feat: add cnpm to corepack #333
Conversation
Could it be possible to drop that and download ready-to-be-used code instead? |
> 修改构建配置,将 cnpm 运行依赖进行 bundle 处理,see nodejs/corepack#333 1. 期望 cnpm 能直接集成在 corepack 中作为 nodejs 预置的包管理器 2. 目前其他 pnpm、npm 和 yarn 都会做 bundle 处理,cnpm 由于集成了 npm,只能继续使用 bundleDeps 的方式打包 corepack 通过 tgz 进行分发, 没有时机执行相关依赖安装。 尝试过两种方式进行 bundle: 1. ❎ 通过 esbuild,无法处理 require.resolve npm 的场景,考虑到依赖稳定性需要将 npm 一并 bundle 2. ✅ 通过 bundleDeps 配置 两种方式都需要通过 `npm` mode 进行安装 目前 bundle 后 tgz 体积为 `8.7M`,和 pnpm,yarn 相比差距较大 (~2M)
elrrrrrrr
force-pushed
the
cnpm
branch
2 times, most recently
from
229e83f
to
966b3ec
Compare
elrrrrrrr
force-pushed
the
cnpm
branch
2 times, most recently
from
0999d8b
to
6856b78
Compare
|
cc @nodejs/security-wg |
There was a problem hiding this comment.
I confirm that cnpm is a helpful alternative to npm in China where registry.npmjs.org may be hardly reachable for common users. https://registry.npmmirror.com is a mirror of registry.npmjs.org for users based in China to get better access to npm packages.
It would definitely help users get started with Node.js and install npm dependencies in China.
I support adding cnpm and npmmirror.com to corepack.
Co-authored-by: Antoine du Hamel <[email protected]>
Co-authored-by: Antoine du Hamel <[email protected]>
Co-authored-by: Antoine du Hamel <[email protected]>
Co-authored-by: Antoine du Hamel <[email protected]>
|
Can't review the code per-se myself, but I can also confirm that cnpm is a trust-worthy alternative primarily sponsored by Alibaba to help Node.js developers in China work around the network issues in the public network in China & create private registries within a company. |
Co-authored-by: Kristoffer K. <[email protected]>
|
I'm not familiar with cnpm, so couple of questions:
|
|
Thank you for your interest and questions about cnpm. I am pleased to provide you with the following clarifications:
Indeed, we offer a complete read-only mirror service capability. Developers can directly configure the registry address and use yarn, pnpm, or any package manager of their choice. However, we still provide an independent client, mainly to handle the following scenarios:
Like all websites accessible within China, cnpm aligns with the country's internet and data regulations. For over 10 years, it has been reliably serving users while adhering to Mainland China's regulatory requirements. This compliance ensures that cnpm's default registry undergoes thorough network filing and security scanning, aligning with local policy standards. Our commitment is to provide reliable and compliant services to developers, not just in China but globally, always mindful of the legal nuances in different regions.
cnpm includes npm to ensure maximum compatibility. In the corporate environment, we also offer some extended capabilities. We continue to advance related open-source work, including:
These features, in addition to changes on the registry side, also require client-side adaptation. Please let me know if you have any further questions or need more information. 🙏🏻 |
|
Whether or not to support setting registry to https://registry.npmmirror.com/ when not using cnpm? |
| "versions": "versions", | ||
| "tags": "dist-tags" | ||
| } | ||
| } |
There was a problem hiding this comment.
We should probably provide mentioned for the npm package, see #339
| } | |
| }, | |
| "npmRegistry": { | |
| "type": "npm", | |
| "package": "cnpm" | |
| }, |
| Npm = `npm`, | ||
| Pnpm = `pnpm`, | ||
| Yarn = `yarn`, | ||
| Cnpm = `cnpm`, |
There was a problem hiding this comment.
nit: ASCII/alphabetical order
| Npm = `npm`, | |
| Pnpm = `pnpm`, | |
| Yarn = `yarn`, | |
| Cnpm = `cnpm`, | |
| Cnpm = `cnpm`, | |
| Npm = `npm`, | |
| Pnpm = `pnpm`, | |
| Yarn = `yarn`, |
🪝 Add apost-installhook to install cnpm-related dependencies.Fixes: #331