{"id":13484961,"url":"https://github.com/nodejs/corepack","last_synced_at":"2025-05-13T15:02:21.901Z","repository":{"id":37022321,"uuid":"246865548","full_name":"nodejs/corepack","owner":"nodejs","description":"Zero-runtime-dependency package acting as bridge between Node projects and their package managers","archived":false,"fork":false,"pushed_at":"2025-05-10T10:00:10.000Z","size":847393,"stargazers_count":2927,"open_issues_count":120,"forks_count":202,"subscribers_count":33,"default_branch":"main","last_synced_at":"2025-05-12T23:26:47.902Z","etag":null,"topics":["nodejs","npm","pnpm","yarn"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nodejs.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE.md","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null},"funding":{"github":"nodejs","open_collective":"nodejs"}},"created_at":"2020-03-12T15:14:09.000Z","updated_at":"2025-05-12T19:21:40.000Z","dependencies_parsed_at":"2024-04-29T22:35:10.175Z","dependency_job_id":"6866f5bb-bb1d-45d5-8e09-4a0705e425b0","html_url":"https://github.com/nodejs/corepack","commit_stats":{"total_commits":354,"total_committers":43,"mean_commits":8.232558139534884,"dds":0.7401129943502824,"last_synced_commit":"256cf8aaa4c56df8b3ec8a230ee683ce6f691d21"},"previous_names":[],"tags_count":46,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodejs%2Fcorepack","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodejs%2Fcorepack/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodejs%2Fcorepack/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nodejs%2Fcorepack/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nodejs","download_url":"https://codeload.github.com/nodejs/corepack/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":253968057,"owners_count":21992252,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["nodejs","npm","pnpm","yarn"],"created_at":"2024-07-31T17:01:40.386Z","updated_at":"2025-05-13T15:02:21.848Z","avatar_url":"https://github.com/nodejs.png","language":"TypeScript","readme":"# \u003cimg src=\"./icon.svg\" height=\"25\" /\u003e corepack\n\n[![Join us on OpenJS slack (channel #nodejs-corepack)](https://img.shields.io/badge/OpenJS%20Slack-%23nodejs--corepack-blue)](https://slack-invite.openjsf.org/)\n\nCorepack is a zero-runtime-dependency Node.js script that acts as a bridge\nbetween Node.js projects and the package managers they are intended to be used\nwith during development. In practical terms, **Corepack lets you use Yarn, npm,\nand pnpm without having to install them**.\n\n## How to Install\n\n### Default Installs\n\nCorepack is [distributed by default with all recent Node.js versions](https://nodejs.org/api/corepack.html).\nRun `corepack enable` to install the required Yarn and pnpm binaries on your path.\n\n### Manual Installs\n\n\u003cdetails\u003e\n\u003csummary\u003eInstall Corepack using npm\u003c/summary\u003e\n\nFirst uninstall your global Yarn and pnpm binaries (just leave npm). In general,\nyou'd do this by running the following command:\n\n```shell\nnpm uninstall -g yarn pnpm\n\n# That should be enough, but if you installed Yarn without going through npm it might\n# be more tedious - for example, you might need to run `brew uninstall yarn` as well.\n```\n\nThen install Corepack:\n\n```shell\nnpm install -g corepack\n```\n\nWe do acknowledge the irony and overhead of using npm to install Corepack, which\nis at least part of why the preferred option is to use the Corepack version that\nis distributed along with Node.js itself.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\u003csummary\u003eUpdate Corepack using npm\u003c/summary\u003e\n\nTo install the latest version of Corepack, use:\n\n```shell\nnpm install -g corepack@latest\n```\n\nIf Corepack was installed on your system using a Node.js Windows Installer\n`.msi` package then you might need to remove it before attempting to install a\ndifferent version of Corepack using npm. You can select the Modify option of the\nNode.js app settings to access the Windows Installer feature selection, and on\nthe \"corepack manager\" feature of the Node.js `.msi` package by selecting\n\"Entire feature will be unavailable\". See\n[Repair apps and programs in Windows](https://support.microsoft.com/en-us/windows/repair-apps-and-programs-in-windows-e90eefe4-d0a2-7c1b-dd59-949a9030f317)\nfor instructions on accessing the Windows apps page to modify settings.\n\n\u003c/details\u003e\n\n\u003cdetails\u003e\u003csummary\u003eInstall Corepack from source\u003c/summary\u003e\n\nSee [`CONTRIBUTING.md`](./CONTRIBUTING.md).\n\n\u003c/details\u003e\n\n## Usage\n\n### When Building Packages\n\nJust use your package managers as you usually would. Run `yarn install` in Yarn\nprojects, `pnpm install` in pnpm projects, and `npm` in npm projects. Corepack\nwill catch these calls, and depending on the situation:\n\n- **If the local project is configured for the package manager you're using**,\n  Corepack will download and cache the latest compatible version.\n\n- **If the local project is configured for a different package manager**,\n  Corepack will request you to run the command again using the right package\n  manager - thus avoiding corruptions of your install artifacts.\n\n- **If the local project isn't configured for any package manager**, Corepack\n  will assume that you know what you're doing, and will use whatever package\n  manager version has been pinned as \"known good release\". Check the relevant\n  section for more details.\n\n### When Authoring Packages\n\nSet your package's manager with the `packageManager` field in `package.json`:\n\n```json\n{\n  \"packageManager\": \"yarn@3.2.3+sha224.953c8233f7a92884eee2de69a1b92d1f2ec1655e66d08071ba9a02fa\"\n}\n```\n\nHere, `yarn` is the name of the package manager, specified at version `3.2.3`,\nalong with the SHA-224 hash of this version for validation.\n`packageManager@x.y.z` is required. The hash is optional but strongly\nrecommended as a security practice. Permitted values for the package manager are\n`yarn`, `npm`, and `pnpm`.\n\nYou can also provide a URL to a `.js` file (which will be interpreted as a\nCommonJS module) or a `.tgz` file (which will be interpreted as a package, and\nthe `\"bin\"` field of the `package.json` will be used to determine which file to\nuse in the archive).\n\n```json\n{\n  \"packageManager\": \"yarn@https://registry.npmjs.org/@yarnpkg/cli-dist/-/cli-dist-3.2.3.tgz#sha224.16a0797d1710d1fb7ec40ab5c3801b68370a612a9b66ba117ad9924b\"\n}\n```\n\n#### `devEngines.packageManager`\n\nWhen a `devEngines.packageManager` field is defined, and is an object containing\na `\"name\"` field (can also optionally contain `version` and `onFail` fields),\nCorepack will use it to validate you're using a compatible package manager.\n\nDepending on the value of `devEngines.packageManager.onFail`:\n\n- if set to `ignore`, Corepack won't print any warning or error.\n- if unset or set to `error`, Corepack will throw an error in case of a mismatch.\n- if set to `warn` or some other value, Corepack will print a warning in case\n  of mismatch.\n\nIf the top-level `packageManager` field is missing, Corepack will use the\npackage manager defined in `devEngines.packageManager` – in which case you must\nprovide a specific version in `devEngines.packageManager.version`, ideally with\na hash, as explained in the previous section:\n\n```json\n{\n  \"devEngines\":{\n    \"packageManager\": {\n      \"name\": \"yarn\",\n      \"version\": \"3.2.3+sha224.953c8233f7a92884eee2de69a1b92d1f2ec1655e66d08071ba9a02fa\"\n    }\n  }\n}\n```\n\n## Known Good Releases\n\nWhen running Corepack within projects that don't list a supported package\nmanager, it will default to a set of Known Good Releases.\n\nIf there is no Known Good Release for the requested package manager, Corepack\nlooks up the npm registry for the latest available version and cache it for\nfuture use.\n\nThe Known Good Releases can be updated system-wide using `corepack install -g`.\nWhen Corepack downloads a new version of a given package manager on the same\nmajor line as the Known Good Release, it auto-updates it by default.\n\n## Offline Workflow\n\nThe utility commands detailed in the next section.\n\n- Either you can use the network while building your container image, in which\n  case you'll simply run `corepack pack` to make sure that your image\n  includes the Last Known Good release for the specified package manager.\n\n- Or you're publishing your project to a system where the network is\n  unavailable, in which case you'll preemptively generate a package manager\n  archive from your local computer (using `corepack pack -o`) before storing\n  it somewhere your container will be able to access (for example within your\n  repository). After that it'll just be a matter of running\n  `corepack install -g --cache-only \u003cpath/to/corepack.tgz\u003e` to setup the cache.\n\n## Utility Commands\n\n### `corepack \u003cbinary name\u003e[@\u003cversion\u003e] [... args]`\n\nThis meta-command runs the specified package manager in the local folder. You\ncan use it to force an install to run with a given version, which can be useful\nwhen looking for regressions.\n\nNote that those commands still check whether the local project is configured for\nthe given package manager (ie you won't be able to run `corepack yarn install`\non a project where the `packageManager` field references `pnpm`).\n\n### `corepack cache clean`\n\nClears the local `COREPACK_HOME` cache directory.\n\n### `corepack cache clear`\n\nClears the local `COREPACK_HOME` cache directory.\n\n### `corepack enable [... name]`\n\n| Option                | Description                             |\n| --------------------- | --------------------------------------- |\n| `--install-directory` | Add the shims to the specified location |\n\nThis command will detect where Corepack is installed and will create shims next\nto it for each of the specified package managers (or all of them if the command\nis called without parameters). Note that the npm shims will not be installed\nunless explicitly requested, as npm is currently distributed with Node.js\nthrough other means.\n\nIf the file system where the `corepack` binary is located is read-only, this\ncommand will fail. A workaround is to add the binaries as alias in your\nshell configuration file (e.g. in `~/.bash_aliases`):\n\n```sh\nalias yarn=\"corepack yarn\"\nalias yarnpkg=\"corepack yarnpkg\"\nalias pnpm=\"corepack pnpm\"\nalias pnpx=\"corepack pnpx\"\nalias npm=\"corepack npm\"\nalias npx=\"corepack npx\"\n```\n\nOn Windows PowerShell, you can add functions using the `$PROFILE` automatic\nvariable:\n\n```powershell\necho \"function yarn { corepack yarn `$args }\" \u003e\u003e $PROFILE\necho \"function yarnpkg { corepack yarnpkg `$args }\" \u003e\u003e $PROFILE\necho \"function pnpm { corepack pnpm `$args }\" \u003e\u003e $PROFILE\necho \"function pnpx { corepack pnpx `$args }\" \u003e\u003e $PROFILE\necho \"function npm { corepack npm `$args }\" \u003e\u003e $PROFILE\necho \"function npx { corepack npx `$args }\" \u003e\u003e $PROFILE\n```\n\n### `corepack disable [... name]`\n\n| Option                | Description                                |\n| --------------------- | ------------------------------------------ |\n| `--install-directory` | Remove the shims to the specified location |\n\nThis command will detect where Node.js is installed and will remove the shims\nfrom there.\n\n### `corepack install`\n\nDownload and install the package manager configured in the local project.\nThis command doesn't change the global version used when running the package\nmanager from outside the project (use the \\`-g,--global\\` flag if you wish\nto do this).\n\n### `corepack install \u003c-g,--global\u003e [... name[@\u003cversion\u003e]]`\n\nInstall the selected package managers and install them on the system.\n\nPackage managers thus installed will be configured as the new default when\ncalling their respective binaries outside of projects defining the\n`packageManager` field.\n\n### `corepack pack [... name[@\u003cversion\u003e]]`\n\n| Option                | Description                                |\n| --------------------- | ------------------------------------------ |\n| `--json `             | Print the output folder rather than logs   |\n| `-o,--output `        | Path where to generate the archive         |\n\nDownload the selected package managers and store them inside a tarball\nsuitable for use with `corepack install -g`.\n\n### `corepack use \u003cname[@\u003cversion\u003e]\u003e`\n\nWhen run, this command will retrieve the latest release matching the provided\ndescriptor, assign it to the project's package.json file, and automatically\nperform an install.\n\n### `corepack up`\n\nRetrieve the latest available version for the current major release line of\nthe package manager used in the local project, and update the project to use\nit.\n\nUnlike `corepack use` this command doesn't take a package manager name nor a\nversion range, as it will always select the latest available version from the\nrange specified in `devEngines.packageManager.version`, or fallback to the\nsame major line. Should you need to upgrade to a new major, use an explicit\n`corepack use {name}@latest` call (or simply `corepack use {name}`).\n\n## Environment Variables\n\n- `COREPACK_DEFAULT_TO_LATEST` can be set to `0` in order to instruct Corepack\n  not to lookup on the remote registry for the latest version of the selected\n  package manager, and to not update the Last Known Good version when it\n  downloads a new version of the same major line.\n\n- `COREPACK_ENABLE_AUTO_PIN` can be set to `0` to prevent Corepack from\n  updating the `packageManager` field when it detects that the local package\n  doesn't list it. In general we recommend to always list a `packageManager`\n  field (which you can easily set through `corepack use [name]@[version]`), as\n  it ensures that your project installs are always deterministic.\n\n- `COREPACK_ENABLE_DOWNLOAD_PROMPT` can be set to `0` to\n  prevent Corepack showing the URL when it needs to download software, or can be\n  set to `1` to have the URL shown. By default, when Corepack is called\n  explicitly (e.g. `corepack pnpm …`), it is set to `0`; when Corepack is called\n  implicitly (e.g. `pnpm …`), it is set to `1`.\n  The default value cannot be overridden in a `.corepack.env` file.\n  When standard input is a TTY and no CI environment is detected, Corepack will\n  ask for user input before starting the download.\n\n- `COREPACK_ENABLE_UNSAFE_CUSTOM_URLS` can be set to `1` to allow use of\n  custom URLs to load a package manager known by Corepack (`yarn`, `npm`, and\n  `pnpm`).\n\n- `COREPACK_ENABLE_NETWORK` can be set to `0` to prevent Corepack from accessing\n  the network (in which case you'll be responsible for hydrating the package\n  manager versions that will be required for the projects you'll run, using\n  `corepack install -g --cache-only`).\n\n- `COREPACK_ENABLE_STRICT` can be set to `0` to prevent Corepack from throwing\n  error if the package manager does not correspond to the one defined for the\n  current project. This means that if a user is using the package manager\n  specified in the current project, it will use the version specified by the\n  project's `packageManager` field. But if the user is using other package\n  manager different from the one specified for the current project, it will use\n  the system-wide package manager version.\n\n- `COREPACK_ENABLE_PROJECT_SPEC` can be set to `0` to prevent Corepack from\n  checking if the package manager corresponds to the one defined for the current\n  project. This means that it will always use the system-wide package manager\n  regardless of what is being specified in the project's `packageManager` field.\n\n- `COREPACK_ENV_FILE` can be set to `0` to request Corepack to not attempt to\n  load `.corepack.env`; it can be set to a path to specify a different env file.\n  Only keys that start with `COREPACK_` and are not in the exception list\n  (`COREPACK_ENABLE_DOWNLOAD_PROMPT` and `COREPACK_ENV_FILE` are ignored)\n  will be taken into account.\n  For Node.js 18.x users, this setting has no effect as that version doesn't\n  support parsing of `.env` files.\n\n- `COREPACK_HOME` can be set in order to define where Corepack should install\n  the package managers. By default it is set to `%LOCALAPPDATA%\\node\\corepack`\n  on Windows, and to `$HOME/.cache/node/corepack` everywhere else.\n\n- `COREPACK_ROOT` has no functional impact on Corepack itself; it's\n  automatically being set in your environment by Corepack when it shells out to\n  the underlying package managers, so that they can feature-detect its presence\n  (useful for commands like `yarn init`).\n\n- `COREPACK_NPM_REGISTRY` sets the registry base url used when retrieving\n  package managers from npm. Default value is `https://registry.npmjs.org`\n\n- `COREPACK_NPM_TOKEN` sets a Bearer token authorization header when connecting\n  to a npm type registry.\n\n- `COREPACK_NPM_USERNAME` and `COREPACK_NPM_PASSWORD` to set a Basic\n  authorization header when connecting to a npm type registry. Note that both\n  environment variables are required and as plain text. If you want to send an\n  empty password, explicitly set `COREPACK_NPM_PASSWORD` to an empty string.\n\n- `HTTP_PROXY`, `HTTPS_PROXY`, and `NO_PROXY` are supported through\n  [`proxy-from-env`](https://github.com/Rob--W/proxy-from-env).\n\n- `COREPACK_INTEGRITY_KEYS` can be set to an empty string or `0` to\n  instruct Corepack to skip integrity checks, or to a JSON string containing\n  custom keys.\n\n## Troubleshooting\n\nThe environment variable `DEBUG` can be set to `corepack` to enable additional debug logging.\n\n### Networking\n\nThere are a wide variety of networking issues that can occur while running\n`corepack` commands. Things to check:\n\n- Make sure your network connection is active.\n- Make sure the host for your request can be resolved by your DNS; try using\n  `curl [URL]` (ipv4) and `curl -6 [URL]` (ipv6) from your shell.\n- Check your proxy settings (see [Environment Variables](#environment-variables)).\n\n## Contributing\n\nSee [`CONTRIBUTING.md`](./CONTRIBUTING.md).\n\n## License (MIT)\n\nSee [`LICENSE.md`](./LICENSE.md).\n","funding_links":["https://github.com/sponsors/nodejs","https://opencollective.com/nodejs"],"categories":["TypeScript","npm","Project Management"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodejs%2Fcorepack","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnodejs%2Fcorepack","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnodejs%2Fcorepack/lists"}