corepack icon indicating copy to clipboard operation
corepack copied to clipboard

Published 20 hours ago verified publisher icon nodejs

Non-version package specifiers don't work

Open rotu opened this issue 2 years ago • 7 comments

Corepack rejects valid package specifiers which are not versions.

For instance the following are valid specifiers which are more specific than semver but which nevertheless are rejected by corepack:

  • npm@github:npm/cli#c12ea07
  • yarn@https://registry.npmjs.org/yarn/-/yarn-2.4.3.tgz

output:

corepack use yarn@https://registry.npmjs.org/yarn/-/yarn-2.4.3.tgz
Usage Error: Tag not found (https://registry.npmjs.org/yarn/-/yarn-2.4.3.tgz)

$ corepack use <pattern>

corepack install --global yarn@https://registry.npmjs.org/yarn/-/yarn-2.4.3.tgz
Internal Error: ENOENT: no such file or directory, stat '/Users/dan/Source/corepack/yarn@https:/registry.npmjs.org/yarn/-/yarn-2.4.3.tgz'
Error: ENOENT: no such file or directory, stat '/Users/dan/Source/corepack/yarn@https:/registry.npmjs.org/yarn/-/yarn-2.4.3.tgz'

rotu avatar Oct 08 '23 22:10 rotu

Originally reported in https://github.com/nodejs/corepack/pull/312#issuecomment-1752169602

rotu avatar Oct 08 '23 22:10 rotu

I think this is the documented behavior: https://github.com/nodejs/corepack/blob/fe3e5cd86c45db0d87c7fdea87d57d59b0bdcb78/README.md#L80-L82

Should we close as Won't fix?

aduh95 avatar Oct 13 '23 10:10 aduh95

I don't think we should support git repositories (they are very complex to clone / install / pack), but it'd imo be reasonable to allow arbitrary urls (either .tgz or .js). Can be useful for internal mirrors.

arcanis avatar Oct 13 '23 10:10 arcanis

but it'd imo be reasonable to allow arbitrary urls

As build metadata or in general?

I don't think we should allow using anything but name@semver as it would break and/or make it difficult for third party tools to check the field to see which version is in use.

merceyz avatar Oct 13 '23 10:10 merceyz

They could still easily call --version to know this information though.

arcanis avatar Oct 13 '23 11:10 arcanis

I suppose this is a differing issue, but the man pages of corepack (node v21+) state one can also use

corepack install yarn@*

https://nodejs.org/api/corepack.html

To install the latest pnpm. That doesn't work for me. Neither does using * work inside my package.json. i.e.,

"packageManager": "pnpm@*"

I also tried latest or leaving out the version altogether and it wasn't accepted.

Edit: tried corepack install pnpm@latest – this worked & input what works for the package.json, hope that will take care of future updates, but I imagine that'll still require the manual update (just via corepack use pnpm@latest, which also works). For ref. "packageManager": "[email protected]+sha256.487609e857f1c11780cc98dd0bfe4c8a8b11c7f23bc3a4493ac7d263d6fb6c8c"

BuildBackBuehler avatar Nov 05 '23 22:11 BuildBackBuehler

I think there are two issues:

  • yarn@* is probably being expanded by your shell and the version of the command without the global tag doesn't take a specifier. Try corepack use ‘yarn@*’ or corepack install -g ‘yarn@*’ instead.
  • the package.json packageManager field does not take a package specifier - it only takes a resolved version.

rotu avatar Nov 05 '23 22:11 rotu