Use corepack for managing yarn version

[trivikr]

Fixes: #598

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
jscodeshift	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 15, 2024 3:20am

[Daniel15]

The Node.js site says that Corepack is experimental: https://nodejs.org/api/corepack.html. Do you know if there's a risk of breaking changes that could cause issues, or a timeline for a stable release? The readme should probably also have non-Corepack instructions for people using older Node.js versions.

[trivikr]

Do you know if there's a risk of breaking changes that could cause issues

If Node.js removes corepack, most developers on yarn will ideally switch to installing it globally using npm install -g corepack, and it'll work in the same way.

a timeline for a stable release?

No one knows. We've been trying to push since May'22 in nodejs/corepack#104, but Node.js TSC is not able to arrive at a decision.

The readme should probably also have non-Corepack instructions for people using older Node.js versions.

Corepack is available in all Node.js versions supported by jscodeshift. And these instructions are for contributors of jscodeshift, and not users.

[Daniel15]

Sounds good to me! Thank you.

[Daniel15]

@trivikr We should probably add an SHA hash as documented in the Corepack readme: https://github.com/nodejs/corepack?tab=readme-ov-file#when-authoring-packages to reduce the risk of supply chain attacks (having said that, I've been doing the Yarn 1.x packaging, and I trust myself 😛)

[trivikr]

We should probably add an SHA hash as documented in the Corepack readme: https://github.com/nodejs/corepack?tab=readme-ov-file#when-authoring-packages

PR to add sha #602