1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-21 15:04:11 -05:00
Commit graph

6 commits

Author SHA1 Message Date
Nathan Whitaker
04ae1a5517
fix(cli): set npm_config_user_agent when running npm packages or tasks (#26639)
Fixes #25342.

Still not sure on the exact user agent to set (should it include
`node`?).

After this PR, here's the state of running some `create-*` packages
(just ones I could think of off the top of my head):

| package                  | prints/runs/suggests deno install | notes |
| ---------------- | ------------- | ------ |
| `create-next-app` |  | falls back to npm, needs a PR
([code](c32e280209/packages/create-next-app/helpers/get-pkg-manager.ts (L3)))
| `sv create` |  | uses `package-manager-detector`, needs a PR
([code](https://github.com/antfu-collective/package-manager-detector/tree/main))
| `create-qwik` |  | runs `deno install` but suggests `deno start`
which doesn't work (should be `deno task start` or `deno run start`)
| `create-astro` |  | runs `deno install` but suggests `npm run dev`
later in output, probably needs a PR
| `nuxi init` |  | deno not an option in dialog, needs a PR
([code](f04e2e8944/src/commands/init.ts (L96-L102)))
| `create-react-app` |  | uses npm
| `ng new` (`@angular/cli`) |  | uses npm
| `create-vite` |  | suggests working deno commands 🎉 
| `create-solid` |   | suggests npm commands, needs PR

It's possible that fixing `package-manager-detector` or other packages
might make some of these just work, but haven't looked too carefully at
each
2024-10-31 22:19:19 -07:00
Nathan Whitaker
7a990d9d42
feat(npm): support --allow-scripts on deno run (and deno add, deno test, etc) (#26075)
Fixes https://github.com/denoland/deno/issues/25533. Fixes
https://github.com/denoland/deno/issues/25396.

Previously we only supported it on `deno install` and `deno cache`,
which is annoying if you're using `nodeModulesDir: auto`.

Also changes from printing output of lifecycle scripts directly to
capturing the output and only printing it on error.
2024-10-12 12:14:32 -07:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
Nathan Whitaker
a4c76add56
fix(cli): Respect implied BYONM from DENO_FUTURE in deno task (#24652)
Regression from
04f9db5b22

Originally I thought to fix the issue in the PR we needed to explicitly
pass through the `node-modules-dir` flag, but after applying the correct
fix that david pointed out (setting `NPM_PROCESS_STATE`) that wasn't
necessary (or correct).

We had a test for deno task with BYONM, but it only tested with
`"unstable": ["byonm"]` in deno.json, so it didn't catch this.
2024-07-19 18:59:04 +00:00
Nathan Whitaker
04f9db5b22
fix(node): Fix --allow-scripts with no deno.json (#24533)
We would resolve the wrong package.json, resulting in an inability to
run CJS (or other node-mode) scripts
2024-07-15 12:11:09 -07:00
Nathan Whitaker
ce7dc2be92
feat(node): Support executing npm package lifecycle scripts (preinstall/install/postinstall) (#24487)
Adds support for running npm package lifecycle scripts, opted into via a
new `--allow-scripts` flag.

With this PR, when running `deno cache` (or `DENO_FUTURE=1 deno
install`) you can specify the `--allow-scripts=pkg1,pkg2` flag to run
lifecycle scripts attached to the given packages.

Note at the moment this only works when `nodeModulesDir` is true (using
the local resolver).

When a package with un-run lifecycle scripts is encountered, we emit a
warning suggesting things may not work and to try running lifecycle
scripts. Additionally, if a package script implicitly requires
`node-gyp` and it's not found on the system, we emit a warning.

Extra things in this PR:
- Extracted out bits of `task.rs` into a separate module for reuse
- Added a couple fields to `process.config` in order to support
`node-gyp` (it relies on a few variables being there)
- Drive by fix to downloading new npm packages to test registry

---

TODO:
- [x] validation for allow-scripts args (make sure it looks like an npm
package)
- [x] make allow-scripts matching smarter
- [ ] figure out what issues this closes

---
Review notes:
- This adds a bunch of deps to our test registry due to using
`node-gyp`, so it's pretty noisy
2024-07-10 03:06:08 +00:00