Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

proxy quirks #635

Closed
aep-sunlife opened this issue Feb 6, 2025 · 2 comments · Fixed by #636 · May be fixed by #640
Closed

proxy quirks #635

aep-sunlife opened this issue Feb 6, 2025 · 2 comments · Fixed by #636 · May be fixed by #640

Comments

@aep-sunlife
Copy link

  • I don't see the node-proxy-agent dependency registered in package.json. Is this truly the HTTP client framework that corepack uses to download components when running corepack install?
  • node-proxy-agent is a dead project with a successor "proxy-agents". When can we replace the dead proxy dependency with a live one?
  • Despite both corepack and node-proxy-agent documenting uppercase HTTP_PROXY, HTTPS_PROXY environment variables, on my machine only the lowercase ones http_proxy, https_proxy have any effect on whether package installation occurs through a proxy or not.
  • Unlike many other applications, including NPM, corepack fails when presented with the proxy URL's http:// or https:// (no address). The user's intention here is to indicate that no proxy should be used. And these URL values make larger configuration scripting a lot easier.
  • Why not use the same HTTP client as NPM, so that proxy configuration at least behaves identically? Then any questions about configuration can simply link to official NPM documentation. Smaller technology stack, smaller attack surface, less maintenance.
@aduh95 aduh95 mentioned this issue Feb 6, 2025
Merged
@aduh95
Copy link
Contributor

aduh95 commented Feb 6, 2025

Why not use the same HTTP client as NPM […] Smaller technology stack, smaller attack surface

I very much doubt using npm stack would decrease the size of bundle and the attack surface, quite the contrary.

  • I don't see the node-proxy-agent dependency registered in package.json. Is this truly the HTTP client framework that corepack uses to download components when running corepack install?

corepack install is not a thing (yet), but no, we moved away from it with #365.
I've opened #636 to address this.

  • Despite both corepack and node-proxy-agent documenting uppercase HTTP_PROXY, HTTPS_PROXY environment variables, on my machine only the lowercase ones http_proxy, https_proxy have any effect on whether package installation occurs through a proxy or not.
  • Unlike many other applications, including NPM, corepack fails when presented with the proxy URL's http:// or https:// (no address). The user's intention here is to indicate that no proxy should be used. And these URL values make larger configuration scripting a lot easier.

That feels something that should be reported upstream, but I'm not opposed to fix it downstream if someone sends a PR.

@aduh95 aduh95 mentioned this issue Feb 7, 2025
Draft
@aduh95
Copy link
Contributor

aduh95 commented Feb 7, 2025

  • Unlike many other applications, including NPM, corepack fails when presented with the proxy URL's http:// or https:// (no address). The user's intention here is to indicate that no proxy should be used. And these URL values make larger configuration scripting a lot easier.

BTW any reason you're not using NO_PROXY for that?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@aduh95 @aep-sunlife