Bug: corepack ignores COREPACK_NPM_REGISTRY for yarnpkg registry #753
Description
Conditions for bug
npmjs.org and yarnpkg.com are blocked on my laptop
Background and things I've tried
We have an internal registry mirror which mirrors both npmjs and yarnpkg. Due to a recent supply chain attack it is a policy that my laptop blocks both npmjs and yarnpkg so I'm not able to reach them directly. All of my JS RC files are set to reach out to corporate proxy:
~/.npmrc~/.yarnrc~/.yarnrc.yml
I learned that corepack ignores all of these files and instead reaches out to registries directly. I was able to partially work around this by setting the following environment variable.
export COREPACK_NPM_REGISTRY="<my corporate proxy>"
Setting this environment variable gets me past errors for registry.npmjs.org but still triggers errors for registry.yarnpkg.com.
Potentially buggy lines of code
Line 119 in 7e0758e
corepack/sources/corepackUtils.ts
Lines 233 to 256 in 7e0758e
corepack/sources/npmRegistryUtils.ts
Line 14 in 7e0758e
Because https://registry.yarnpkg.com does not match https://registry.npmjs.org there's no proxying available.
Desired solution
- Ideally: adhere to
~/.yarnrc.yml - Or adhere to
COREPACK_NPM_REGISTRY - Or introduce a new environment variable
COREPACK_YARN_REGISTRY - Or more robust environment variable which allows one to substitute multiple registries via some kind of expression syntax.