Dan Rose
Dan Rose
> An alternative would be to standardise the registries so that even yarn is loaded from NPM via the `@yarnpkg/cli-dist` package. This would make the `COREPACK_NPM_REGISTRY` work for yarn too....
>Why shouldn't Corepack append hash to the version? I can see you link to the original PR introducing the functionality, you have probably read that it was security concerns that...
The hash *could* be stored in `package.json` in a different field. I'm thinking "peerDependenciesMeta" is appropriate. e.g.: ```json "peerDependenciesMeta": { "pnpm": { "resolved": "https://registry.npmjs.org/pnpm/-/pnpm-8.9.0.tgz", "integrity": "sha512-74hZk44fBTe5/PAwkEQxE5Lzs4s0QXbmzU/e4hsiVSSwrCobCK4q4t3Vs/9LjKSW1neOlQ8+fJ9VW4EyWYJEHA==" } } ``` An...
Peer dependencies are packages which a package *expects* to be present on the host system but necessarily installed by the package manager. That describes build tools and package managers to...
Yes, npm ignores part of the package version. That's probably a mistake in retrospect. I'm glad they support prerelease identifiers even though those linked pages don't mention it! Using it...
> I don’t see how we “rely on npm decision” here, you rely on the semver spec (which arguably is a limitation, but one that makes sense IMO). Quoting the...
I can try a PR. I'm very confused about what corepack's "pattern" even means and how it should or shouldn't align with the related concept of a ["package spec"](https://docs.npmjs.com/cli/v8/using-npm/package-spec): ```...
> This allows omitting the version from the `package.json` `packageManager` field as well which it shouldn't do. Hmm... I thought that was enforced in `resolveDescriptor`, which has the `allowTags` option....
> And for `corepack install -g` (and this command only), `yarn` should alias to `yarn@^1`, not `yarn@*`. @arcanis I left that out of scope on purpose. I can't figure out...
> Because you're looking at the npm package, and [Yarn hasn't been distributed on npm for the past couple of years](https://yarnpkg.com/getting-started/qa#why-is-the-yarn-package-on-npm-still-on-1x). So yeah, the version you're seeing there is outdated....