Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Removing Corepack
Search
Yosuke Furukawa
PRO
September 27, 2024
Programming
9
1.4k
Removing Corepack
東京Node学園 44時限目で発表した Removing Corepack についてです。
Yosuke Furukawa
PRO
September 27, 2024
Tweet
Share
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
1
3.7k
tc39 x jsconf.jp Panel Discussion 2024
yosuke_furukawa
PRO
0
190
JavaScript Runtime とはなにか
yosuke_furukawa
PRO
15
2.6k
Strip Types と Storage
yosuke_furukawa
PRO
4
370
Module Harmony について
yosuke_furukawa
PRO
3
1.6k
LTのやり方
yosuke_furukawa
PRO
16
2.3k
AppRouter Panel Talk
yosuke_furukawa
PRO
3
750
Node.js v22 で変わること
yosuke_furukawa
PRO
13
5.7k
リアーキテクトと開発生産性について
yosuke_furukawa
PRO
25
10k
Other Decks in Programming
See All in Programming
Kanzawa.rbのLT大会を支える技術の裏側を変更する Ruby on Rails + Litestream 編
muryoimpl
0
220
Amazon ECS とマイクロサービスから考えるシステム構成
hiyanger
2
490
Grafana Loki によるサーバログのコスト削減
mot_techtalk
1
110
CNCF Project の作者が考えている OSS の運営
utam0k
5
690
[Fin-JAWS 第38回 ~re:Invent 2024 金融re:Cap~]FaultInjectionServiceアップデート@pre:Invent2024
shintaro_fukatsu
0
400
『品質』という言葉が嫌いな理由
korimu
0
160
2024年のkintone API振り返りと2025年 / kintone API look back in 2024
tasshi
0
210
Domain-Driven Transformation
hschwentner
2
1.9k
JavaScriptツール群「UnJS」を5分で一気に駆け巡る!
k1tikurisu
10
1.8k
ファインディの テックブログ爆誕までの軌跡
starfish719
2
1.1k
データの整合性を保つ非同期処理アーキテクチャパターン / Async Architecture Patterns
mokuo
41
14k
GAEログのコスト削減
mot_techtalk
0
110
Featured
See All Featured
Practical Orchestrator
shlominoach
186
10k
Art, The Web, and Tiny UX
lynnandtonic
298
20k
Typedesign – Prime Four
hannesfritz
40
2.5k
Java REST API Framework Comparison - PWX 2021
mraible
28
8.4k
Designing Experiences People Love
moore
139
23k
It's Worth the Effort
3n
184
28k
Build The Right Thing And Hit Your Dates
maggiecrowley
34
2.5k
Fontdeck: Realign not Redesign
paulrobertlloyd
82
5.4k
What's in a price? How to price your products and services
michaelherold
244
12k
VelocityConf: Rendering Performance Case Studies
addyosmani
328
24k
The Art of Delivering Value - GDevCon NA Keynote
reverentgeek
9
1.3k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
29
1k
Transcript
Removing Corepack 2024/09/27 @ NodeֶԂ44࣌ݶ
X: @yosuke_furukawa GitHub: yosuke-furukawa
Removing Corepack ʹ͍ͭͯͤͱ ఱܒԼΔ
ͱ͍͏Θ͚ͰಡΜͰΈͨɻ https://socket.dev/blog/node-js-takes-steps-towards-removing-cor
ܦҢ • corepack Node.js ͷcore͔Βআ͢ΔࣄΛද໌͢ΔPR͕ Ϛʔδ͞Εͨɻ https://github.com/nodejs/package- maintenance/pull/606 •
Package Maintenance Working Group ʹΑΔܾఆ • ͦͦ͜ͷGroupͷҙਤͲΜͳͷ͕͋Δͷ͔
Package Maintenance Working Group • ࣮ࡍʹൃ͞Εͨͷ6લɺNode.js v10͘Β͍ʁ • Node.js ͷΤίγεςϜͰ͋ΔpackageͷࢧԉΛ͢ΔͨΊͷά
ϧʔϓ • όʔδϣϯΞοϓͷ͛ʹͳΔΑ͏ͳϥΠϒϥϦύοέʔδ ͷΛಛఆ͠ɺαϙʔτΛߦ͏͜ͱ͕త
Package Maintenance Working Group • Versionཧʹؔ͢ΔNode.js ͱ Package Managerͷత •
ΞϓϦέʔγϣϯ։ൃऀ͕ҎԼͷ͜ͱ͕Ͱ͖ΔΑ͏ʹ͢Δ 1. ϓϩδΣΫτʹదͳNode.js/Package Managerͷόʔδϣϯ͕ఆٛͰ͖Δ ͜ͱ 2. ϩʔΧϧ։ൃ༻ͷNode.js / Package ManagerΛΠϯετʔϧͰ͖Δ͜ͱ 3. ϓϩδΣΫτ͝ͱʹਖ਼͍͠Node.js / Package Manager ͷ࣮ߦ͕Ͱ͖Δ͜ͱ
Package Maintenance Working Group • ࠓճ2൪ͷʮϩʔΧϧʹΠϯετʔϧͰ͖ΔΑ͏ʹ͢Δʯͱ͍ ͏తͷͨΊͷվળͰʮcorepackΛআ͢Δʯͱ͍͏ରԠ͕ඞ ཁʹͳͬͨɻ • Ұॠฉ͘ͱҙຯ͕Θ͔Βͳ͍ɻʮվળͷͨΊʹআ͢Δʁʯͱ
ͳΔɻগ͠ॱΛͬͯ͢ɻɹ
Package Maintenance Working Group • Node.jsͷμϯϩʔυϖʔδ͕࠷ۙ৽͘͠ͳͬͨͷΛͬͯΔ ͩΖ͏͔ʁ
Package Maintenance Working Group • nvm fnm ͳͲͷόʔδϣϯ ཧπʔϧܦ༝ͰೖΕΔΑ͏ͳ
ಋೖ͕هड़͞ΕΔΑ͏ʹͳͬͨɻ • ͜͜ͷผλϒʹผ్ύοέʔδ ϚωʔδϟͷΠϯετʔϧهࡌ ͞ΕΔ༧ఆʹͳ͍ͬͯΔɻ
Package Maintenance Working Group • ͭ·Γɺyarn, pnpm ͳͲͷπʔϧ ͜͜ͰΠϯετʔϧʹରͯ͠ खॱ͕هࡌ͞ΕΔɻ
• ͦͷखॱyarn, pnpmͷ ࡞ऀ͕ਪ͢ΔΠϯετʔϧखॱʹ ै͏ඞཁ͕͋Δ • ඞͣ͠corepackܦ༝ͰΠϯετʔϧ ͢Δ͜ͱ͕ਪ͞ΕΔΘ͚Ͱͳ͍
Package Maintenance Working Group • corepackͷཱͪҐஔ͕͜ΕʹΑΓएׯඍົʹͳΔɻ • ΠϯετʔϧखॱΛύοέʔδϚωʔδϟͷਪʹै͏ͳΒ corepackඞਢͰͳ͘ͳΔɻ
Corepack security issue? • corepackͷͦͦͷߟ͑ํͱͯ͠ npm Ҏ֎ͷιʔε͔ΒύοέʔδϚ ωʔδϟʔͷμϯϩʔυΛ͘Ͱ͖Δͷͱ͍ͯ͠Δɻ • ྫ͑ɺcorepack͕αϙʔτ͍ͯ͠Δ
yarn ͷURL͕ࣦޮ͠ɺυϝΠϯ͕ ͬऔΒΕͨ߹Ͳ͏ͳΔʁ • ެ͕ࣜαϙʔτ͢Δ package manager ͪΌΜͱग़ॴ͕อূͰ͖Δͷ Ͱͳͯ͘ͳΒͳ͍ͷͰͳ͍͔ɺͦ͏͡Όͳ͍ͷೖΕΔ͖Ͱͳ ͍ͱ͍͏ҙݟ https://github.com/nodejs/corepack/issues/495
Corepack security issue? • ॺ໊Λ͚ͭͯ npm ͕ॺ໊ݕূͰվ͟ΜΛࢭ͢Δػೳ͕͢Ͱʹଘࡏ͠ ͍ͯΔͷͰɺͦͷΑ͏ͳܗͰ৴Ͱ͖Δඞཁ͕͋ΔͷͰͳ͍͔ʁ • গͳ͘ͱ
corepack ଆͰ package manager ͕ॻ͖͑ΒΕͯͳ͍͔ ΛݕূͰ͖ΔػೳඞཁͳͷͰɻ • yarnʹॺ໊Λݕূ͢ΔΑ͏ͳػೳ͕ͳ͍͜ͱࢦఠ͞Ε͍ͯΔɻ • ʑᨣʑ https://github.com/nodejs/corepack/issues/495
ཱͪҐஔ͕ո͘͠ͳΔ corepack
ͱ͍͏Θ͚Ͱ • Ұ୴ɺcorepackͷυΩϡϝϯτ Node.js ͱผͳͷͱͯ͠ ެ͔ࣜΒ֎͢ • ͦͷޙঃʑʹcorepackΛnodeίΞ͔Βআ͢ΔΑ͏ʹ͢Δɻ • corepackΛҾ͖ଓ͖ར༻͍ͨ͠ਓcorepackܦ༝ͷpackage
manager ͷΠϯετʔϧํ๏μϯϩʔυϖʔδʹهࡌ͢Δ
ίϛϡχςΟͷ ʮͨͩ͊ʔʔʔʔʯ
൵تަަ • corepack Λ default ʹ͠Α͏ͱͨ͠Β corepack ͕ফ͞Εͨɺ ԿΛݴ͍ͬͯΔ͔Θ͔ΒͶʔͱࢥ͏͕ʢུ
൵تަަ • ʮnpm ͕σϑΥϧτͰόϯυϧ͞ΕΔͷมΘΒͳ͍ͬͯ͋Μ ͳͯ͘Τϥʔ͕Θ͔Γʹ͍͘πʔϧ͕σϑΥϧτͱ͔Ϊϟά ͩΖʯΈ͍ͨͳҙݟ͋Δ https://github.com/nodejs/node/pull/51981
my opinion
ͷҙݟ • ͱΓ͍͖͋͑ͣͳΓফ͑Δ͔ͱ͍͏ͱɺ·ͩফ͑ͳ͍ͣɻ • Ұ୴͜ͷܾఆΛ͍ͯ͠Δ͕ɺ൱ఆͷେ͖͍ͷͰ·ͩͲ͏ͳΔ͔Θ͔Βͳ ͍ɻ • corepackͷϝΠϯϝϯςφൈ͖ͷٞͰ͕·ͱ·ͬͯ͠·ͬͨͷͰɺϝ ΠϯϝϯςφΛೖΕͯ͞ͳ͍͔ʁͱ͍͏ҙݟ͋Δɻ •
ʮͬͺ͢ΘʯΈ͍ͨʹͳΔՄೳੑ͋Δ͠ɺࠓ͙͢Ͳ͏͜͏Έ͍ͨͳಈ ͖Λ͠ͳ͍͍ͯ͘ؾ͢Δɻ
ͷҙݟ • pnpmΛσϑΝΫτͱ͍ͯͬͯ͠ΔνʔϜطʹpnpmଆͰ package managerͷόʔδϣϯΛݻఆ͢Δػೳ͕ೖͬͯΔͷͰ Ұ෦ͷػೳcorepack͕ͳͯ͘ྑ͍ɻ • ͦ͏͍͏;͏ʹ package manager
ଆͰπʔϧͱόʔδϣϯͷ ݻఆೖΔ͔ɻͦ͏ͳͬͨΒ corepack ͔֬ʹ؇͔ʹ͍ Βͳ͘ͳΓͦ͏Ͱ͋Δɻ
ͷҙݟ • ͦͦͰ͍͏ͱ nvm ͳͲͷ Runtime ͷόʔδϣϯϚωʔδϟʔίΞͷ தʹͳ͍ɻ • package
managerͷ version manager ͚ͩίΞͷதʹ͋Δͷػೳఏڙత ʹยखམͪͳؾ͕͢Δɻ • rust ͷ cargo ͷΑ͏ʹversion manager Ͱ͋Γ package manager Ͱ͋Γɺ runtime upgrader Ͱ͋Δ͔ͷΑ͏ͳ։ൃʹඞཁͳػೳΛ౷Ұ͢Δπʔϧ͕ ͋ͬͯྑ͍Α͏ͳؾ͕ͨ͠ɻ