search

nodejs / corepack

Zero-runtime-dependency package acting as bridge between Node projects and their package managers
MIT License
2.57k stars 169 forks source link

[feature request] support fetch COREPACK_NPM_REGISTRY from http protocol REGISTRY #293

Closed dabuside closed 9 months ago

dabuside commented 1 year ago

I need to download packagemanager from private http npm registry. There's an error when I execute the command COREPACK_NPM_REGISTRY="http://npm.mycompany.com/" corepack prepare pnpm@8.6.12

Error

Preparing pnpm@8.6.12...
Type Error: Protocol "http:" not supported. Expected "https:"
    at new NodeError (node:internal/errors:387:5)
    at new ClientRequest (node:_http_client:186:11)
    at request (node:https:357:10)
    at Object.get (node:https:391:15)
    at C:\Users\admin\AppData\Roaming\nvm\v16.20.1\node_modules\corepack\dist\corepack.js:43946:27
    at new Promise (<anonymous>)
    at fetchUrlStream (C:\Users\admin\AppData\Roaming\nvm\v16.20.1\node_modules\corepack\dist\corepack.js:43945:10)
    at async installVersion (C:\Users\admin\AppData\Roaming\nvm\v16.20.1\node_modules\corepack\dist\corepack.js:44121:18)
    at async Engine.ensurePackageManager (C:\Users\admin\AppData\Roaming\nvm\v16.20.1\node_modules\corepack\dist\corepack.js:44309:31)
    at async PrepareCommand.execute (C:\Users\admin\AppData\Roaming\nvm\v16.20.1\node_modules\corepack\dist\corepack.js:44713:27)

Notice that all packagemanagers(npm, pnpm and yarn) support download package through custom registry with http protocol. Maybe we can support download packagemanagers from custom REGISTRY with http protocol?

https://github.com/nodejs/corepack/blob/b8a4a529319eed50983f9f2c527490d07806b1bc/sources/httpUtils.ts#L9-L27 If possible, I can work with the issue.

Enviroment

lim-kim930 commented 1 year ago

We use a private npm registry in the company, but it uses the http protocol so we can't use corepack to enable pnpm, hope to support http.

lim-kim930 commented 1 year ago

We use a private npm registry in the company, but it uses the http protocol so we can't use corepack to enable pnpm, hope to support http.

Our current approach is to replace the https module introduced by corepack with the http module.

jakebailey commented 9 months ago

I'm also attempting to do this, though with a different setup. I'm trying to sandbox package installs of untrusted code using docker and gVisor. I am cutting off the network while still allowing access to the registry by running a local verdaccio instance on the non-internet network that is attached to my sandbox container. verdaccio is running as an http service; while I can configure yarn, npm, etc to use that instance just fine, I can't install the package managers themselves when corepack is in use because corepack rejects the http protocol (even though that's all I have).