feat!: remove `--all` flag (#351)

Force users to opt-in into the package managers they want to support. As more and more package managers are added to Corepack, it's more and more unlikely that our users will be interested in _all_ the package managers Corepack supports, and it is unreasonable to expect Corepack maintainers would be able to perform security audits.
2024-02-17 01:35:11 +01:00 · 2024-02-17 01:35:11 +01:00 · d9c70b91f6
parent 9066ea7995
commit d9c70b91f6
10 changed files with 14 additions and 91 deletions
--- a/README.md
+++ b/README.md
@ -102,9 +102,6 @@ The utility commands detailed in the next section.
  case you'll simply run `corepack pack` to make sure that your image
  includes the Last Known Good release for the specified package manager.

-  - If you want to have _all_ Last Known Good releases for all package managers,
-    just use the `--all` flag which will do just that.
-
 - Or you're publishing your project to a system where the network is
  unavailable, in which case you'll preemptively generate a package manager
  archive from your local computer (using `corepack pack -o`) before storing
@ -185,11 +182,7 @@ This command doesn't change the global version used when running the package
 manager from outside the project (use the \`-g,--global\` flag if you wish
 to do this).

-### `corepack install <-g,--global> [--all] [... name[@<version>]]`
-
-| Option                | Description                                |
-| --------------------- | ------------------------------------------ |
-| `--all`               | Install all Last Known Good releases       |
+### `corepack install <-g,--global> [... name[@<version>]]`

 Install the selected package managers and install them on the system.

@ -197,11 +190,10 @@ Package managers thus installed will be configured as the new default when
 calling their respective binaries outside of projects defining the
 `packageManager` field.

-### `corepack pack [--all] [... name[@<version>]]`
+### `corepack pack [... name[@<version>]]`

 | Option                | Description                                |
 | --------------------- | ------------------------------------------ |
-| `--all`               | Pack all Last Known Good releases          |
 | `--json `             | Print the output folder rather than logs   |
 | `-o,--output `        | Path where to generate the archive         |

--- a/sources/commands/Base.ts
+++ b/sources/commands/Base.ts
@ -8,13 +8,8 @@ import * as nodeUtils               from '../nodeUtils';
 import * as specUtils               from '../specUtils';

 export abstract class BaseCommand extends Command<Context> {
-  async resolvePatternsToDescriptors({all, patterns}: {all: boolean, patterns: Array<string>}) {
-    if (all && patterns.length > 0)
-      throw new UsageError(`The --all option cannot be used along with an explicit package manager specification`);
-
-    const resolvedSpecs = all
-      ? await this.context.engine.getDefaultDescriptors()
-      : patterns.map(pattern => specUtils.parseSpec(pattern, `CLI arguments`, {enforceExactVersion: false}));
+  async resolvePatternsToDescriptors({patterns}: {patterns: Array<string>}) {
+    const resolvedSpecs = patterns.map(pattern => specUtils.parseSpec(pattern, `CLI arguments`, {enforceExactVersion: false}));

    if (resolvedSpecs.length === 0) {
      const lookup = await specUtils.loadSpec(this.context.cwd);
--- a/sources/commands/InstallGlobal.ts
+++ b/sources/commands/InstallGlobal.ts
@ -24,8 +24,8 @@ export class InstallGlobalCommand extends BaseCommand {
      `Install the latest version of Yarn 1.x and make it globally available`,
      `corepack install -g yarn@^1`,
    ], [
-      `Install the latest version of all available package managers, and make them globally available`,
-      `corepack install -g --all`,
+      `Install the latest version of pnpm, and make it globally available`,
+      `corepack install -g pnpm`,
    ]],
  });

@ -33,10 +33,6 @@ export class InstallGlobalCommand extends BaseCommand {
    required: true,
  });

-  all = Option.Boolean(`--all`, false, {
-    description: `If true, all available default package managers will be installed`,
-  });
-
  cacheOnly = Option.Boolean(`--cache-only`, false, {
    description: `If true, the package managers will only be cached, not set as new defaults`,
  });
@ -44,20 +40,14 @@ export class InstallGlobalCommand extends BaseCommand {
  args = Option.Rest();

  async execute() {
-    if (this.args.length === 0 && !this.all)
-      throw new UsageError(`No package managers specified; use --all to install all available package managers, or specify one or more package managers to proceed`);
+    if (this.args.length === 0)
+      throw new UsageError(`No package managers specified`);

-    if (!this.all) {
-      for (const arg of this.args) {
-        if (arg.endsWith(`.tgz`)) {
-          await this.installFromTarball(path.resolve(this.context.cwd, arg));
-        } else {
-          await this.installFromDescriptor(specUtils.parseSpec(arg, `CLI arguments`, {enforceExactVersion: false}));
-        }
-      }
-    } else {
-      for (const descriptor of await this.context.engine.getDefaultDescriptors()) {
-        await this.installFromDescriptor(descriptor);
+    for (const arg of this.args) {
+      if (arg.endsWith(`.tgz`)) {
+        await this.installFromTarball(path.resolve(this.context.cwd, arg));
+      } else {
+        await this.installFromDescriptor(specUtils.parseSpec(arg, `CLI arguments`, {enforceExactVersion: false}));
      }
    }
  }
--- a/sources/commands/InstallLocal.ts
+++ b/sources/commands/InstallLocal.ts
@ -20,7 +20,6 @@ export class InstallLocalCommand extends BaseCommand {

  async execute() {
    const [descriptor] = await this.resolvePatternsToDescriptors({
-      all: false,
      patterns: [],
    });

--- a/sources/commands/Pack.ts
+++ b/sources/commands/Pack.ts
@ -22,16 +22,9 @@ export class PackCommand extends BaseCommand {
    ], [
      `Pack the latest version of Yarn 1.x inside a file named corepack.tgz`,
      `corepack pack yarn@^1`,
-    ], [
-      `Pack the latest versions of all supported package managers inside a file named everything.tgz`,
-      `corepack pack --all -o everything.tgz`,
    ]],
  });

-  all = Option.Boolean(`--all`, false, {
-    description: `If true, all available default package managers will be installed`,
-  });
-
  json = Option.Boolean(`--json`, false, {
    description: `If true, the path to the generated tarball will be printed on stdout`,
  });
@ -44,7 +37,6 @@ export class PackCommand extends BaseCommand {

  async execute() {
    const descriptors = await this.resolvePatternsToDescriptors({
-      all: this.all,
      patterns: this.patterns,
    });

--- a/sources/commands/Up.ts
+++ b/sources/commands/Up.ts
@ -28,7 +28,6 @@ export class UpCommand extends BaseCommand {

  async execute() {
    const [descriptor] = await this.resolvePatternsToDescriptors({
-      all: false,
      patterns: [],
    });

--- a/sources/commands/Use.ts
+++ b/sources/commands/Use.ts
@ -24,7 +24,6 @@ export class UseCommand extends BaseCommand {

  async execute() {
    const [descriptor] = await this.resolvePatternsToDescriptors({
-      all: false,
      patterns: [this.pattern],
    });

--- a/sources/commands/deprecated/Prepare.ts
+++ b/sources/commands/deprecated/Prepare.ts
@ -16,10 +16,6 @@ export class PrepareCommand extends Command<Context> {
    description: `If true, this release will become the default one for this package manager`,
  });

-  all = Option.Boolean(`--all`, false, {
-    description: `If true, all available default package managers will be installed`,
-  });
-
  json = Option.Boolean(`--json`, false, {
    description: `If true, the output will be the path of the generated tarball`,
  });
@ -32,12 +28,7 @@ export class PrepareCommand extends Command<Context> {
  specs = Option.Rest();

  async execute() {
-    if (this.all && this.specs.length > 0)
-      throw new UsageError(`The --all option cannot be used along with an explicit package manager specification`);
-
-    const specs: Array<string | Descriptor> = this.all
-      ? await this.context.engine.getDefaultDescriptors()
-      : this.specs;
+    const specs: Array<string | Descriptor> = this.specs;

    const installLocations: Array<string> = [];

--- a/tests/main.test.ts
+++ b/tests/main.test.ts
@ -403,39 +403,6 @@ it(`should always use fallback version when project spec env is disabled`, async
  });
 });

-it(`should allow to call "corepack install -g --all" to prepare all package managers`, async () => {
-  await xfs.mktempPromise(async cwd => {
-    await xfs.writeJsonPromise(ppath.join(cwd, `package.json` as Filename), {
-      // empty package.json file
-    });
-
-    await expect(runCli(cwd, [`install`, `-g`, `--all`])).resolves.toMatchObject({
-      exitCode: 0,
-      stderr: ``,
-    });
-
-    process.env.COREPACK_ENABLE_NETWORK = `0`;
-
-    await expect(runCli(cwd, [`yarn`, `--version`])).resolves.toMatchObject({
-      stdout: `${config.definitions.yarn.default.split(`+`, 1)[0]}\n`,
-      stderr: ``,
-      exitCode: 0,
-    });
-
-    await expect(runCli(cwd, [`pnpm`, `--version`])).resolves.toMatchObject({
-      stdout: `${config.definitions.pnpm.default.split(`+`, 1)[0]}\n`,
-      stderr: ``,
-      exitCode: 0,
-    });
-
-    await expect(runCli(cwd, [`npm`, `--version`])).resolves.toMatchObject({
-      stdout: `${config.definitions.npm.default.split(`+`, 1)[0]}\n`,
-      stderr: ``,
-      exitCode: 0,
-    });
-  });
-});
-
 it(`should support disabling the network accesses from the environment`, async () => {
  process.env.COREPACK_ENABLE_NETWORK = `0`;

--- a/tests/nock/VurwVdvlR5Rs7xQVs9UCVw-1.dat
+++ b/tests/nock/VurwVdvlR5Rs7xQVs9UCVw-1.dat