node icon indicating copy to clipboard operation
node copied to clipboard

Published 20 hours ago verified publisher icon nodejs

Proposal: Alternative to enabling Corepack by default

Open GeoffreyBooth opened this issue 11 months ago • 31 comments

This is a sketch of a proposal, so please don’t pepper me with questions about how it would work; I don’t know. It’s an early idea that I want to suggest to see if there’s interest.

So today, when you run corepack enable, a file named yarn is written to a path like /usr/local/bin/yarn. This is a #!/usr/bin/env node script that tells Corepack to run Yarn. Presumably https://github.com/nodejs/node/pull/51886 will cause this file to exist upon Node installation, without the need to run corepack enable to create it. All well and good.

What if instead, we create a new #!/usr/bin/env node script that lives at the same path /usr/local/bin/yarn. This file would exist upon Node installation, and in this Node installation there’s no bundled Corepack (bear with me). When run, this new yarn script would do the following:

  1. Prompt the user “Do you want to download and install Yarn?” and if yes:
  2. npm install --global corepack
  3. corepack enable yarn
  4. Runs Yarn with the arguments originally passed to the script

From the user’s perspective, this is the same DX as if https://github.com/nodejs/node/pull/51886 lands; though it takes slightly longer, because instead of downloading and installing just Yarn it’s downloading and installing both Corepack and Yarn.

Besides shrinking the Node bundle size slightly, the benefit of doing this is to get the Node project off the hook for the maintenance burden and security burden of Corepack. We would be responsible for this handful-of-lines download-and-install script, but that’s it. Corepack could be gifted to the Yarn org and they could become responsible for it.

This also becomes a pattern that we could use for any other CLI tools we may want to provide easy access to, but not bundle, in the future—even npm (downloaded and installed directly, not via Corepack). I don’t know what we might consider for such treatment other than Yarn and pnpm, but the capability would be there.

@nodejs/tsc @nodejs/corepack @nodejs/npm @nodejs/package-maintenance

GeoffreyBooth avatar Feb 29 '24 23:02 GeoffreyBooth