Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Removing Corepack
Search
Yosuke Furukawa
PRO
September 27, 2024
Programming
9
1.5k
Removing Corepack
東京Node学園 44時限目で発表した Removing Corepack についてです。
Yosuke Furukawa
PRO
September 27, 2024
Tweet
Share
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
1
3.8k
tc39 x jsconf.jp Panel Discussion 2024
yosuke_furukawa
PRO
0
190
JavaScript Runtime とはなにか
yosuke_furukawa
PRO
15
2.6k
Strip Types と Storage
yosuke_furukawa
PRO
4
370
Module Harmony について
yosuke_furukawa
PRO
3
1.6k
LTのやり方
yosuke_furukawa
PRO
16
2.4k
AppRouter Panel Talk
yosuke_furukawa
PRO
3
750
Node.js v22 で変わること
yosuke_furukawa
PRO
13
5.8k
リアーキテクトと開発生産性について
yosuke_furukawa
PRO
25
10k
Other Decks in Programming
See All in Programming
Kotlinの開発でも AIをいい感じに使いたい / Making the Most of AI in Kotlin Development
kohii00
4
750
Rubyと自由とAIと
yotii23
6
1.4k
コードを読んで理解するko build
bells17
1
110
PEPCは何を変えようとしていたのか
ken7253
2
140
仕様変更に耐えるための"今の"DRY原則を考える
mkmk884
9
3.1k
Ruby on cygwin 2025-02
fd0
0
180
PHPカンファレンス名古屋2025 タスク分解の試行錯誤〜レビュー負荷を下げるために〜
soichi
1
670
責務と認知負荷を整える! 抽象レベルを意識した関心の分離
yahiru
8
1.3k
dbt Pythonモデルで実現するSnowflake活用術
trsnium
0
250
データベースのオペレーターであるCloudNativePGがStatefulSetを使わない理由に迫る
nnaka2992
0
230
ファインディLT_ポケモン対戦の定量的分析
fufufukakaka
0
910
How mixi2 Uses TiDB for SNS Scalability and Performance
kanmo
40
16k
Featured
See All Featured
GitHub's CSS Performance
jonrohan
1030
460k
Facilitating Awesome Meetings
lara
52
6.2k
Git: the NoSQL Database
bkeepers
PRO
427
65k
A Modern Web Designer's Workflow
chriscoyier
693
190k
The Pragmatic Product Professional
lauravandoore
32
6.4k
The Myth of the Modular Monolith - Day 2 Keynote - Rails World 2024
eileencodes
21
2.5k
Writing Fast Ruby
sferik
628
61k
Rebuilding a faster, lazier Slack
samanthasiow
80
8.9k
Optimizing for Happiness
mojombo
376
70k
Java REST API Framework Comparison - PWX 2021
mraible
29
8.4k
How To Stay Up To Date on Web Technology
chriscoyier
790
250k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
6
570
Transcript
Removing Corepack 2024/09/27 @ NodeֶԂ44࣌ݶ
X: @yosuke_furukawa GitHub: yosuke-furukawa
Removing Corepack ʹ͍ͭͯͤͱ ఱܒԼΔ
ͱ͍͏Θ͚ͰಡΜͰΈͨɻ https://socket.dev/blog/node-js-takes-steps-towards-removing-cor
ܦҢ • corepack Node.js ͷcore͔Βআ͢ΔࣄΛද໌͢ΔPR͕ Ϛʔδ͞Εͨɻ https://github.com/nodejs/package- maintenance/pull/606 •
Package Maintenance Working Group ʹΑΔܾఆ • ͦͦ͜ͷGroupͷҙਤͲΜͳͷ͕͋Δͷ͔
Package Maintenance Working Group • ࣮ࡍʹൃ͞Εͨͷ6લɺNode.js v10͘Β͍ʁ • Node.js ͷΤίγεςϜͰ͋ΔpackageͷࢧԉΛ͢ΔͨΊͷά
ϧʔϓ • όʔδϣϯΞοϓͷ͛ʹͳΔΑ͏ͳϥΠϒϥϦύοέʔδ ͷΛಛఆ͠ɺαϙʔτΛߦ͏͜ͱ͕త
Package Maintenance Working Group • Versionཧʹؔ͢ΔNode.js ͱ Package Managerͷత •
ΞϓϦέʔγϣϯ։ൃऀ͕ҎԼͷ͜ͱ͕Ͱ͖ΔΑ͏ʹ͢Δ 1. ϓϩδΣΫτʹదͳNode.js/Package Managerͷόʔδϣϯ͕ఆٛͰ͖Δ ͜ͱ 2. ϩʔΧϧ։ൃ༻ͷNode.js / Package ManagerΛΠϯετʔϧͰ͖Δ͜ͱ 3. ϓϩδΣΫτ͝ͱʹਖ਼͍͠Node.js / Package Manager ͷ࣮ߦ͕Ͱ͖Δ͜ͱ
Package Maintenance Working Group • ࠓճ2൪ͷʮϩʔΧϧʹΠϯετʔϧͰ͖ΔΑ͏ʹ͢Δʯͱ͍ ͏తͷͨΊͷվળͰʮcorepackΛআ͢Δʯͱ͍͏ରԠ͕ඞ ཁʹͳͬͨɻ • Ұॠฉ͘ͱҙຯ͕Θ͔Βͳ͍ɻʮվળͷͨΊʹআ͢Δʁʯͱ
ͳΔɻগ͠ॱΛͬͯ͢ɻɹ
Package Maintenance Working Group • Node.jsͷμϯϩʔυϖʔδ͕࠷ۙ৽͘͠ͳͬͨͷΛͬͯΔ ͩΖ͏͔ʁ
Package Maintenance Working Group • nvm fnm ͳͲͷόʔδϣϯ ཧπʔϧܦ༝ͰೖΕΔΑ͏ͳ
ಋೖ͕هड़͞ΕΔΑ͏ʹͳͬͨɻ • ͜͜ͷผλϒʹผ్ύοέʔδ ϚωʔδϟͷΠϯετʔϧهࡌ ͞ΕΔ༧ఆʹͳ͍ͬͯΔɻ
Package Maintenance Working Group • ͭ·Γɺyarn, pnpm ͳͲͷπʔϧ ͜͜ͰΠϯετʔϧʹରͯ͠ खॱ͕هࡌ͞ΕΔɻ
• ͦͷखॱyarn, pnpmͷ ࡞ऀ͕ਪ͢ΔΠϯετʔϧखॱʹ ै͏ඞཁ͕͋Δ • ඞͣ͠corepackܦ༝ͰΠϯετʔϧ ͢Δ͜ͱ͕ਪ͞ΕΔΘ͚Ͱͳ͍
Package Maintenance Working Group • corepackͷཱͪҐஔ͕͜ΕʹΑΓएׯඍົʹͳΔɻ • ΠϯετʔϧखॱΛύοέʔδϚωʔδϟͷਪʹै͏ͳΒ corepackඞਢͰͳ͘ͳΔɻ
Corepack security issue? • corepackͷͦͦͷߟ͑ํͱͯ͠ npm Ҏ֎ͷιʔε͔ΒύοέʔδϚ ωʔδϟʔͷμϯϩʔυΛ͘Ͱ͖Δͷͱ͍ͯ͠Δɻ • ྫ͑ɺcorepack͕αϙʔτ͍ͯ͠Δ
yarn ͷURL͕ࣦޮ͠ɺυϝΠϯ͕ ͬऔΒΕͨ߹Ͳ͏ͳΔʁ • ެ͕ࣜαϙʔτ͢Δ package manager ͪΌΜͱग़ॴ͕อূͰ͖Δͷ Ͱͳͯ͘ͳΒͳ͍ͷͰͳ͍͔ɺͦ͏͡Όͳ͍ͷೖΕΔ͖Ͱͳ ͍ͱ͍͏ҙݟ https://github.com/nodejs/corepack/issues/495
Corepack security issue? • ॺ໊Λ͚ͭͯ npm ͕ॺ໊ݕূͰվ͟ΜΛࢭ͢Δػೳ͕͢Ͱʹଘࡏ͠ ͍ͯΔͷͰɺͦͷΑ͏ͳܗͰ৴Ͱ͖Δඞཁ͕͋ΔͷͰͳ͍͔ʁ • গͳ͘ͱ
corepack ଆͰ package manager ͕ॻ͖͑ΒΕͯͳ͍͔ ΛݕূͰ͖ΔػೳඞཁͳͷͰɻ • yarnʹॺ໊Λݕূ͢ΔΑ͏ͳػೳ͕ͳ͍͜ͱࢦఠ͞Ε͍ͯΔɻ • ʑᨣʑ https://github.com/nodejs/corepack/issues/495
ཱͪҐஔ͕ո͘͠ͳΔ corepack
ͱ͍͏Θ͚Ͱ • Ұ୴ɺcorepackͷυΩϡϝϯτ Node.js ͱผͳͷͱͯ͠ ެ͔ࣜΒ֎͢ • ͦͷޙঃʑʹcorepackΛnodeίΞ͔Βআ͢ΔΑ͏ʹ͢Δɻ • corepackΛҾ͖ଓ͖ར༻͍ͨ͠ਓcorepackܦ༝ͷpackage
manager ͷΠϯετʔϧํ๏μϯϩʔυϖʔδʹهࡌ͢Δ
ίϛϡχςΟͷ ʮͨͩ͊ʔʔʔʔʯ
൵تަަ • corepack Λ default ʹ͠Α͏ͱͨ͠Β corepack ͕ফ͞Εͨɺ ԿΛݴ͍ͬͯΔ͔Θ͔ΒͶʔͱࢥ͏͕ʢུ
൵تަަ • ʮnpm ͕σϑΥϧτͰόϯυϧ͞ΕΔͷมΘΒͳ͍ͬͯ͋Μ ͳͯ͘Τϥʔ͕Θ͔Γʹ͍͘πʔϧ͕σϑΥϧτͱ͔Ϊϟά ͩΖʯΈ͍ͨͳҙݟ͋Δ https://github.com/nodejs/node/pull/51981
my opinion
ͷҙݟ • ͱΓ͍͖͋͑ͣͳΓফ͑Δ͔ͱ͍͏ͱɺ·ͩফ͑ͳ͍ͣɻ • Ұ୴͜ͷܾఆΛ͍ͯ͠Δ͕ɺ൱ఆͷେ͖͍ͷͰ·ͩͲ͏ͳΔ͔Θ͔Βͳ ͍ɻ • corepackͷϝΠϯϝϯςφൈ͖ͷٞͰ͕·ͱ·ͬͯ͠·ͬͨͷͰɺϝ ΠϯϝϯςφΛೖΕͯ͞ͳ͍͔ʁͱ͍͏ҙݟ͋Δɻ •
ʮͬͺ͢ΘʯΈ͍ͨʹͳΔՄೳੑ͋Δ͠ɺࠓ͙͢Ͳ͏͜͏Έ͍ͨͳಈ ͖Λ͠ͳ͍͍ͯ͘ؾ͢Δɻ
ͷҙݟ • pnpmΛσϑΝΫτͱ͍ͯͬͯ͠ΔνʔϜطʹpnpmଆͰ package managerͷόʔδϣϯΛݻఆ͢Δػೳ͕ೖͬͯΔͷͰ Ұ෦ͷػೳcorepack͕ͳͯ͘ྑ͍ɻ • ͦ͏͍͏;͏ʹ package manager
ଆͰπʔϧͱόʔδϣϯͷ ݻఆೖΔ͔ɻͦ͏ͳͬͨΒ corepack ͔֬ʹ؇͔ʹ͍ Βͳ͘ͳΓͦ͏Ͱ͋Δɻ
ͷҙݟ • ͦͦͰ͍͏ͱ nvm ͳͲͷ Runtime ͷόʔδϣϯϚωʔδϟʔίΞͷ தʹͳ͍ɻ • package
managerͷ version manager ͚ͩίΞͷதʹ͋Δͷػೳఏڙత ʹยखམͪͳؾ͕͢Δɻ • rust ͷ cargo ͷΑ͏ʹversion manager Ͱ͋Γ package manager Ͱ͋Γɺ runtime upgrader Ͱ͋Δ͔ͷΑ͏ͳ։ൃʹඞཁͳػೳΛ౷Ұ͢Δπʔϧ͕ ͋ͬͯྑ͍Α͏ͳؾ͕ͨ͠ɻ