Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Removing Corepack
Search
Yosuke Furukawa
PRO
September 27, 2024
Programming
9
1.6k
Removing Corepack
東京Node学園 44時限目で発表した Removing Corepack についてです。
Yosuke Furukawa
PRO
September 27, 2024
Tweet
Share
More Decks by Yosuke Furukawa
See All by Yosuke Furukawa
デザインシステムが必須の時代に
yosuke_furukawa
PRO
2
76
Node.js, Deno, Bun 最新動向とその所感について
yosuke_furukawa
PRO
10
4.1k
Welcome JSConf.jp 2024
yosuke_furukawa
PRO
1
4.2k
tc39 x jsconf.jp Panel Discussion 2024
yosuke_furukawa
PRO
0
250
JavaScript Runtime とはなにか
yosuke_furukawa
PRO
15
2.8k
Strip Types と Storage
yosuke_furukawa
PRO
4
420
Module Harmony について
yosuke_furukawa
PRO
3
1.7k
LTのやり方
yosuke_furukawa
PRO
16
2.7k
AppRouter Panel Talk
yosuke_furukawa
PRO
3
820
Other Decks in Programming
See All in Programming
あなたとJIT, 今すぐアセンブ ル
sisshiki1969
1
700
サイトを作ったらNFCタグキーホルダーを爆速で作れ!
yuukis
0
390
Terraform やるなら公式スタイルガイドを読もう 〜重要項目 10選〜
hiyanger
13
3.2k
令和最新版手のひらコンピュータ
koba789
14
7.8k
管你要 trace 什麼、bpftrace 用下去就對了 — COSCUP 2025
shunghsiyu
0
430
Go製CLIツールをnpmで配布するには
syumai
2
1.2k
あまり知られていない MCP 仕様たち / MCP specifications that aren’t widely known
ktr_0731
0
280
大規模FlutterプロジェクトのCI実行時間を約8割削減した話
teamlab
PRO
0
490
実践!App Intents対応
yuukiw00w
1
300
The State of Fluid (2025)
s2b
0
180
tool ディレクティブを導入してみた感想
sgash708
1
150
一人でAIプロダクトを作るための工夫 〜技術選定・開発プロセス編〜 / I want AI to work harder
rkaga
12
2.7k
Featured
See All Featured
Product Roadmaps are Hard
iamctodd
PRO
54
11k
Evolution of real-time – Irina Nazarova, EuRuKo, 2024
irinanazarova
8
890
The Cult of Friendly URLs
andyhume
79
6.5k
The World Runs on Bad Software
bkeepers
PRO
70
11k
Visualization
eitanlees
146
16k
Designing for humans not robots
tammielis
253
25k
Bootstrapping a Software Product
garrettdimon
PRO
307
110k
ピンチをチャンスに:未来をつくるプロダクトロードマップ #pmconf2020
aki_iinuma
126
53k
The Cost Of JavaScript in 2023
addyosmani
53
8.8k
Code Review Best Practice
trishagee
69
19k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.4k
[RailsConf 2023] Rails as a piece of cake
palkan
56
5.8k
Transcript
Removing Corepack 2024/09/27 @ NodeֶԂ44࣌ݶ
X: @yosuke_furukawa GitHub: yosuke-furukawa
Removing Corepack ʹ͍ͭͯͤͱ ఱܒԼΔ
ͱ͍͏Θ͚ͰಡΜͰΈͨɻ https://socket.dev/blog/node-js-takes-steps-towards-removing-cor
ܦҢ • corepack Node.js ͷcore͔Βআ͢ΔࣄΛද໌͢ΔPR͕ Ϛʔδ͞Εͨɻ https://github.com/nodejs/package- maintenance/pull/606 •
Package Maintenance Working Group ʹΑΔܾఆ • ͦͦ͜ͷGroupͷҙਤͲΜͳͷ͕͋Δͷ͔
Package Maintenance Working Group • ࣮ࡍʹൃ͞Εͨͷ6લɺNode.js v10͘Β͍ʁ • Node.js ͷΤίγεςϜͰ͋ΔpackageͷࢧԉΛ͢ΔͨΊͷά
ϧʔϓ • όʔδϣϯΞοϓͷ͛ʹͳΔΑ͏ͳϥΠϒϥϦύοέʔδ ͷΛಛఆ͠ɺαϙʔτΛߦ͏͜ͱ͕త
Package Maintenance Working Group • Versionཧʹؔ͢ΔNode.js ͱ Package Managerͷత •
ΞϓϦέʔγϣϯ։ൃऀ͕ҎԼͷ͜ͱ͕Ͱ͖ΔΑ͏ʹ͢Δ 1. ϓϩδΣΫτʹదͳNode.js/Package Managerͷόʔδϣϯ͕ఆٛͰ͖Δ ͜ͱ 2. ϩʔΧϧ։ൃ༻ͷNode.js / Package ManagerΛΠϯετʔϧͰ͖Δ͜ͱ 3. ϓϩδΣΫτ͝ͱʹਖ਼͍͠Node.js / Package Manager ͷ࣮ߦ͕Ͱ͖Δ͜ͱ
Package Maintenance Working Group • ࠓճ2൪ͷʮϩʔΧϧʹΠϯετʔϧͰ͖ΔΑ͏ʹ͢Δʯͱ͍ ͏తͷͨΊͷվળͰʮcorepackΛআ͢Δʯͱ͍͏ରԠ͕ඞ ཁʹͳͬͨɻ • Ұॠฉ͘ͱҙຯ͕Θ͔Βͳ͍ɻʮվળͷͨΊʹআ͢Δʁʯͱ
ͳΔɻগ͠ॱΛͬͯ͢ɻɹ
Package Maintenance Working Group • Node.jsͷμϯϩʔυϖʔδ͕࠷ۙ৽͘͠ͳͬͨͷΛͬͯΔ ͩΖ͏͔ʁ
Package Maintenance Working Group • nvm fnm ͳͲͷόʔδϣϯ ཧπʔϧܦ༝ͰೖΕΔΑ͏ͳ
ಋೖ͕هड़͞ΕΔΑ͏ʹͳͬͨɻ • ͜͜ͷผλϒʹผ్ύοέʔδ ϚωʔδϟͷΠϯετʔϧهࡌ ͞ΕΔ༧ఆʹͳ͍ͬͯΔɻ
Package Maintenance Working Group • ͭ·Γɺyarn, pnpm ͳͲͷπʔϧ ͜͜ͰΠϯετʔϧʹରͯ͠ खॱ͕هࡌ͞ΕΔɻ
• ͦͷखॱyarn, pnpmͷ ࡞ऀ͕ਪ͢ΔΠϯετʔϧखॱʹ ै͏ඞཁ͕͋Δ • ඞͣ͠corepackܦ༝ͰΠϯετʔϧ ͢Δ͜ͱ͕ਪ͞ΕΔΘ͚Ͱͳ͍
Package Maintenance Working Group • corepackͷཱͪҐஔ͕͜ΕʹΑΓएׯඍົʹͳΔɻ • ΠϯετʔϧखॱΛύοέʔδϚωʔδϟͷਪʹै͏ͳΒ corepackඞਢͰͳ͘ͳΔɻ
Corepack security issue? • corepackͷͦͦͷߟ͑ํͱͯ͠ npm Ҏ֎ͷιʔε͔ΒύοέʔδϚ ωʔδϟʔͷμϯϩʔυΛ͘Ͱ͖Δͷͱ͍ͯ͠Δɻ • ྫ͑ɺcorepack͕αϙʔτ͍ͯ͠Δ
yarn ͷURL͕ࣦޮ͠ɺυϝΠϯ͕ ͬऔΒΕͨ߹Ͳ͏ͳΔʁ • ެ͕ࣜαϙʔτ͢Δ package manager ͪΌΜͱग़ॴ͕อূͰ͖Δͷ Ͱͳͯ͘ͳΒͳ͍ͷͰͳ͍͔ɺͦ͏͡Όͳ͍ͷೖΕΔ͖Ͱͳ ͍ͱ͍͏ҙݟ https://github.com/nodejs/corepack/issues/495
Corepack security issue? • ॺ໊Λ͚ͭͯ npm ͕ॺ໊ݕূͰվ͟ΜΛࢭ͢Δػೳ͕͢Ͱʹଘࡏ͠ ͍ͯΔͷͰɺͦͷΑ͏ͳܗͰ৴Ͱ͖Δඞཁ͕͋ΔͷͰͳ͍͔ʁ • গͳ͘ͱ
corepack ଆͰ package manager ͕ॻ͖͑ΒΕͯͳ͍͔ ΛݕূͰ͖ΔػೳඞཁͳͷͰɻ • yarnʹॺ໊Λݕূ͢ΔΑ͏ͳػೳ͕ͳ͍͜ͱࢦఠ͞Ε͍ͯΔɻ • ʑᨣʑ https://github.com/nodejs/corepack/issues/495
ཱͪҐஔ͕ո͘͠ͳΔ corepack
ͱ͍͏Θ͚Ͱ • Ұ୴ɺcorepackͷυΩϡϝϯτ Node.js ͱผͳͷͱͯ͠ ެ͔ࣜΒ֎͢ • ͦͷޙঃʑʹcorepackΛnodeίΞ͔Βআ͢ΔΑ͏ʹ͢Δɻ • corepackΛҾ͖ଓ͖ར༻͍ͨ͠ਓcorepackܦ༝ͷpackage
manager ͷΠϯετʔϧํ๏μϯϩʔυϖʔδʹهࡌ͢Δ
ίϛϡχςΟͷ ʮͨͩ͊ʔʔʔʔʯ
൵تަަ • corepack Λ default ʹ͠Α͏ͱͨ͠Β corepack ͕ফ͞Εͨɺ ԿΛݴ͍ͬͯΔ͔Θ͔ΒͶʔͱࢥ͏͕ʢུ
൵تަަ • ʮnpm ͕σϑΥϧτͰόϯυϧ͞ΕΔͷมΘΒͳ͍ͬͯ͋Μ ͳͯ͘Τϥʔ͕Θ͔Γʹ͍͘πʔϧ͕σϑΥϧτͱ͔Ϊϟά ͩΖʯΈ͍ͨͳҙݟ͋Δ https://github.com/nodejs/node/pull/51981
my opinion
ͷҙݟ • ͱΓ͍͖͋͑ͣͳΓফ͑Δ͔ͱ͍͏ͱɺ·ͩফ͑ͳ͍ͣɻ • Ұ୴͜ͷܾఆΛ͍ͯ͠Δ͕ɺ൱ఆͷେ͖͍ͷͰ·ͩͲ͏ͳΔ͔Θ͔Βͳ ͍ɻ • corepackͷϝΠϯϝϯςφൈ͖ͷٞͰ͕·ͱ·ͬͯ͠·ͬͨͷͰɺϝ ΠϯϝϯςφΛೖΕͯ͞ͳ͍͔ʁͱ͍͏ҙݟ͋Δɻ •
ʮͬͺ͢ΘʯΈ͍ͨʹͳΔՄೳੑ͋Δ͠ɺࠓ͙͢Ͳ͏͜͏Έ͍ͨͳಈ ͖Λ͠ͳ͍͍ͯ͘ؾ͢Δɻ
ͷҙݟ • pnpmΛσϑΝΫτͱ͍ͯͬͯ͠ΔνʔϜطʹpnpmଆͰ package managerͷόʔδϣϯΛݻఆ͢Δػೳ͕ೖͬͯΔͷͰ Ұ෦ͷػೳcorepack͕ͳͯ͘ྑ͍ɻ • ͦ͏͍͏;͏ʹ package manager
ଆͰπʔϧͱόʔδϣϯͷ ݻఆೖΔ͔ɻͦ͏ͳͬͨΒ corepack ͔֬ʹ؇͔ʹ͍ Βͳ͘ͳΓͦ͏Ͱ͋Δɻ
ͷҙݟ • ͦͦͰ͍͏ͱ nvm ͳͲͷ Runtime ͷόʔδϣϯϚωʔδϟʔίΞͷ தʹͳ͍ɻ • package
managerͷ version manager ͚ͩίΞͷதʹ͋Δͷػೳఏڙత ʹยखམͪͳؾ͕͢Δɻ • rust ͷ cargo ͷΑ͏ʹversion manager Ͱ͋Γ package manager Ͱ͋Γɺ runtime upgrader Ͱ͋Δ͔ͷΑ͏ͳ։ൃʹඞཁͳػೳΛ౷Ұ͢Δπʔϧ͕ ͋ͬͯྑ͍Α͏ͳؾ͕ͨ͠ɻ