You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
After updating to version 0.27, I'm required to set COREPACK_INTEGRITY_KEYS="" to overcome the lack of signature keys in the payload returned by a JFrog private registry.
The environment variable is properly recognized when calling corepack directly, but it ends up ignored when corepack is spawned by other tools, such as Renovate and Jenkins. Those filter out empty environment variables, leading to an unexpected error:
/usr/lib/node_modules/corepack/dist/lib/corepack.cjs:22685
const key = keys.find(({ keyid }) => signatures.some((s) => s.keyid === keyid));
^
TypeError: Cannot read properties of undefined (reading 'some')
at /usr/lib/node_modules/corepack/dist/lib/corepack.cjs:22685:51
at Array.find (<anonymous>)
at verifySignature (/usr/lib/node_modules/corepack/dist/lib/corepack.cjs:22685:20)
at installVersion (/usr/lib/node_modules/corepack/dist/lib/corepack.cjs:23037:7)
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async Engine.ensurePackageManager (/usr/lib/node_modules/corepack/dist/lib/corepack.cjs:23449:32)
at async Engine.executePackageManagerRequest (/usr/lib/node_modules/corepack/dist/lib/corepack.cjs:23545:25)
at async Object.runMain (/usr/lib/node_modules/corepack/dist/lib/corepack.cjs:24232:5)
For better support reasons, I suggest that COREPACK_INTEGRITY_KEYS also support 0 and/or false as possible values for disabling the signature validation.
The text was updated successfully, but these errors were encountered:
After updating to version
0.27
, I'm required to setCOREPACK_INTEGRITY_KEYS=""
to overcome the lack of signature keys in the payload returned by a JFrog private registry.The environment variable is properly recognized when calling
corepack
directly, but it ends up ignored whencorepack
is spawned by other tools, such as Renovate and Jenkins. Those filter out empty environment variables, leading to an unexpected error:For better support reasons, I suggest that
COREPACK_INTEGRITY_KEYS
also support0
and/orfalse
as possible values for disabling the signature validation.The text was updated successfully, but these errors were encountered: