-
Notifications
You must be signed in to change notification settings - Fork 174
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stop developing corepack (from a happy user) #545
Comments
This PR was opened by a former member of the npm team, and a founder of a separate for-profit startup currently building a package manager. That doesn't signal anything from the npm folks, who refused to involve themselves in the discussion.
The mitigation plans we have for Yarn (and I suspect those pnpm built) are motivated mostly by the lack of clarity we have regarding the status of Corepack. The discussion has in my opinion been corrupted, and in the absence of moderation by the TSC it makes sense we would move to protect our users, even if the outcome we hope for is different. In that way, that we're building safeguards should more be seen as a statement against the Node.js governance that brought us here than the value of the Corepack project itself - it should still be merged, there's still value in it that we won't be able to achieve with Yarn and pnpm alone. But if Node.js drops the ball, at least we won't be the ones to hold the bag. |
Thanks for the clarification. I updated my comment to be accurate as follows
|
I agree that if Corepack is not going to be enabled by default with Node.js distribution, it only makes sense to put it in maintenance mode. If someone would want to fork the project and inherit the npm package, that would certainly be fine with me, but we would still need to keep this repo in maintenance mode for a while before we can actually remove Corepack from Node.js distribution. |
Socket Security wrote a blog post summarizing decision from Node.js PMWG (Package Maintenance Working Group) https://socket.dev/blog/node-js-takes-steps-towards-removing-corepack |
Well, it's summarizing the discussion, it's not very correct to call that a decision at this point. The thing is, it's clear that a plan to phase out Corepack is way more likely to get consensus than any other plan, so IMO that's where we're heading. You opening this issue only confirms this opinion. |
That's good to know, and thank you for sharing the status. This issue can be closed. The maintainers can either open a new issue, or use other communication mediums like README, npm deprecation and/or Node.js warning when (and if) corepack is moved to maintenance mode in future. |
Is your feature request related to a problem? Please describe.
I'm a very happy corepack+yarn user. I use it in all the yarn modern projects I'm primary author of, like https://github.com/aws/aws-sdk-js-codemod, and have got consensus to use corepack in open source packages I maintain with other folks, like https://github.com/facebook/jscodeshift. I also closely monitor/participate in requests to enable corepack in other projects, like GitHub action to setup node in actions/setup-node#531
There has been asks to make corepack stable since May 2022 #104
The PR to enable yarn/pnpm corepack binaries by default in nodejs/node#51886, has moved from most approvals to most declines. There's an open PR to remove corepack too at nodejs/node#51981
Alternative package managers which corepack helps choose version of have shown signs that they're taking different directions
npm wants to remove itself from being managed by corepack fix: remove npm #418These signs indicate that it may not be worth developing corepack, irrespective of whether it's shipped in Node.js or through npm.
Describe the solution you'd like
Stop any further development of corepack. It was primarily developed by maintainers of yarn, and they can introduce a configuration to manage yarn versions as suggested in yarnpkg/berry#6443 (comment)
Describe alternatives you've considered
devEngines
proposal in corepack feat: add proposal for binary management package-maintenance#594Additional context
Reference yarnpkg/berry#6443 (comment)
The text was updated successfully, but these errors were encountered: