Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Stop developing corepack (from a happy user) #545

Closed
trivikr opened this issue Aug 7, 2024 · 6 comments
Closed

Stop developing corepack (from a happy user) #545

trivikr opened this issue Aug 7, 2024 · 6 comments

Comments

@trivikr
Copy link
Member

trivikr commented Aug 7, 2024

Is your feature request related to a problem? Please describe.

I'm a very happy corepack+yarn user. I use it in all the yarn modern projects I'm primary author of, like https://github.com/aws/aws-sdk-js-codemod, and have got consensus to use corepack in open source packages I maintain with other folks, like https://github.com/facebook/jscodeshift. I also closely monitor/participate in requests to enable corepack in other projects, like GitHub action to setup node in actions/setup-node#531

There has been asks to make corepack stable since May 2022 #104
The PR to enable yarn/pnpm corepack binaries by default in nodejs/node#51886, has moved from most approvals to most declines. There's an open PR to remove corepack too at nodejs/node#51981

Alternative package managers which corepack helps choose version of have shown signs that they're taking different directions

These signs indicate that it may not be worth developing corepack, irrespective of whether it's shipped in Node.js or through npm.

Describe the solution you'd like

Stop any further development of corepack. It was primarily developed by maintainers of yarn, and they can introduce a configuration to manage yarn versions as suggested in yarnpkg/berry#6443 (comment)

Describe alternatives you've considered

Additional context

Reference yarnpkg/berry#6443 (comment)

@arcanis
Copy link
Contributor

arcanis commented Aug 7, 2024

npm wants to remove itself from being managed by corepack #418

This PR was opened by a former member of the npm team, and a founder of a separate for-profit startup currently building a package manager. That doesn't signal anything from the npm folks, who refused to involve themselves in the discussion.

pnpm introduced a configuration to manage itself in https://github.com/pnpm/pnpm/releases/tag/v9.7.0

The mitigation plans we have for Yarn (and I suspect those pnpm built) are motivated mostly by the lack of clarity we have regarding the status of Corepack. The discussion has in my opinion been corrupted, and in the absence of moderation by the TSC it makes sense we would move to protect our users, even if the outcome we hope for is different.

In that way, that we're building safeguards should more be seen as a statement against the Node.js governance that brought us here than the value of the Corepack project itself - it should still be merged, there's still value in it that we won't be able to achieve with Yarn and pnpm alone. But if Node.js drops the ball, at least we won't be the ones to hold the bag.

@trivikr
Copy link
Member Author

trivikr commented Aug 7, 2024

This PR was opened by a former member of the npm team, and a founder of a separate for-profit startup currently building a package manager. That doesn't signal anything from the npm folks, which refused to involve themselves in the discussion.

Thanks for the clarification. I updated my comment to be accurate as follows

npm removal from corepack has multiple approvals, including from Node.js TSC members

@aduh95
Copy link
Contributor

aduh95 commented Aug 7, 2024

I agree that if Corepack is not going to be enabled by default with Node.js distribution, it only makes sense to put it in maintenance mode. If someone would want to fork the project and inherit the npm package, that would certainly be fine with me, but we would still need to keep this repo in maintenance mode for a while before we can actually remove Corepack from Node.js distribution.
Before this happens, there are discussions in the package maintenance group for providing alternatives to Corepack – and some solution for Node.js version management which is not (and probably cannot be) cover by Corepack. Moving Corepack to maintenance mode without alternatives achieves nothing but hurts its users, so IMO out best course of action for now is to keep the package-maintenance discussion going and build the alternatives.

@trivikr
Copy link
Member Author

trivikr commented Aug 8, 2024

Socket Security wrote a blog post summarizing decision from Node.js PMWG (Package Maintenance Working Group)

https://socket.dev/blog/node-js-takes-steps-towards-removing-corepack

@aduh95
Copy link
Contributor

aduh95 commented Aug 8, 2024

Well, it's summarizing the discussion, it's not very correct to call that a decision at this point. The thing is, it's clear that a plan to phase out Corepack is way more likely to get consensus than any other plan, so IMO that's where we're heading. You opening this issue only confirms this opinion.
But anyways, it's too soon to move Corepack to maintenance mode now, we (Corepack users, and the broader ecosystem) can still benefit from new features (e.g. if Yarn starts providing signatures for its releases, it would be beneficial to include them in Corepack – and Corepack pushing Yarn into signing releases would be beneficial for the ecosystem whether Corepack keeps being a thing long term or not).

@trivikr
Copy link
Member Author

trivikr commented Aug 8, 2024

it's too soon to move Corepack to maintenance mode now, we (Corepack users, and the broader ecosystem) can still benefit from new features

That's good to know, and thank you for sharing the status. This issue can be closed.

The maintainers can either open a new issue, or use other communication mediums like README, npm deprecation and/or Node.js warning when (and if) corepack is moved to maintenance mode in future.

@trivikr trivikr closed this as not planned Won't fix, can't repro, duplicate, stale Aug 10, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants