-
Notifications
You must be signed in to change notification settings - Fork 172
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
COREPACK_ENABLE_AUTO_PIN
should default to 0
#485
Comments
Same thing here. I think nobody wants their package.json to be automatically modified on any command one could do. And even less on packages you do not own. I do NOT want to add this field on packages I do not own just because I contributed to it for a small fix or something. Discoverability of such a feature is also bad, especially for juniors that will 100% fail to understand the implications of the new field and how to disable the feature (the env variable is not even part of the upgrade message). For sure we'll be getting PRs on many projects adding the field with random versions the others might have installed at the moment they made their fix, and it'll create unnecessary back and forth to ask to remove it. This is even worse because in some of my use cases, the |
Note that it can (and should) in my opinion be fixed before the next version of node is released or the problem will most likely blow up. For reference this was added by #413 in version 0.26. Original issue was #399. I think that a warning can be printed by default instead of directly modifying the |
I also believe that this should be disabled by default. If we have to synchronize this environment variable within the team to prevent everyone from enabling it, that would be terrible. |
At least allow it to be set in npmrc instead of an environment variable so project managers can force it off for everyone. |
For me its another use case. I create a lot or demos, samples and help students with their code. I don't know the environment of each person, and I deal with a lot of different repositories and companies. Creating this Yes, having an option to disable on I did set |
there're other monorepo tools like Rush which support pin packageManager version without using corepack, when run pnpm commands in these tools, the auto pin behavior may make inconsistent version than the version specified by monorepo tools. |
I don't want to use corepack. However, this setting means that every single contributor to my project will need to set
COREPACK_ENABLE_AUTO_PIN=0
and be careful not to accidentally check in thepackageManager
field since corepack will automatically add that field to force itself upon any project you use. This is even more annoying since pnpm can't be used without corepack once thepackageManager
field is present: pnpm/pnpm#8087The text was updated successfully, but these errors were encountered: