("cmd.exe").args(["/c", "script.bat"]) (see rust-lang/rust#123728 and rust-lang/rust#94743). Perhaps we can consider something like that?

rakuzen25 avatar Jan 15 '25 18:01 rakuzen25

Thanks for the dig deep here. I do not have access to a Windows machine so this might hard to fix and test for me. I'll try to setup a VM on my mac and see if I can reproduce the issue first.

QuiiBz avatar Jan 25 '25 11:01 QuiiBz