nodejs · zanminkian · Apr 10, 2025 · Apr 14, 2025 · Apr 14, 2025 · Apr 14, 2025
diff --git a/README.md b/README.md
@@ -341,7 +341,9 @@ same major line. Should you need to upgrade to a new major, use an explicit
   (useful for commands like `yarn init`).
 
 - `COREPACK_NPM_REGISTRY` sets the registry base url used when retrieving
-  package managers from npm. Default value is `https://registry.npmjs.org`
+  package managers from npm. Default value is the result of command
+  `npm config get registry`, which is typically `https://registry.npmjs.org`
+  unless it has been customized.
 
 - `COREPACK_NPM_TOKEN` sets a Bearer token authorization header when connecting
   to a npm type registry.

diff --git a/package.json b/package.json
@@ -32,6 +32,7 @@
     "esbuild": "^0.25.0",
     "eslint": "^9.22.0",
     "proxy-from-env": "^1.1.0",
+    "registry-url": "^7.2.0",
     "semver": "^7.6.3",
     "supports-color": "^10.0.0",
     "tar": "^7.4.0",

diff --git a/sources/corepackUtils.ts b/sources/corepackUtils.ts
@@ -230,6 +230,7 @@ export async function installVersion(installTarget: string, locator: Locator, {s
   let signatures: Array<{keyid: string, sig: string}>;
   let integrity: string;
   let binPath: string | null = null;
+  const registryUrl = npmRegistryUtils.getRegistryUrl();
   if (locatorIsASupportedPackageManager) {
     url = spec.url.replace(`{}`, version);
     if (process.env.COREPACK_NPM_REGISTRY) {
@@ -240,17 +241,17 @@ export async function installVersion(installTarget: string, locator: Locator, {s
           binPath = registry.bin;
         }
       }
-      url = url.replace(
-        npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL,
-        () => process.env.COREPACK_NPM_REGISTRY!,
-      );
     }
+    url = url.replace(
+      npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL,
+      () => registryUrl,
+    );
   } else {
     url = decodeURIComponent(version);
-    if (process.env.COREPACK_NPM_REGISTRY && url.startsWith(npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL)) {
+    if (url.startsWith(npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL)) {
       url = url.replace(
         npmRegistryUtils.DEFAULT_NPM_REGISTRY_URL,
-        () => process.env.COREPACK_NPM_REGISTRY!,
+        () => registryUrl,
       );
     }
   }

diff --git a/sources/httpUtils.ts b/sources/httpUtils.ts
@@ -1,10 +1,10 @@
-import assert                     from 'assert';
-import {UsageError}               from 'clipanion';
-import {once}                     from 'events';
-import {stderr, stdin}            from 'process';
-import {Readable}                 from 'stream';
+import assert           from 'assert';
+import {UsageError}     from 'clipanion';
+import {once}           from 'events';
+import {stderr, stdin}  from 'process';
+import {Readable}       from 'stream';
 
-import {DEFAULT_NPM_REGISTRY_URL} from './npmRegistryUtils';
+import {getRegistryUrl} from './npmRegistryUtils';
 
 async function fetch(input: string | URL, init?: RequestInit) {
   if (process.env.COREPACK_ENABLE_NETWORK === `0`)
@@ -29,7 +29,7 @@ async function fetch(input: string | URL, init?: RequestInit) {
     input.username = input.password = ``;
   }
 
-  if (input.origin === (process.env.COREPACK_NPM_REGISTRY || DEFAULT_NPM_REGISTRY_URL) && process.env.COREPACK_NPM_TOKEN) {
+  if (process.env.COREPACK_NPM_TOKEN && input.origin === getRegistryUrl()) {
     headers =  {
       ...headers,
       authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,

diff --git a/sources/npmRegistryUtils.ts b/sources/npmRegistryUtils.ts
@@ -1,5 +1,6 @@
 import {UsageError}               from 'clipanion';
 import {createVerify}             from 'crypto';
+import registryUrl, {defaultUrl}  from 'registry-url';
 
 import defaultConfig              from '../config.json';
 
@@ -11,10 +12,20 @@ import * as httpUtils             from './httpUtils';
 export const DEFAULT_HEADERS: Record<string, string> = {
   [`Accept`]: `application/vnd.npm.install-v1+json; q=1.0, application/json; q=0.8`,
 };
-export const DEFAULT_NPM_REGISTRY_URL = `https://registry.npmjs.org`;
+
+const normalize = (url: string) => url.endsWith(`/`) ? url.slice(0, -1) : url;
+
+export const DEFAULT_NPM_REGISTRY_URL = normalize(defaultUrl);
+
+export function getRegistryUrl() {
+  if (process.env.COREPACK_NPM_REGISTRY)
+    return process.env.COREPACK_NPM_REGISTRY;
+
+  return normalize(registryUrl());
+}
 
 export async function fetchAsJson(packageName: string, version?: string) {
-  const npmRegistryUrl = process.env.COREPACK_NPM_REGISTRY || DEFAULT_NPM_REGISTRY_URL;
+  const npmRegistryUrl = getRegistryUrl();
 
   if (process.env.COREPACK_ENABLE_NETWORK === `0`)
     throw new UsageError(`Network access disabled by the environment; can't reach npm repository ${npmRegistryUrl}`);

diff --git a/tests/main.test.ts b/tests/main.test.ts
@@ -1315,6 +1315,30 @@ it(`should download latest pnpm from custom registry`, async () => {
   });
 });
 
+it(`should download from npm registry url by default`, async () => {
+  await xfs.mktempPromise(async cwd => {
+    process.env.npm_config_registry = `https://registry.npmmirror.com`;
+    process.env.COREPACK_ENABLE_DOWNLOAD_PROMPT = `1`;
+
+    await xfs.writeJsonPromise(ppath.join(cwd, `package.json` as Filename), {
+      packageManager: `[email protected]`,
+    });
+
+    await expect(runCli(cwd, [`pnpm`, `--version`])).resolves.toMatchObject({
+      exitCode: 0,
+      stdout: `10.1.0\n`,
+      stderr: `! Corepack is about to download https://registry.npmmirror.com/pnpm/-/pnpm-10.1.0.tgz\n`,
+    });
+
+    // Should keep working with cache
+    await expect(runCli(cwd, [`pnpm`, `--version`])).resolves.toMatchObject({
+      exitCode: 0,
+      stdout: `10.1.0\n`,
+      stderr: ``,
+    });
+  });
+});
+
 describe(`should pick up COREPACK_INTEGRITY_KEYS from env`, () => {
   beforeEach(() => {
     process.env.AUTH_TYPE = `COREPACK_NPM_TOKEN`; // See `_registryServer.mjs`

diff --git a/tests/npmRegistryUtils.test.ts b/tests/npmRegistryUtils.test.ts
@@ -20,6 +20,7 @@ describe(`npm registry utils fetchAsJson`, () => {
   });
 
   it(`loads from DEFAULT_NPM_REGISTRY_URL by default`, async () => {
+    process.env.npm_config_registry = `https://registry.npmjs.org`;
     await fetchAsJson(`package-name`);
 
     expect(httpFetchAsJson).toBeCalled();
@@ -35,9 +36,19 @@ describe(`npm registry utils fetchAsJson`, () => {
     expect(httpFetchAsJson).lastCalledWith(`${process.env.COREPACK_NPM_REGISTRY}/package-name`, {headers: DEFAULT_HEADERS});
   });
 
+  it(`loads from npm registry url`, async () => {
+    // `process.env` is reset after each tests in setupTests.js.
+    process.env.npm_config_registry = `https://registry.example.org`;
+    await fetchAsJson(`package-name`);
+
+    expect(httpFetchAsJson).toBeCalled();
+    expect(httpFetchAsJson).lastCalledWith(`${process.env.npm_config_registry}/package-name`, {headers: DEFAULT_HEADERS});
+  });
+
   it(`adds authorization header with bearer token if COREPACK_NPM_TOKEN is set`, async () => {
     // `process.env` is reset after each tests in setupTests.js.
     process.env.COREPACK_NPM_TOKEN = `foo`;
+    process.env.npm_config_registry = `https://registry.npmjs.org`;
 
     await fetchAsJson(`package-name`);
 
@@ -48,11 +59,26 @@ describe(`npm registry utils fetchAsJson`, () => {
     }});
   });
 
+  it(`uses npm registry url if COREPACK_NPM_TOKEN is set`, async () => {
+    // `process.env` is reset after each tests in setupTests.js.
+    process.env.COREPACK_NPM_TOKEN = `foo`;
+    process.env.npm_config_registry = `https://registry.example.org`;
+
+    await fetchAsJson(`package-name`);
+
+    expect(httpFetchAsJson).toBeCalled();
+    expect(httpFetchAsJson).lastCalledWith(`${process.env.npm_config_registry}/package-name`, {headers: {
+      ...DEFAULT_HEADERS,
+      authorization: `Bearer ${process.env.COREPACK_NPM_TOKEN}`,
+    }});
+  });
+
   it(`only adds authorization header with bearer token if COREPACK_NPM_TOKEN and COREPACK_NPM_USERNAME are set`, async () => {
     // `process.env` is reset after each tests in setupTests.js.
     process.env.COREPACK_NPM_TOKEN = `foo`;
     process.env.COREPACK_NPM_USERNAME = `bar`;
     process.env.COREPACK_NPM_PASSWORD = `foobar`;
+    process.env.npm_config_registry = `https://registry.npmjs.org`;
 
     await fetchAsJson(`package-name`);
 
@@ -68,6 +94,7 @@ describe(`npm registry utils fetchAsJson`, () => {
     // `process.env` is reset after each tests in setupTests.js.
     process.env.COREPACK_NPM_USERNAME = `foo`;
     process.env.COREPACK_NPM_PASSWORD = `bar`;
+    process.env.npm_config_registry = `https://registry.npmjs.org`;
 
     const encodedCreds = Buffer.from(`${process.env.COREPACK_NPM_USERNAME}:${process.env.COREPACK_NPM_PASSWORD}`, `utf8`).toString(`base64`);
 
@@ -80,9 +107,10 @@ describe(`npm registry utils fetchAsJson`, () => {
     }});
   });
 
-  it(`does not add authorization header if COREPACK_NPM_USERNAME is set and COREPACK_NPM_PASSWORD is not.`, async () => {
+  it(`does not add authorization header if COREPACK_NPM_USERNAME is set and COREPACK_NPM_PASSWORD is not`, async () => {
     // `process.env` is reset after each tests in setupTests.js.
     process.env.COREPACK_NPM_USERNAME = `foo`;
+    process.env.npm_config_registry = `https://registry.npmjs.org`;
 
     await fetchAsJson(`package-name`);
 

diff --git a/yarn.lock b/yarn.lock
@@ -1329,6 +1329,7 @@ __metadata:
     esbuild: "npm:^0.25.0"
     eslint: "npm:^9.22.0"
     proxy-from-env: "npm:^1.1.0"
+    registry-url: "npm:^7.2.0"
     semver: "npm:^7.6.3"
     supports-color: "npm:^10.0.0"
     tar: "npm:^7.4.0"
@@ -2029,6 +2030,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"find-up-simple@npm:^1.0.1":
+  version: 1.0.1
+  resolution: "find-up-simple@npm:1.0.1"
+  checksum: 10c0/ad34de157b7db925d50ff78302fefb28e309f3bc947c93ffca0f9b0bccf9cf1a2dc57d805d5c94ec9fc60f4838f5dbdfd2a48ecd77c23015fa44c6dd5f60bc40
+  languageName: node
+  linkType: hard
+
 "find-up@npm:^5.0.0":
   version: 5.0.0
   resolution: "find-up@npm:5.0.0"
@@ -2403,6 +2411,13 @@ __metadata:
   languageName: node
   linkType: hard
 
+"ini@npm:^5.0.0":
+  version: 5.0.0
+  resolution: "ini@npm:5.0.0"
+  checksum: 10c0/657491ce766cbb4b335ab221ee8f72b9654d9f0e35c32fe5ff2eb7ab8c5ce72237ff6456555b50cde88e6507a719a70e28e327b450782b4fc20c90326ec8c1a8
+  languageName: node
+  linkType: hard
+
 "ini@npm:~1.3.0":
   version: 1.3.8
   resolution: "ini@npm:1.3.8"
@@ -3469,6 +3484,16 @@ __metadata:
   languageName: node
   linkType: hard
 
+"registry-url@npm:^7.2.0":
+  version: 7.2.0
+  resolution: "registry-url@npm:7.2.0"
+  dependencies:
+    find-up-simple: "npm:^1.0.1"
+    ini: "npm:^5.0.0"
+  checksum: 10c0/176c4054f6b9f3ad38b9a682f87c44c1ff56046921fdd66b3af9ff81f4a4d512d6cb5f7a8f3213824c9bbb5838334a176321b000488bbf5342bcda7b258a47ec
+  languageName: node
+  linkType: hard
+
 "resolve-from@npm:^4.0.0":
   version: 4.0.0
   resolution: "resolve-from@npm:4.0.0"