GENERAL: Only allow PNPM

[kriptonian1]

Description

We have noticed many of the contributors are using NPM instead of using PNPM. So we want to have a strict restriction over the package manager to be use for this project, and throw error if they are using any other package manager. To only allow PNPM, you can refer to this section of PNPM Doc to set it up for us.

[rajdip-b]

We need to make sure that npx works after this.

[kriptonian1]

@rajdip-b we don't use npx in pnpm for pnpm it's pnpm dlx or pnpx docs

[rajdip-b]

@rajdip-b we don't use npx in pnpm for pnpm it's pnpm dlx or pnpx docs

Yep i know but i think in some places i think we are using npx?

[kriptonian1]

Then it should be replaced with pnpm dlx because it is not the right way of using it

[Z-xus]

/attempt fosshack

[github-actions]

Assigned the issue to @Z-xus!

[Z-xus]

It seems there's an ongoing issue which doesn't work for npm but only for yarn pnpm/only-allow#27

[kriptonian1]

Let me have a look what it says

[MelloB1989]

/attempt

[github-actions]

Assigned the issue to @MelloB1989!

[Z-xus]

Assigned the issue to @MelloB1989!

@rajdip-b

[rajdip-b]

Hey @MelloB1989, please check if the issues are already assigned or not. You are only allowed to take up issues in case they are not assigned to anyone for FOSS Hack.

[Z-xus]

@rajdip-b @kriptonian1
The underlying issue is with npm, which does not respect the preinstall script and executes it postinstall. refer: npm/cli#2660
I propose that a single shell script which automates the build process could be a probable solution to this since the root issue is untouched from years.

[rajdip-b]

@kriptonian1 thoughts?

@Z-xus can you give a slight example of how this script will work?

[kriptonian1]

Maybe we can do use .npmrc to make the engine strict. ref : https://www.freecodecamp.org/news/how-to-force-use-yarn-or-npm/

[Z-xus]

1. Tested this but it didn't work as intended, perhaps it was version specific. https://www.freecodecamp.org/news/how-to-force-use-yarn-or-npm/

2. I was proposing a shell script to automate the project setup which performs dependency checks, and then followed by step by step commands, although this is quite simple in this project and I feel it's a bit unnecessary since the setup is relatively simple

command_exists() {...}
check_dependencies() {...}
install_dependencies() {...}

[Z-xus]

By unintended I mean, npm and yarn weren't working but that was entirely due to different errors (my guess is that it is some specific package.json rule which is only applicable to pnpm):

[kriptonian1]

ig that is corepack doing it for us, so I feature I don't like about corepack is that it is a bit too strict with the version of package manager

[kriptonian1]

you can refer to this to learn how corepack work https://www.totaltypescript.com/how-to-use-corepack

I think we can just use it to restrict users to use pnpm, but the problem with this is it won't even allow to run command if the version of your pnpm dosen't match. so maybe you can look into this

[muntaxir4]

Description

We have noticed many of the contributors are using NPM instead of using PNPM. So we want to have a strict restriction over the package manager to be use for this project, and throw error if they are using any other package manager. To only allow PNPM, you can refer to this section of PNPM Doc to set it up for us.

Although, other package managers will show error due to presence of workspace:*. If just-npm (pnpm/only-allow#27 (comment) ) is installed in project's root this will prevent any installation through npm in child packages as well.

[rajdip-b]

I'll give this a try.

UPDATE: I tried it, seems like it doesn't work. I guess we should close this issue.

[muntaxir4]

I'll give this a try.

UPDATE: I tried it, seems like it doesn't work. I guess we should close this issue.

I tested it on my end and it was working fine, except for the workspace:* issue which didn't let npm install run.