From 8396aed10c5ff3cd9472de61cc640658df77f607 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Wed, 24 Jan 2024 00:28:34 +0100 Subject: [PATCH 1/4] feat: log network activity by default --- sources/httpUtils.ts | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sources/httpUtils.ts b/sources/httpUtils.ts index 94598dfbe..48d89ed46 100644 --- a/sources/httpUtils.ts +++ b/sources/httpUtils.ts @@ -12,6 +12,8 @@ export async function fetchUrlStream(url: string, options: RequestOptions = {}) const proxyAgent = new ProxyAgent(); + console.log(`Corepack: Fetching ${url}...`); + return new Promise((resolve, reject) => { const createRequest = (url: string) => { const request: ClientRequest = https.get(url, {...options, agent: proxyAgent}, response => { From 6566cd4f2a6b93c3b6fb2c51e3fbf2e77d9106a0 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 26 Jan 2024 00:29:12 +0100 Subject: [PATCH 2/4] change to stderr, ask for explicit consent --- README.md | 7 +++++++ mkshims.ts | 2 ++ sources/httpUtils.ts | 22 ++++++++++++++++++---- 3 files changed, 27 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 18bcf88e9..647340709 100644 --- a/README.md +++ b/README.md @@ -223,6 +223,13 @@ same major line. Should you need to upgrade to a new major, use an explicit not to lookup on the remote registry for the latest version of the selected package manager. +- `COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD` can be set to `0` to + prevent Corepack from asking for validation before downloading software from + the network, or on the contrary set to `1` to force Corepack to ask for + explicit consent. By default, Corepack will ask for explicit consent only when + Corepack is used implicitly (i.e. `corepack pnpm …` won't ask for explicit + consent, `pnpm …` would). + - `COREPACK_ENABLE_NETWORK` can be set to `0` to prevent Corepack from accessing the network (in which case you'll be responsible for hydrating the package manager versions that will be required for the projects you'll run, using diff --git a/mkshims.ts b/mkshims.ts index fde6dacac..dec096ddc 100644 --- a/mkshims.ts +++ b/mkshims.ts @@ -21,6 +21,7 @@ async function main() { const corepackPath = path.join(distDir, `corepack.js`); fs.writeFileSync(corepackPath, [ `#!/usr/bin/env node`, + `process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD??='0'`, `require('./lib/corepack.cjs').runMain(process.argv.slice(2));`, ].join(`\n`)); fs.chmodSync(corepackPath, 0o755); @@ -32,6 +33,7 @@ async function main() { const entryPath = path.join(distDir, `${binaryName}.js`); const entryScript = [ `#!/usr/bin/env node`, + `process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD??='1'`, `require('./lib/corepack.cjs').runMain(['${binaryName}', ...process.argv.slice(2)]);`, ].join(`\n`); diff --git a/sources/httpUtils.ts b/sources/httpUtils.ts index 48d89ed46..a2935c762 100644 --- a/sources/httpUtils.ts +++ b/sources/httpUtils.ts @@ -1,6 +1,8 @@ -import {UsageError} from 'clipanion'; -import {RequestOptions} from 'https'; -import {IncomingMessage, ClientRequest} from 'http'; +import {UsageError} from 'clipanion'; +import {once} from 'events'; +import type {RequestOptions} from 'https'; +import type {IncomingMessage, ClientRequest} from 'http'; +import {stderr, stdin} from 'process'; export async function fetchUrlStream(url: string, options: RequestOptions = {}) { if (process.env.COREPACK_ENABLE_NETWORK === `0`) @@ -12,7 +14,19 @@ export async function fetchUrlStream(url: string, options: RequestOptions = {}) const proxyAgent = new ProxyAgent(); - console.log(`Corepack: Fetching ${url}...`); + if (process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD !== `0`) { + console.error(`Corepack is about to download ${url}.`); + stderr.write(`\nDo you want to continue? [Y/n] `); + stdin.resume(); + const chars = await once(stdin, `data`); + stdin.pause(); + if ( + chars[0][0] === 0x6e || // n + chars[0][0] === 0x4e // N + ) { + throw new UsageError(`Aborted by the user`); + } + } return new Promise((resolve, reject) => { const createRequest = (url: string) => { From e38f1dd849798eef0c1f69a7e209d15dac3e1044 Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Fri, 26 Jan 2024 01:03:02 +0100 Subject: [PATCH 3/4] fixup! change to stderr, ask for explicit consent --- README.md | 11 ++++++----- mkshims.ts | 2 +- sources/httpUtils.ts | 22 ++++++++++++---------- 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 647340709..0d21a6f9c 100644 --- a/README.md +++ b/README.md @@ -224,11 +224,12 @@ same major line. Should you need to upgrade to a new major, use an explicit package manager. - `COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD` can be set to `0` to - prevent Corepack from asking for validation before downloading software from - the network, or on the contrary set to `1` to force Corepack to ask for - explicit consent. By default, Corepack will ask for explicit consent only when - Corepack is used implicitly (i.e. `corepack pnpm …` won't ask for explicit - consent, `pnpm …` would). + prevent Corepack showing the URL when it needs to download software, or can be + set to `1` to have the URL shown. By default, when Corepack is called + explicitly (e.g. `corepack pnpm …`), it is set to `0`; when Corepack is called + implicitely (e.g. `pnpm …`), it is set to `1`. + When standard input is a TTY and no CI environment is detected, Corepack will + ask for user input before starting the download. - `COREPACK_ENABLE_NETWORK` can be set to `0` to prevent Corepack from accessing the network (in which case you'll be responsible for hydrating the package diff --git a/mkshims.ts b/mkshims.ts index dec096ddc..ab2d45167 100644 --- a/mkshims.ts +++ b/mkshims.ts @@ -21,7 +21,7 @@ async function main() { const corepackPath = path.join(distDir, `corepack.js`); fs.writeFileSync(corepackPath, [ `#!/usr/bin/env node`, - `process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD??='0'`, + `process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD??='0';`, `require('./lib/corepack.cjs').runMain(process.argv.slice(2));`, ].join(`\n`)); fs.chmodSync(corepackPath, 0o755); diff --git a/sources/httpUtils.ts b/sources/httpUtils.ts index a2935c762..d02676546 100644 --- a/sources/httpUtils.ts +++ b/sources/httpUtils.ts @@ -14,17 +14,19 @@ export async function fetchUrlStream(url: string, options: RequestOptions = {}) const proxyAgent = new ProxyAgent(); - if (process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD !== `0`) { + if (process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD === `1`) { console.error(`Corepack is about to download ${url}.`); - stderr.write(`\nDo you want to continue? [Y/n] `); - stdin.resume(); - const chars = await once(stdin, `data`); - stdin.pause(); - if ( - chars[0][0] === 0x6e || // n - chars[0][0] === 0x4e // N - ) { - throw new UsageError(`Aborted by the user`); + if (stdin.isTTY && !process.env.CI) { + stderr.write(`\nDo you want to continue? [Y/n] `); + stdin.resume(); + const chars = await once(stdin, `data`); + stdin.pause(); + if ( + chars[0][0] === 0x6e || // n + chars[0][0] === 0x4e // N + ) { + throw new UsageError(`Aborted by the user`); + } } } From 859f34ef27e8073b0bf0606976a4b04f5b6612ae Mon Sep 17 00:00:00 2001 From: Antoine du Hamel Date: Sat, 27 Jan 2024 17:25:52 +0100 Subject: [PATCH 4/4] `COREPACK_ENABLE_DOWNLOAD_PROMPT` --- README.md | 2 +- mkshims.ts | 4 ++-- sources/httpUtils.ts | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 0d21a6f9c..5037b06f5 100644 --- a/README.md +++ b/README.md @@ -223,7 +223,7 @@ same major line. Should you need to upgrade to a new major, use an explicit not to lookup on the remote registry for the latest version of the selected package manager. -- `COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD` can be set to `0` to +- `COREPACK_ENABLE_DOWNLOAD_PROMPT` can be set to `0` to prevent Corepack showing the URL when it needs to download software, or can be set to `1` to have the URL shown. By default, when Corepack is called explicitly (e.g. `corepack pnpm …`), it is set to `0`; when Corepack is called diff --git a/mkshims.ts b/mkshims.ts index ab2d45167..4adcd62fe 100644 --- a/mkshims.ts +++ b/mkshims.ts @@ -21,7 +21,7 @@ async function main() { const corepackPath = path.join(distDir, `corepack.js`); fs.writeFileSync(corepackPath, [ `#!/usr/bin/env node`, - `process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD??='0';`, + `process.env.COREPACK_ENABLE_DOWNLOAD_PROMPT??='0';`, `require('./lib/corepack.cjs').runMain(process.argv.slice(2));`, ].join(`\n`)); fs.chmodSync(corepackPath, 0o755); @@ -33,7 +33,7 @@ async function main() { const entryPath = path.join(distDir, `${binaryName}.js`); const entryScript = [ `#!/usr/bin/env node`, - `process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD??='1'`, + `process.env.COREPACK_ENABLE_DOWNLOAD_PROMPT??='1'`, `require('./lib/corepack.cjs').runMain(['${binaryName}', ...process.argv.slice(2)]);`, ].join(`\n`); diff --git a/sources/httpUtils.ts b/sources/httpUtils.ts index d02676546..dc73b96c3 100644 --- a/sources/httpUtils.ts +++ b/sources/httpUtils.ts @@ -14,7 +14,7 @@ export async function fetchUrlStream(url: string, options: RequestOptions = {}) const proxyAgent = new ProxyAgent(); - if (process.env.COREPACK_ENABLE_EXPLICIT_VALIDATION_BEFORE_DOWNLOAD === `1`) { + if (process.env.COREPACK_ENABLE_DOWNLOAD_PROMPT === `1`) { console.error(`Corepack is about to download ${url}.`); if (stdin.isTTY && !process.env.CI) { stderr.write(`\nDo you want to continue? [Y/n] `);