expose/isolate allowed package manager descriptors

[boneskull]

It'd be super useful to be able to query whether or not a package manager string (e.g., [email protected]+sha224.953c8233f7a92884eee2de69a1b92d1f2ec1655e66d08071ba9a02fa or npm@latest) is valid without needing to invoke corepack. Or even the ability to grab a big list.

I haven't looked too closely at the source here, but it appears config.json determines how the package managers are found and downloaded, and Engine does that work. There's a CI job which updates config.json, too.

My use case is that I'm wrapping corepack and want to provide some input validation before I invoke it. Ideally, corepack could export some function I could call (resolveDescriptior()?)--instead of dropping into a child process. But that seems to be counter to the project goals, as it exports nothing.

What if some portion of the fetching/lookup were extracted into its own library, instead? Happy to look into this if you feel it's something you'd consider.

[boneskull]

FWIW I wouldn't be opposed to extracting nearly all of corepack into a library. 😄

[arcanis]

Seems interesting to me; main work to turn it into a library would probably be to document everything that's exposed.

[aduh95]

I agree that it would be useful to have Corepack as a library, if someone sends a PR, it would likely be accepted 👍