79411935

Date: 2025-02-04 13:59:57
Score: 3
Natty:
Report link

how could this suddenly happen?

The issue occurred because the signing keys on https://registry.npmjs.org/-/npm/v1/keys were rotated and newly signed releases from pnpm caused Corepack to fail verification.

You can find background discussions from users in the Corepack issue #612

is this a legitimate fix?

You have disabled Corepack and you are installing the latest version of pnpm. This is a supported way to install pnpm, so it is legitimate. Only you can decide if that is what you want.

If you want to return to using Corepack, you can read the recommendations for workarounds in Comment from the Corepack maintainer team.

The issue is fixed in [email protected] which is so far rolled out with Node.js 23.7.0.

According to Corepack issue #627, the Node.js team says that the Corepack fix is eligible for rollout to Node.js LTS two weeks after the release on Jan 30, 2025 through Node.js 23.7.0.

Reasons:
  • RegEx Blacklisted phrase (1.5): fix?
  • Long answer (-0.5):
  • No code block (0.5):
  • Contains question mark (0.5):
  • Starts with a question (0.5): how
  • Low reputation (0.5):
Posted by: MikeMcC399