Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Removing Corepack
Search
Yosuke Furukawa
PRO
September 27, 2024
Programming
9
1.6k
Removing Corepack
東京Node学園 44時限目で発表した Removing Corepack についてです。
Yosuke Furukawa
PRO
September 27, 2024
Tweet
Share
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
Node.js, Deno, Bun 最新動向とその所感について
yosuke_furukawa
PRO
8
3.6k
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
1
4.1k
tc39 x jsconf.jp Panel Discussion 2024
yosuke_furukawa
PRO
0
220
JavaScript Runtime とはなにか
yosuke_furukawa
PRO
15
2.8k
Strip Types と Storage
yosuke_furukawa
PRO
4
400
Module Harmony について
yosuke_furukawa
PRO
3
1.7k
LTのやり方
yosuke_furukawa
PRO
16
2.6k
AppRouter Panel Talk
yosuke_furukawa
PRO
3
800
Node.js v22 で変わること
yosuke_furukawa
PRO
13
6.2k
Other Decks in Programming
See All in Programming
Javaのルールをねじ曲げろ!禁断の操作とその代償から学ぶメタプログラミング入門 / A Guide to Metaprogramming: Lessons from Forbidden Techniques and Their Price
nrslib
3
2k
iOSアプリ開発で 関数型プログラミングを実現する The Composable Architectureの紹介
yimajo
2
210
Java on Azure で LangGraph!
kohei3110
0
120
Perlで痩せる
yuukis
1
680
A comprehensive view of refactoring
marabesi
0
450
DroidKnights 2025 - 다양한 스크롤 뷰에서의 영상 재생
gaeun5744
3
180
ktr0731/go-mcpでMCPサーバー作ってみた
takak2166
0
160
AIコーディング道場勉強会#2 君(エンジニア)たちはどう生きるか
misakiotb
1
190
赤裸々に公開。 TSKaigiのオフシーズン
takezoux2
0
130
Beyond Portability: Live Migration for Evolving WebAssembly Workloads
chikuwait
0
360
ドメインモデリングにおける抽象の役割、tagless-finalによるDSL構築、そして型安全な最適化
knih
10
1.8k
型付きアクターモデルがもたらす分散シミュレーションの未来
piyo7
0
780
Featured
See All Featured
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Side Projects
sachag
455
42k
VelocityConf: Rendering Performance Case Studies
addyosmani
329
24k
Git: the NoSQL Database
bkeepers
PRO
430
65k
Code Reviewing Like a Champion
maltzj
524
40k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
31
1.2k
Product Roadmaps are Hard
iamctodd
PRO
53
11k
The Language of Interfaces
destraynor
158
25k
YesSQL, Process and Tooling at Scale
rocio
172
14k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
GitHub's CSS Performance
jonrohan
1031
460k
Transcript
Removing Corepack 2024/09/27 @ NodeֶԂ44࣌ݶ
X: @yosuke_furukawa GitHub: yosuke-furukawa
Removing Corepack ʹ͍ͭͯͤͱ ఱܒԼΔ
ͱ͍͏Θ͚ͰಡΜͰΈͨɻ https://socket.dev/blog/node-js-takes-steps-towards-removing-cor
ܦҢ • corepack Node.js ͷcore͔Βআ͢ΔࣄΛද໌͢ΔPR͕ Ϛʔδ͞Εͨɻ https://github.com/nodejs/package- maintenance/pull/606 •
Package Maintenance Working Group ʹΑΔܾఆ • ͦͦ͜ͷGroupͷҙਤͲΜͳͷ͕͋Δͷ͔
Package Maintenance Working Group • ࣮ࡍʹൃ͞Εͨͷ6લɺNode.js v10͘Β͍ʁ • Node.js ͷΤίγεςϜͰ͋ΔpackageͷࢧԉΛ͢ΔͨΊͷά
ϧʔϓ • όʔδϣϯΞοϓͷ͛ʹͳΔΑ͏ͳϥΠϒϥϦύοέʔδ ͷΛಛఆ͠ɺαϙʔτΛߦ͏͜ͱ͕త
Package Maintenance Working Group • Versionཧʹؔ͢ΔNode.js ͱ Package Managerͷత •
ΞϓϦέʔγϣϯ։ൃऀ͕ҎԼͷ͜ͱ͕Ͱ͖ΔΑ͏ʹ͢Δ 1. ϓϩδΣΫτʹదͳNode.js/Package Managerͷόʔδϣϯ͕ఆٛͰ͖Δ ͜ͱ 2. ϩʔΧϧ։ൃ༻ͷNode.js / Package ManagerΛΠϯετʔϧͰ͖Δ͜ͱ 3. ϓϩδΣΫτ͝ͱʹਖ਼͍͠Node.js / Package Manager ͷ࣮ߦ͕Ͱ͖Δ͜ͱ
Package Maintenance Working Group • ࠓճ2൪ͷʮϩʔΧϧʹΠϯετʔϧͰ͖ΔΑ͏ʹ͢Δʯͱ͍ ͏తͷͨΊͷվળͰʮcorepackΛআ͢Δʯͱ͍͏ରԠ͕ඞ ཁʹͳͬͨɻ • Ұॠฉ͘ͱҙຯ͕Θ͔Βͳ͍ɻʮվળͷͨΊʹআ͢Δʁʯͱ
ͳΔɻগ͠ॱΛͬͯ͢ɻɹ
Package Maintenance Working Group • Node.jsͷμϯϩʔυϖʔδ͕࠷ۙ৽͘͠ͳͬͨͷΛͬͯΔ ͩΖ͏͔ʁ
Package Maintenance Working Group • nvm fnm ͳͲͷόʔδϣϯ ཧπʔϧܦ༝ͰೖΕΔΑ͏ͳ
ಋೖ͕هड़͞ΕΔΑ͏ʹͳͬͨɻ • ͜͜ͷผλϒʹผ్ύοέʔδ ϚωʔδϟͷΠϯετʔϧهࡌ ͞ΕΔ༧ఆʹͳ͍ͬͯΔɻ
Package Maintenance Working Group • ͭ·Γɺyarn, pnpm ͳͲͷπʔϧ ͜͜ͰΠϯετʔϧʹରͯ͠ खॱ͕هࡌ͞ΕΔɻ
• ͦͷखॱyarn, pnpmͷ ࡞ऀ͕ਪ͢ΔΠϯετʔϧखॱʹ ै͏ඞཁ͕͋Δ • ඞͣ͠corepackܦ༝ͰΠϯετʔϧ ͢Δ͜ͱ͕ਪ͞ΕΔΘ͚Ͱͳ͍
Package Maintenance Working Group • corepackͷཱͪҐஔ͕͜ΕʹΑΓएׯඍົʹͳΔɻ • ΠϯετʔϧखॱΛύοέʔδϚωʔδϟͷਪʹै͏ͳΒ corepackඞਢͰͳ͘ͳΔɻ
Corepack security issue? • corepackͷͦͦͷߟ͑ํͱͯ͠ npm Ҏ֎ͷιʔε͔ΒύοέʔδϚ ωʔδϟʔͷμϯϩʔυΛ͘Ͱ͖Δͷͱ͍ͯ͠Δɻ • ྫ͑ɺcorepack͕αϙʔτ͍ͯ͠Δ
yarn ͷURL͕ࣦޮ͠ɺυϝΠϯ͕ ͬऔΒΕͨ߹Ͳ͏ͳΔʁ • ެ͕ࣜαϙʔτ͢Δ package manager ͪΌΜͱग़ॴ͕อূͰ͖Δͷ Ͱͳͯ͘ͳΒͳ͍ͷͰͳ͍͔ɺͦ͏͡Όͳ͍ͷೖΕΔ͖Ͱͳ ͍ͱ͍͏ҙݟ https://github.com/nodejs/corepack/issues/495
Corepack security issue? • ॺ໊Λ͚ͭͯ npm ͕ॺ໊ݕূͰվ͟ΜΛࢭ͢Δػೳ͕͢Ͱʹଘࡏ͠ ͍ͯΔͷͰɺͦͷΑ͏ͳܗͰ৴Ͱ͖Δඞཁ͕͋ΔͷͰͳ͍͔ʁ • গͳ͘ͱ
corepack ଆͰ package manager ͕ॻ͖͑ΒΕͯͳ͍͔ ΛݕূͰ͖ΔػೳඞཁͳͷͰɻ • yarnʹॺ໊Λݕূ͢ΔΑ͏ͳػೳ͕ͳ͍͜ͱࢦఠ͞Ε͍ͯΔɻ • ʑᨣʑ https://github.com/nodejs/corepack/issues/495
ཱͪҐஔ͕ո͘͠ͳΔ corepack
ͱ͍͏Θ͚Ͱ • Ұ୴ɺcorepackͷυΩϡϝϯτ Node.js ͱผͳͷͱͯ͠ ެ͔ࣜΒ֎͢ • ͦͷޙঃʑʹcorepackΛnodeίΞ͔Βআ͢ΔΑ͏ʹ͢Δɻ • corepackΛҾ͖ଓ͖ར༻͍ͨ͠ਓcorepackܦ༝ͷpackage
manager ͷΠϯετʔϧํ๏μϯϩʔυϖʔδʹهࡌ͢Δ
ίϛϡχςΟͷ ʮͨͩ͊ʔʔʔʔʯ
൵تަަ • corepack Λ default ʹ͠Α͏ͱͨ͠Β corepack ͕ফ͞Εͨɺ ԿΛݴ͍ͬͯΔ͔Θ͔ΒͶʔͱࢥ͏͕ʢུ
൵تަަ • ʮnpm ͕σϑΥϧτͰόϯυϧ͞ΕΔͷมΘΒͳ͍ͬͯ͋Μ ͳͯ͘Τϥʔ͕Θ͔Γʹ͍͘πʔϧ͕σϑΥϧτͱ͔Ϊϟά ͩΖʯΈ͍ͨͳҙݟ͋Δ https://github.com/nodejs/node/pull/51981
my opinion
ͷҙݟ • ͱΓ͍͖͋͑ͣͳΓফ͑Δ͔ͱ͍͏ͱɺ·ͩফ͑ͳ͍ͣɻ • Ұ୴͜ͷܾఆΛ͍ͯ͠Δ͕ɺ൱ఆͷେ͖͍ͷͰ·ͩͲ͏ͳΔ͔Θ͔Βͳ ͍ɻ • corepackͷϝΠϯϝϯςφൈ͖ͷٞͰ͕·ͱ·ͬͯ͠·ͬͨͷͰɺϝ ΠϯϝϯςφΛೖΕͯ͞ͳ͍͔ʁͱ͍͏ҙݟ͋Δɻ •
ʮͬͺ͢ΘʯΈ͍ͨʹͳΔՄೳੑ͋Δ͠ɺࠓ͙͢Ͳ͏͜͏Έ͍ͨͳಈ ͖Λ͠ͳ͍͍ͯ͘ؾ͢Δɻ
ͷҙݟ • pnpmΛσϑΝΫτͱ͍ͯͬͯ͠ΔνʔϜطʹpnpmଆͰ package managerͷόʔδϣϯΛݻఆ͢Δػೳ͕ೖͬͯΔͷͰ Ұ෦ͷػೳcorepack͕ͳͯ͘ྑ͍ɻ • ͦ͏͍͏;͏ʹ package manager
ଆͰπʔϧͱόʔδϣϯͷ ݻఆೖΔ͔ɻͦ͏ͳͬͨΒ corepack ͔֬ʹ؇͔ʹ͍ Βͳ͘ͳΓͦ͏Ͱ͋Δɻ
ͷҙݟ • ͦͦͰ͍͏ͱ nvm ͳͲͷ Runtime ͷόʔδϣϯϚωʔδϟʔίΞͷ தʹͳ͍ɻ • package
managerͷ version manager ͚ͩίΞͷதʹ͋Δͷػೳఏڙత ʹยखམͪͳؾ͕͢Δɻ • rust ͷ cargo ͷΑ͏ʹversion manager Ͱ͋Γ package manager Ͱ͋Γɺ runtime upgrader Ͱ͋Δ͔ͷΑ͏ͳ։ൃʹඞཁͳػೳΛ౷Ұ͢Δπʔϧ͕ ͋ͬͯྑ͍Α͏ͳؾ͕ͨ͠ɻ