Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add support for .corepack.env #642

Open
wants to merge 9 commits into
base: main
Choose a base branch
from
Open

feat: add support for .corepack.env #642

wants to merge 9 commits into from
+304 −28

Conversation

aduh95
Copy link
Contributor

@aduh95 aduh95 commented Feb 8, 2025
edited
Loading

This would allow project author to customize the behavior of Corepack – with the recent incident related to npm registry key rotation, it show how it would be useful to override the built-in values. It could also be used to disable auto pinning at a project level.

It's also a first step towards allowing specifying ranges in the package.json (see #634), which has been requested for a long long time (#95).

Fixes: #628

@styfle
Copy link
Member

styfle commented Feb 9, 2025

I'm not sure about this feature.

Adding a config file sounds like increased complexity for very little benefit.

Do you have examples of when you might use this?

@aduh95
Copy link
Contributor Author

aduh95 commented Feb 9, 2025

Do you have examples of when you might use this?

The tests in this PR as well as in #634 are good examples I think

@aduh95
Copy link
Contributor Author

aduh95 commented Feb 10, 2025

And #628 of course

arcanis
arcanis reviewed Feb 14, 2025
View reviewed changes
README.md Outdated
Comment on lines 298 to 300
Only keys that starts with `COREPACK_` will be taken into account, not all
keys that start with `COREPACK_` will be taken into account (
`COREPACK_ENABLE_DOWNLOAD_PROMPT` and `COREPACK_ENV_FILE` are ignored).
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This would be worth a test, especially for COREPACK_ENABLE_DOWNLOAD_PROMPT (assuming you omitted it for security reasons?)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call (yes, btw I’m happy to add more which we think could be security sensitive)

@aduh95 aduh95 requested a review from arcanis February 15, 2025 19:08
MikeMcC399
MikeMcC399 reviewed Feb 17, 2025
View reviewed changes
@aduh95 @MikeMcC399
Update README.md
ce92d70 
Co-authored-by: Mike McCready <66998419+MikeMcC399@users.noreply.github.com>
aduh95
aduh95 commented Feb 20, 2025
View reviewed changes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MikeMcC399 MikeMcC399 MikeMcC399 left review comments

@arcanis arcanis arcanis approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

COREPACK_ENABLE_AUTO_PIN should be possible to set on a project level
4 participants
@aduh95 @styfle @arcanis @MikeMcC399