feat!: prompt user before downloading software #360
Conversation
|
The problem with logging anything by default is that we'll break anything that depends on the CLI output of various commands. |
|
Isn’t this already handled with “DEBUG=corepack” env var? |
|
The issue this PR is trying to address is how can we make sure that if Node.js ships e.g. a
The issue of that is it's opt-in, when I think what we would need would be an opt-out. |
|
Maybe print to stderr instead of stdout? |
|
@aduh95 I'm not sure a console log is enough in this case. I think the example where npx stops and asks if it's ok to download/install something is a good example of what might be. |
aduh95
changed the title
|
Note that this change breaks our own tests because Corepack now prints stuff to stderr that the tests aren't expecting. Like I wrote in #360 (comment); this change is problematic. |
Concur. This change broke an automated Dev Container project setup script that calls |
| @@ -32,6 +33,7 @@ async function main() { | |||
| const entryPath = path.join(distDir, `${binaryName}.js`); | |||
| const entryScript = [ | |||
| `#!/usr/bin/env node`, | |||
| `process.env.COREPACK_ENABLE_DOWNLOAD_PROMPT??='1'`, | |||
There was a problem hiding this comment.
"??=" may be used only for node 15.14+, but corepack added in 14.19.0+ (https://nodejs.org/docs/latest-v14.x/api/corepack.html)
If i use node 14.19.3, я get error for command "corepack enable" from last release
There was a problem hiding this comment.
Corepack requires node.js 18
Line 13 in a3e3e97
If this change slipped into Node.js 14 its probably too late now since it won't receive updates. Its been about a year since the last update (went EOL on 2023-04-30). Although I doubt it since this PR merged after that, on 2024-01-30.
https://github.com/nodejs/Release/blob/main/README.md#:~:text=14.x,2023%2D04%2D30
Starting with corepack 0.25.0 [1], corepack now defaults to asking users if they're okay if its yarn shim downloads a particular version from the registry: ! Corepack is about to download https://repo.yarnpkg.com/.../yarn.js ? Do you want to continue? [Y/n] ^This will break tests once we either explicitly move our corepack == 0.20.0 to corepack >= 0.25.0 implicitly by adopting a newer NodeJS releases in the multi-stage Docker build conversion future patches will bring. Either way, let's prepare for it by setting the new env variable corepack introduced for this COREPACK_ENABLE_DOWNLOAD_PROMPT [2]. [1] https://github.com/nodejs/corepack/releases/tag/v0.25.0 [2] nodejs/corepack#360 (comment) Signed-off-by: Erik Skultety <eskultet@redhat.com>
Starting with corepack 0.25.0 [1], corepack now defaults to asking users if they're okay if its yarn shim downloads a particular version from the registry: ! Corepack is about to download https://repo.yarnpkg.com/.../yarn.js ? Do you want to continue? [Y/n] ^This will break tests once we either explicitly move our corepack == 0.20.0 to corepack >= 0.25.0 implicitly by adopting a newer NodeJS releases in the multi-stage Docker build conversion future patches will bring. Either way, let's prepare for it by setting the new env variable corepack introduced for this COREPACK_ENABLE_DOWNLOAD_PROMPT [2]. [1] https://github.com/nodejs/corepack/releases/tag/v0.25.0 [2] nodejs/corepack#360 (comment) Signed-off-by: Erik Skultety <eskultet@redhat.com>
Starting with corepack 0.25.0 [1], corepack now defaults to asking users if they're okay if its yarn shim downloads a particular version from the registry: ! Corepack is about to download https://repo.yarnpkg.com/.../yarn.js ? Do you want to continue? [Y/n] ^This will break tests once we either explicitly move our corepack == 0.20.0 to corepack >= 0.25.0 implicitly by adopting a newer NodeJS releases in the multi-stage Docker build conversion future patches will bring. Either way, let's prepare for it by setting the new env variable corepack introduced for this COREPACK_ENABLE_DOWNLOAD_PROMPT [2]. [1] https://github.com/nodejs/corepack/releases/tag/v0.25.0 [2] nodejs/corepack#360 (comment) Signed-off-by: Erik Skultety <eskultet@redhat.com>
Adds a prompt to let user validate each download . No prompt is shown when the software is already in the cache. The prompt can be opt-in/opt-out using an env variable, by default it's only shown when "not using the
corepackbinary" (i.e. when using the binaries created bycorepack enable)