vscode setting packageManager in package.json unconditionally

[frankli0324]

Type: Bug

open a package.json file and wait, packageManager appeared as "[email protected]+sha256.7cb31c0a881964a22577fd84e5a9a5b11e6f49ef8aa0893036b0b68015056252". "npm.packageManager" setting doesn't provide a "none" option.

this is happening with all extensions disabled.

VS Code version: Code 1.88.1 (Universal) (e170252, 2024-04-10T17:42:52.765Z)
OS version: Darwin arm64 23.1.0
Modes: Unsupported

A/B Experiments

vsliv368cf:30146710
vspor879:30202332
vspor708:30202333
vspor363:30204092
vscorecescf:30445987
vscod805:30301674
binariesv615:30325510
vsaa593cf:30376535
py29gd2263:30899288
c4g48928:30535728
azure-dev_surveyone:30548225
962ge761:30959799
pythongtdpath:30769146
welcomedialogc:30910334
pythonidxpt:30866567
pythonnoceb:30805159
asynctok:30898717
pythontestfixt:30902429
pythonregdiag2:30936856
pyreplss1:30897532
pythonmypyd1:30879173
pythoncet0:30885854
h48ei257:31000450
pythontbext0:30879054
accentitlementst:30995554
dsvsc016:30899300
dsvsc017:30899301
dsvsc018:30899302
cppperfnew:31000557
d34g3935:30971562
fegfb526:30981948
bg6jg535:30979843
ccp2r3:30993541
dsvsc020:30976470
pythonait:31006305
666c4381:30973075
gee8j676:31009558
chatpanelc:31018788
dsvsc021:30996838
f3je6385:31013174

[frankli0324]

I know it may have been a feature, yet it doesn't meet expectations. what's more, the behavior modifies and saves a project file without any prompt and attempts to overwrite repeatedly, which clearly exceeds what an editor should do, I believe that categorizes this as a bug.

[meganrogge]

sounds like something that's coming from an extension. you can set your package manager with this setting

npm.packageManager

[frankli0324]

sounds like something that's coming from an extension.

as I said, all extensions were disabled

you can set your package manager with this setting

as I said, "npm.packageManager" setting doesn't provide a "none" option.

[meganrogge]

Why is that a problem for you?

[frankli0324]

do I really have to repeat everything I wrote in the issue?

the behavior modifies and saves a project file without any prompt and attempts to overwrite repeatedly

seriously, I have multiple js environments in my environment, both corepack and very old package manager versions. I prefer not to use corepack in my old project for better collaboration with others, however vscode forces me to do so since package managers would refuse to run if packageManager field specified toolchain mismatches. This is annoying at most, but my core concern is that how am I going to trust vscode with my other project configuration files if that "isn't a problem"?

could you re-open this issue? actually why are you closing this issue in the first place without confirming that it's solved? Issues are not oncalls!

[meganrogge]

I closed because I do not plan to fix this.

[frankli0324]

good for you then

[frankli0324]

I take back the "trust issues" narrative, however this behavior is still surprising. take a look at the PR please

[frankli0324]

I should have attached a screenshot and describe the steps I tried to pin point the issue

I encountered this issue in an empty folder containing a single package.json, an old project, and a newly created project with yarn create

I apologize for my moody expression

[aeschli]

I could not reproduce that npm view --json updates the packageManager property
I tried from the command line with node 20.12.2 / npm 10.5.0

• corepack use yarn
• npm view --json

@frankli0324 Do you have the steps to reproduce this from the command line?

[aeschli]

Verified the fix in code

[frankli0324]

the minimum path from a clean install would be:

brew install corepack
corepack enable npm
npm view --json

and by now this should be true:

➜ head $(which npm)
#!/usr/bin/env node
process.env.COREPACK_ENABLE_DOWNLOAD_PROMPT??='1'
require('./lib/corepack.cjs').runMain(['npm', ...process.argv.slice(2)]);

[aeschli]

corepack is part of node 20, so I used it directly, not using brew (which I don't have on my system)
What's your verion of node?

I kind of think having npm view --json making a modification is a bug in npm.
Not seeing that myself could mean it has been fixed.

[frankli0324]

➜  ~ node -v
v21.7.3

have you enabled the npm pm globally using corepack? that links a npm wrapper to where corepack binary is located, and that wrapper, not npm itself, would overwrite the package json content

see [corepack README]:

https://github.com/nodejs/corepack#:~:text=prevent%20Corepack%20from%20updating%20the%20packageManager%20fieldplease copy and paste since GitHub seems to eat up the text location indication

[frankli0324]

it seems that many other projects including pnpm also ran into similar issues and some debate is still ongoing

https://github.com/pnpm/pnpm/pull/7747/files
nodejs/corepack#419
nodejs/corepack#407
nodejs/node#50963 (comment)

[aeschli]

Ah, the aliases. They were probably not used when I tested it.

[karladler]

I don't really get what's the issue here, but I know, that always, when VScode is open, there is a new line added to my package.json
Is there any way I can stop this madness?

"packageManager": "[email protected]+sha512.2dc70be5fce9f66756d25b00a888f3ca66f86b502b76750e72ba54cec89da767b938c54124595e26f868825688e0fe3552c26c76a330673343057acadd5cfcf2"
}

edit. ok, I added export COREPACK_ENABLE_AUTO_PIN=0 to my ~/.zshrc that seems to work.
I am still confused why vscode seems to trigger this.