- 
          
- 
                Notifications
    You must be signed in to change notification settings 
- Fork 228
          feat: add support for .corepack.env
          #642
        
          New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
| I'm not sure about this feature. Adding a config file sounds like increased complexity for very little benefit. Do you have examples of when you might use this? | 
| 
 The tests in this PR as well as in #634 are good examples I think | 
| And #628 of course | 
        
          
                README.md
              
                Outdated
          
        
      | Only keys that starts with `COREPACK_` will be taken into account, not all | ||
| keys that start with `COREPACK_` will be taken into account ( | ||
| `COREPACK_ENABLE_DOWNLOAD_PROMPT` and `COREPACK_ENV_FILE` are ignored). | 
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This would be worth a test, especially for COREPACK_ENABLE_DOWNLOAD_PROMPT (assuming you omitted it for security reasons?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good call (yes, btw I’m happy to add more which we think could be security sensitive)
Co-authored-by: Mike McCready <[email protected]>
This would allow project author to customize the behavior of Corepack – with the recent incident related to npm registry key rotation, it show how it would be useful to override the built-in values. It could also be used to disable auto pinning at a project level.
It's also a first step towards allowing specifying ranges in the
package.json(see #634), which has been requested for a long long time (#95).Fixes: #628