Feature request: Volta should ask when downloading a new version of node

[jwalton]

If I clone a third party repo, and cd into the folder, and then run npm install, if there's a volta pin in the third party repo, Volta wil just start downloading a new version of node and installing it without first asking if that's OK.

It would be very nice (even if it was not the default and needed an option in a config file somewhere) if I could get Volta to ask if I want to install the version of node if this is a TTY, or just fail with a non-0 exit code if this is not a TTY. Quite aside from the creepy idea of randomly downloading old versions of node with who-knows-what security vulnerabilities and installing them on my machine, the current behavior would be brutal if you were on a metered connection.

[charlespierce]

Hi @jwalton, thanks for the suggestion, those are definitely valid concerns! We don't currently have any sort of configuration file format, so that will likely take some up-front design work. We've also been somewhat wary of configuration / interactivity, since those can tend to muddle the user experience. However, I think this would be a good use for a minimal configuration once we get it designed.

I really like your suggestion of having it depend on TTY, so that it works when running directly and also has a graceful failure state for script situations 👍🏻