Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Removing Corepack
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Yosuke Furukawa
PRO
September 27, 2024
Programming
1.9k
9
Share
Removing Corepack
東京Node学園 44時限目で発表した Removing Corepack についてです。
Yosuke Furukawa
PRO
September 27, 2024
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
220
Node.js, Deno, Bun 最新動向とその所感について
yosuke_furukawa
PRO
10
5.1k
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
1
4.7k
tc39 x jsconf.jp Panel Discussion 2024
yosuke_furukawa
PRO
0
330
JavaScript Runtime とはなにか
yosuke_furukawa
PRO
15
3.1k
Strip Types と Storage
yosuke_furukawa
PRO
4
500
Module Harmony について
yosuke_furukawa
PRO
4
1.9k
LTのやり方
yosuke_furukawa
PRO
16
2.9k
AppRouter Panel Talk
yosuke_furukawa
PRO
3
890
Other Decks in Programming
See All in Programming
How We Practice Exploratory Testing in Iterative Development( #scrumniigata ) / 反復開発の中で、探索的テストをどう実施しているか
teyamagu
PRO
3
750
[RubyKaigi 2026] Require Hooks
palkan
1
300
HTML-Aware ERB: The Path to Reactive Rendering @ RubyKaigi 2026, Hakodate, Japan
marcoroth
0
660
2026-04-15 Spring IO - I Can See Clearly Now
jonatan_ivanov
1
190
〜バイブコーディングを超えて〜 チームで実験し続けたAI駆動開発
tigertora7571
0
200
Liberating Ruby's Parser from Lexer Hacks
ydah
2
2.6k
PHPでローカル環境用のSSL/TLS証明書を発行することはできるのか? #phpconkagawa
akase244
0
350
ローカルLLMでどこまでコードが書けるか / How much code can be written on a local LLM
kishida
2
330
「OSSがあるなら自作するな」は AI時代も正しいか ── Build vs Adopt の新しい判断基準
kumorn5s
7
2.3k
PicoRuby for IoT: Connecting to the Cloud with MQTT
yuuu
2
770
ついに来た!本格的なマルチクラウド時代の Google Cloud
maroon1st
0
390
Programming with a DJ Controller — not vibe coding
m_seki
3
800
Featured
See All Featured
The Cult of Friendly URLs
andyhume
79
6.9k
Build The Right Thing And Hit Your Dates
maggiecrowley
39
3.1k
Building a Scalable Design System with Sketch
lauravandoore
463
34k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.9k
Optimizing for Happiness
mojombo
378
71k
Rebuilding a faster, lazier Slack
samanthasiow
85
9.5k
What's in a price? How to price your products and services
michaelherold
247
13k
Leveraging Curiosity to Care for An Aging Population
cassininazir
1
230
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
510
The Power of CSS Pseudo Elements
geoffreycrofte
82
6.2k
The innovator’s Mindset - Leading Through an Era of Exponential Change - McGill University 2025
jdejongh
PRO
1
170
KATA
mclloyd
PRO
35
15k
Transcript
Removing Corepack 2024/09/27 @ NodeֶԂ44࣌ݶ
X: @yosuke_furukawa GitHub: yosuke-furukawa
Removing Corepack ʹ͍ͭͯͤͱ ఱܒԼΔ
ͱ͍͏Θ͚ͰಡΜͰΈͨɻ https://socket.dev/blog/node-js-takes-steps-towards-removing-cor
ܦҢ • corepack Node.js ͷcore͔Βআ͢ΔࣄΛද໌͢ΔPR͕ Ϛʔδ͞Εͨɻ https://github.com/nodejs/package- maintenance/pull/606 •
Package Maintenance Working Group ʹΑΔܾఆ • ͦͦ͜ͷGroupͷҙਤͲΜͳͷ͕͋Δͷ͔
Package Maintenance Working Group • ࣮ࡍʹൃ͞Εͨͷ6લɺNode.js v10͘Β͍ʁ • Node.js ͷΤίγεςϜͰ͋ΔpackageͷࢧԉΛ͢ΔͨΊͷά
ϧʔϓ • όʔδϣϯΞοϓͷ͛ʹͳΔΑ͏ͳϥΠϒϥϦύοέʔδ ͷΛಛఆ͠ɺαϙʔτΛߦ͏͜ͱ͕త
Package Maintenance Working Group • Versionཧʹؔ͢ΔNode.js ͱ Package Managerͷత •
ΞϓϦέʔγϣϯ։ൃऀ͕ҎԼͷ͜ͱ͕Ͱ͖ΔΑ͏ʹ͢Δ 1. ϓϩδΣΫτʹదͳNode.js/Package Managerͷόʔδϣϯ͕ఆٛͰ͖Δ ͜ͱ 2. ϩʔΧϧ։ൃ༻ͷNode.js / Package ManagerΛΠϯετʔϧͰ͖Δ͜ͱ 3. ϓϩδΣΫτ͝ͱʹਖ਼͍͠Node.js / Package Manager ͷ࣮ߦ͕Ͱ͖Δ͜ͱ
Package Maintenance Working Group • ࠓճ2൪ͷʮϩʔΧϧʹΠϯετʔϧͰ͖ΔΑ͏ʹ͢Δʯͱ͍ ͏తͷͨΊͷվળͰʮcorepackΛআ͢Δʯͱ͍͏ରԠ͕ඞ ཁʹͳͬͨɻ • Ұॠฉ͘ͱҙຯ͕Θ͔Βͳ͍ɻʮվળͷͨΊʹআ͢Δʁʯͱ
ͳΔɻগ͠ॱΛͬͯ͢ɻɹ
Package Maintenance Working Group • Node.jsͷμϯϩʔυϖʔδ͕࠷ۙ৽͘͠ͳͬͨͷΛͬͯΔ ͩΖ͏͔ʁ
Package Maintenance Working Group • nvm fnm ͳͲͷόʔδϣϯ ཧπʔϧܦ༝ͰೖΕΔΑ͏ͳ
ಋೖ͕هड़͞ΕΔΑ͏ʹͳͬͨɻ • ͜͜ͷผλϒʹผ్ύοέʔδ ϚωʔδϟͷΠϯετʔϧهࡌ ͞ΕΔ༧ఆʹͳ͍ͬͯΔɻ
Package Maintenance Working Group • ͭ·Γɺyarn, pnpm ͳͲͷπʔϧ ͜͜ͰΠϯετʔϧʹରͯ͠ खॱ͕هࡌ͞ΕΔɻ
• ͦͷखॱyarn, pnpmͷ ࡞ऀ͕ਪ͢ΔΠϯετʔϧखॱʹ ै͏ඞཁ͕͋Δ • ඞͣ͠corepackܦ༝ͰΠϯετʔϧ ͢Δ͜ͱ͕ਪ͞ΕΔΘ͚Ͱͳ͍
Package Maintenance Working Group • corepackͷཱͪҐஔ͕͜ΕʹΑΓएׯඍົʹͳΔɻ • ΠϯετʔϧखॱΛύοέʔδϚωʔδϟͷਪʹै͏ͳΒ corepackඞਢͰͳ͘ͳΔɻ
Corepack security issue? • corepackͷͦͦͷߟ͑ํͱͯ͠ npm Ҏ֎ͷιʔε͔ΒύοέʔδϚ ωʔδϟʔͷμϯϩʔυΛ͘Ͱ͖Δͷͱ͍ͯ͠Δɻ • ྫ͑ɺcorepack͕αϙʔτ͍ͯ͠Δ
yarn ͷURL͕ࣦޮ͠ɺυϝΠϯ͕ ͬऔΒΕͨ߹Ͳ͏ͳΔʁ • ެ͕ࣜαϙʔτ͢Δ package manager ͪΌΜͱग़ॴ͕อূͰ͖Δͷ Ͱͳͯ͘ͳΒͳ͍ͷͰͳ͍͔ɺͦ͏͡Όͳ͍ͷೖΕΔ͖Ͱͳ ͍ͱ͍͏ҙݟ https://github.com/nodejs/corepack/issues/495
Corepack security issue? • ॺ໊Λ͚ͭͯ npm ͕ॺ໊ݕূͰվ͟ΜΛࢭ͢Δػೳ͕͢Ͱʹଘࡏ͠ ͍ͯΔͷͰɺͦͷΑ͏ͳܗͰ৴Ͱ͖Δඞཁ͕͋ΔͷͰͳ͍͔ʁ • গͳ͘ͱ
corepack ଆͰ package manager ͕ॻ͖͑ΒΕͯͳ͍͔ ΛݕূͰ͖ΔػೳඞཁͳͷͰɻ • yarnʹॺ໊Λݕূ͢ΔΑ͏ͳػೳ͕ͳ͍͜ͱࢦఠ͞Ε͍ͯΔɻ • ʑᨣʑ https://github.com/nodejs/corepack/issues/495
ཱͪҐஔ͕ո͘͠ͳΔ corepack
ͱ͍͏Θ͚Ͱ • Ұ୴ɺcorepackͷυΩϡϝϯτ Node.js ͱผͳͷͱͯ͠ ެ͔ࣜΒ֎͢ • ͦͷޙঃʑʹcorepackΛnodeίΞ͔Βআ͢ΔΑ͏ʹ͢Δɻ • corepackΛҾ͖ଓ͖ར༻͍ͨ͠ਓcorepackܦ༝ͷpackage
manager ͷΠϯετʔϧํ๏μϯϩʔυϖʔδʹهࡌ͢Δ
ίϛϡχςΟͷ ʮͨͩ͊ʔʔʔʔʯ
൵تަަ • corepack Λ default ʹ͠Α͏ͱͨ͠Β corepack ͕ফ͞Εͨɺ ԿΛݴ͍ͬͯΔ͔Θ͔ΒͶʔͱࢥ͏͕ʢུ
൵تަަ • ʮnpm ͕σϑΥϧτͰόϯυϧ͞ΕΔͷมΘΒͳ͍ͬͯ͋Μ ͳͯ͘Τϥʔ͕Θ͔Γʹ͍͘πʔϧ͕σϑΥϧτͱ͔Ϊϟά ͩΖʯΈ͍ͨͳҙݟ͋Δ https://github.com/nodejs/node/pull/51981
my opinion
ͷҙݟ • ͱΓ͍͖͋͑ͣͳΓফ͑Δ͔ͱ͍͏ͱɺ·ͩফ͑ͳ͍ͣɻ • Ұ୴͜ͷܾఆΛ͍ͯ͠Δ͕ɺ൱ఆͷେ͖͍ͷͰ·ͩͲ͏ͳΔ͔Θ͔Βͳ ͍ɻ • corepackͷϝΠϯϝϯςφൈ͖ͷٞͰ͕·ͱ·ͬͯ͠·ͬͨͷͰɺϝ ΠϯϝϯςφΛೖΕͯ͞ͳ͍͔ʁͱ͍͏ҙݟ͋Δɻ •
ʮͬͺ͢ΘʯΈ͍ͨʹͳΔՄೳੑ͋Δ͠ɺࠓ͙͢Ͳ͏͜͏Έ͍ͨͳಈ ͖Λ͠ͳ͍͍ͯ͘ؾ͢Δɻ
ͷҙݟ • pnpmΛσϑΝΫτͱ͍ͯͬͯ͠ΔνʔϜطʹpnpmଆͰ package managerͷόʔδϣϯΛݻఆ͢Δػೳ͕ೖͬͯΔͷͰ Ұ෦ͷػೳcorepack͕ͳͯ͘ྑ͍ɻ • ͦ͏͍͏;͏ʹ package manager
ଆͰπʔϧͱόʔδϣϯͷ ݻఆೖΔ͔ɻͦ͏ͳͬͨΒ corepack ͔֬ʹ؇͔ʹ͍ Βͳ͘ͳΓͦ͏Ͱ͋Δɻ
ͷҙݟ • ͦͦͰ͍͏ͱ nvm ͳͲͷ Runtime ͷόʔδϣϯϚωʔδϟʔίΞͷ தʹͳ͍ɻ • package
managerͷ version manager ͚ͩίΞͷதʹ͋Δͷػೳఏڙత ʹยखམͪͳؾ͕͢Δɻ • rust ͷ cargo ͷΑ͏ʹversion manager Ͱ͋Γ package manager Ͱ͋Γɺ runtime upgrader Ͱ͋Δ͔ͷΑ͏ͳ։ൃʹඞཁͳػೳΛ౷Ұ͢Δπʔϧ͕ ͋ͬͯྑ͍Α͏ͳؾ͕ͨ͠ɻ
yosuke_furukawa
teyamagu
palkan
marcoroth
jonatan_ivanov
tigertora7571
ydah
akase244
kishida
kumorn5s
yuuu
maroon1st
m_seki
andyhume
maggiecrowley
lauravandoore
mongodb
mojombo
samanthasiow
michaelherold
cassininazir
chikuwait
geoffreycrofte
jdejongh
mclloyd
