corepack
corepack copied to clipboard
nodejs
Support for semver ranges?
I'd like to write a package.json like:
{
"packageJson": "pnpm@6"
}
Or maybe pnpm@^6.32.2, etc.
As it stands, adding a package manager to package.json requires a full specified version. This adds more maintenance overhead.
I think this is related to #93.
Agreed. pnpm v7 was released just yesterday and I'd hoped to use corepack moving forward instead of manually installing it for all of our workflows. This is probably done so along the lines of "pin your dependencies," but doesn't meet all needs.
Would this need to perform a network request every time you do pnpm run <script> to check for the latest pnpm, since you can't rely the cached copy anymore?
Would this need to perform a network request every time you do
pnpm run <script>to check for the latest pnpm, since you can't rely the cached copy anymore?
Good question. I think some sort of "check every X time window" would be acceptable. Similar to https://github.com/ohmyzsh/ohmyzsh/blob/d41ca84af1271e8bfbe26f581cebe3b86521d0db/oh-my-zsh.sh#L59-L62
It looks like this was originally possible, and was removed in https://github.com/nodejs/corepack/pull/18.
This seems kind of odd to restrict matching on exact version when one can provide any dist-tag instead (which can be moved around at will).
Reverting the restriction would help my use case: use corepack to test or try something on a package manager where only the major version matters. I have sinking feeling my use case is out of scope...
@boneskull The restriction only applies to the package.json ad hoc field, you can still do e.g. corepack [email protected] install, does that cover your use case?
that wasn't working as of a couple hours ago. corepack npm@7 unknown version or smth to that effect
wrapping corepack to support this, I've pulled down the result of npm show --json <npm|yarn|pnpm> versions, then use semver to try match a range.
@boneskull are you using an old version of Corepack maybe? For me, running COREPACK_ENABLE_PROJECT_SPEC=0 corepack npm@7 --version works and returns 7.20.1.
@aduh95 I wonder if the env var was the problem. Seems to work now, thanks.
Totally agree.
The exact version of the package manager prevents me from working on different projects. I don't think most projects need an exact package manager. corepack should introduce the semver strategy likes dependencies management do.
I always want to use the latest version of my package manager. The exception usually is on a new major release, when I first have to run a few validations.
With the current restrictions to only exact versions, I have to make a change every time I want to update the version of the package manger. Worst case, this needs to be done through a PR and I need to bother a co-worker with a review.
@mrgrain Couldn't you use a dist tag? e.g.,
npm@latest
I don't think dist tags are supported either? If they are, that would certainly be better than nothing.
However the problem with dist tags is
a) it's usually latest which will cause users to receive untested major version upgrades.
b) since a dist tag points to a specific version, we still impose an upgrade to the user.
Hi! I'm curious whether a decision has been reached to add the functionality back for supporting semver ranges?
I'm still not convinced this is a good idea:
- It prevents using hashes to ensure the version is the expected one
- It gives users a false sense of confidence that their project will always be installable (bugfixes may be breaking changes)
You can already use corepack up whenever you want to upgrade the package manager, I don't think an implicit upgrade should be encouraged as a good practice.
What i would like the default behavior to be given version of Node.js 22, is that corepack is enabled by default and pnpm i always installs the same major. I might have misunderstood this issue, but it would look like this is needed for that.
I'm still not convinced this is a good idea:
- It prevents using hashes to ensure the version is the expected one
- It gives users a false sense of confidence that their project will always be installable (bugfixes may be breaking changes) You can already use
corepack upwhenever you want to upgrade the package manager, I don't think an implicit upgrade should be encouraged as a good practice.
These are vary valid concerns and I understand that we should encourage explicit versions as the best practice. However I believe that many projects do not currently see this as a major concern, otherwise we would see a lot of very specific engines declaration.
The other use case is really around validation. If corepack already has a version of pnpm installed that satisfies the constraint pnpm@6, why should it install a slightly different version? This is just a waste of resources. Like you've said, users can run corepack up to upgrade. Of course explicit versions are still supported if you as owner prefer this. Ultimately this is about choice.