1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-14 10:01:51 -05:00
Commit graph

67 commits

Author SHA1 Message Date
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
Leo Kettmeir
9a36b6fb04
fix(flags): require global flag for permission flags in install subcommand (#25391)
Also rewrites some of the subcommands help text

Closes https://github.com/denoland/deno/issues/25362

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-03 12:40:50 -07:00
David Sherret
bf7571a6f9
fix: make some warnings more standard (#25324) 2024-09-03 10:45:01 +02:00
Asher Gomez
bc51eca700
BREAKING: remove deno bundle (#25339)
`deno bundle` now produces:
```
error: ⚠️ `deno bundle` was removed in Deno 2.

See the Deno 1.x to 2.x Migration Guide for migration instructions: https://docs.deno.com/runtime/manual/advanced/migrate_deprecations
```

`deno bundle --help` now produces:
```
⚠️ `deno bundle` was removed in Deno 2.

See the Deno 1.x to 2.x Migration Guide for migration instructions: https://docs.deno.com/runtime/manual/advanced/migrate_deprecations

Usage: deno bundle [OPTIONS]

Options:
  -q, --quiet     Suppress diagnostic output
      --unstable  Enable all unstable features and APIs. Instead of using this flag, consider enabling individual unstable features
                    To view the list of individual unstable feature flags, run this command again with --help=unstable
```
2024-09-02 17:27:37 +02:00
Bartek Iwańczuk
4e19474129
chore: remove DENO_FUTURE=1 from spec tests (#25329)
Towards https://github.com/denoland/deno/issues/25241
2024-08-31 21:25:32 +00:00
David Sherret
f891e73bbf
refactor: remove DENO_FUTURE (#25314) 2024-08-30 21:58:24 +00:00
Bartek Iwańczuk
b1c6142f74
BREAKING: DENO_FUTURE=1 by default, or welcome to Deno 2.0 (#25213)
This commit effectively turns Deno into Deno 2.0.

This is done by forcing `DENO_FUTURE=1` env var, that was available in
the past few months to try Deno 2 changes.

This commit contains several breaking changes scheduled for Deno 2:
- all deprecated JavaScript APIs are not available any more, mostly
`Deno.*` APIs
- `window` global is removed
- FFI, WebGPU and FS APIs are now stable and don't require
`--unstable-*` flags
- import assertions are no longer supported
- "bring your own node modules" is enabled by default

This is the first commit in a series that are scheduled before the Deno
2 release.

Follow up work is tracked in
https://github.com/denoland/deno/issues/25241.

---------

Co-authored-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-08-30 13:58:58 -04:00
Nathan Whitaker
86d5b919d8
feat(config): Node modules option for 2.0 (#25299) 2024-08-29 15:57:43 -07:00
Bartek Iwańczuk
27d0897841
test: run specs::npm::exec_file_inside_npm_package with DENO_FUTURE=1 (#25282)
The test is failing if run with `DENO_FUTURE=1` which is blocking
https://github.com/denoland/deno/pull/25213.

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-08-29 02:21:59 +02:00
David Sherret
b708a13eb0
feat: improve lockfile v4 to store normalized version constraints and be more terse (#25247)
Stores normalized version constraints in the lockfile, which will
improve reproducibility and will fix a bug with duplicate specifiers
ending up in the lockfile. Also, gets rid of some duplicate data in the
specifiers area of the lockfile.
2024-08-28 14:17:47 -04:00
Bartek Iwańczuk
3dba98532a
fix: replace npm install hint with deno install hint (#25244)
Needed for https://github.com/denoland/deno/pull/25213.

With Deno 2, we should suggest using `deno install` instead of `npm
install`.
2024-08-28 02:31:41 +00:00
David Sherret
e13230226f
feat: lockfile v4 by default (#25165)
This won't be fully stabilized until 2.0 is released.
2024-08-26 23:01:50 +00:00
Yusuke Tanaka
d54d29662f
chore: enable log feature for tracing crate (#25078)
This commit enables the `log` feature for the `tracing` crate.

This allows us to examine additional detailed logs emitted by third party crates
that use `tracing` crate for logging by setting `RUST_LOG` env var or passing
`-L` option in command line.

Closes #25045
2024-08-22 19:15:10 -07:00
Bartek Iwańczuk
1f47248143
fix: adjust suggestion for lockfile regeneration (#25107)
Ref https://github.com/denoland/deno/pull/24436#issuecomment-2288568645
2024-08-20 20:13:17 +02:00
Yoshiya Hinosawa
b6cdb31c05
fix(ext/node): fix prismjs compatibiliy in Web Worker (#25062)
PrismJS uses `WorkerGlobalScope` and `self` for detecting browser's Web
Worker context:
59e5a34713/prism.js (L11)

Now the detection logic above is broken when it's imported from Deno's
Web Worker context because we only hide `self` (Prism assumes when
`WorkerGlobalScope` is available, `self` is also available).

This change fixes the above by also hiding `WorkerGlobalScope` global in
Node compat mode.

closes #25008
2024-08-17 11:16:43 +09:00
Yoshiya Hinosawa
105d27bc7d
fix(ext/node): improve shelljs compat with managed npm execution (#24912)
This change improves the Node.js compatibility in managed npm resolution
mode by disabling the discovery of `node_modules` when the
main specifier is inside of `DENO_DIR`.

closes #22732
closes #24589
2024-08-16 12:48:48 +09:00
Asher Gomez
f89b531149
feat(node): support username and _password in .npmrc file (#24793)
Closes #23950
2024-08-14 18:53:15 +02:00
Nathan Whitaker
795ed23b35
fix(future): Emit deno install warning less often, suggest deno install in error message (#24706)
Two small changes:

- In our BYONM errors, suggest running `deno install` instead of `npm
install` if `DENO_FUTURE` is set
- Only emit warning about `deno install` changes if you do `deno install
<foo>` with deno_future unset
2024-07-24 23:37:13 +00:00
David Sherret
52ababc4bf
fix(node): better detection for when to surface node resolution errors (#24653) 2024-07-24 00:22:24 +00:00
Nathan Whitaker
a4c76add56
fix(cli): Respect implied BYONM from DENO_FUTURE in deno task (#24652)
Regression from
04f9db5b22

Originally I thought to fix the issue in the PR we needed to explicitly
pass through the `node-modules-dir` flag, but after applying the correct
fix that david pointed out (setting `NPM_PROCESS_STATE`) that wasn't
necessary (or correct).

We had a test for deno task with BYONM, but it only tested with
`"unstable": ["byonm"]` in deno.json, so it didn't catch this.
2024-07-19 18:59:04 +00:00
David Sherret
d80d0cea7c
chore: fix ci (#24633) 2024-07-18 04:21:57 +00:00
David Sherret
ecd4f900c6
fix(publish): surface syntax errors when using --no-check (#24620) 2024-07-17 23:06:30 -04:00
Nathan Whitaker
f122845445
chore: fix flakey lifecycle scripts test (#24629)
Failed in
https://github.com/denoland/deno/actions/runs/9982978127/job/27589707376
2024-07-18 03:54:13 +02:00
David Sherret
f4b9d85862
fix(workspace): support resolving bare specifiers to npm pkgs within a workspace (#24611)
This makes bare specifiers for npm packages work when inside a
workspace, which emulates the same behaviour as when there's a
node_modules directory. The bare specifier can be overwritten by
specifying an import map entry or package.json dependency entry.

* https://github.com/denoland/deno_config/pull/88

Closes #24605
2024-07-17 09:13:22 -04:00
Nathan Whitaker
c9da27e147
fix(cli): Create child node_modules for conflicting dependency versions, respect aliases in package.json (#24609)
Fixes #24419.
2024-07-16 20:30:28 +00:00
Nathan Whitaker
04f9db5b22
fix(node): Fix --allow-scripts with no deno.json (#24533)
We would resolve the wrong package.json, resulting in an inability to
run CJS (or other node-mode) scripts
2024-07-15 12:11:09 -07:00
David Sherret
29186d7e59
fix(workspace): do not resolve to self for npm pkg depending on matching req (#24591)
Closes #24584
2024-07-15 15:08:51 -04:00
David Sherret
9510a8b7d1
fix(config): regression - should not discover npm workspace for nested deno.json not in workspace (#24559)
Closes #24554
2024-07-12 15:33:30 -04:00
Nathan Whitaker
3d0e1b65b1
fix(node): Ignore broken default install scripts (#24534)
NPM inserts a default install script when a package has a `binding.gyp`
file.

It's possible, however, for the package to exclude the `binding.gyp`
file when they publish, and in this case the install script will never
succeed for a user of the package.

This happens with `fsevents`, for instance. They don't include the
`binding.gyp` file in their published tarball, but the default install
script appears in the manifest served by `npm`.

This causes us to warn that `fsevents` has an install script, but when
you try to run it it fails due to `binding.gyp` not existing.
2024-07-11 18:39:45 +00:00
David Sherret
f950f59983
fix(npm): only warn about lifecycle scripts not being run when setting up directory (#24530)
Closes #24518
2024-07-11 16:41:42 +00:00
David Sherret
a49d0bd10b
fix(check): CJS types importing dual ESM/CJS package should prefer CJS types (#24492)
Closes #16370
2024-07-10 14:46:25 -04:00
Nathan Whitaker
69afa8718f
chore: tweak warning message for un-run install scripts (#24508)
Previously when we printed out the packages that skipped install
scripts, we didn't prefix them with `npm:`. When you pass
`--allow-scripts` though, we require `npm:`, which means you can't just
copy paste the package name from the warning message.
2024-07-10 18:03:41 +00:00
Nathan Whitaker
ce7dc2be92
feat(node): Support executing npm package lifecycle scripts (preinstall/install/postinstall) (#24487)
Adds support for running npm package lifecycle scripts, opted into via a
new `--allow-scripts` flag.

With this PR, when running `deno cache` (or `DENO_FUTURE=1 deno
install`) you can specify the `--allow-scripts=pkg1,pkg2` flag to run
lifecycle scripts attached to the given packages.

Note at the moment this only works when `nodeModulesDir` is true (using
the local resolver).

When a package with un-run lifecycle scripts is encountered, we emit a
warning suggesting things may not work and to try running lifecycle
scripts. Additionally, if a package script implicitly requires
`node-gyp` and it's not found on the system, we emit a warning.

Extra things in this PR:
- Extracted out bits of `task.rs` into a separate module for reuse
- Added a couple fields to `process.config` in order to support
`node-gyp` (it relies on a few variables being there)
- Drive by fix to downloading new npm packages to test registry

---

TODO:
- [x] validation for allow-scripts args (make sure it looks like an npm
package)
- [x] make allow-scripts matching smarter
- [ ] figure out what issues this closes

---
Review notes:
- This adds a bunch of deps to our test registry due to using
`node-gyp`, so it's pretty noisy
2024-07-10 03:06:08 +00:00
snek
ed49f00e04
fix: test in presence of .npmrc (#24486)
override home dir so .npmrc on the dev machine doesn't break it

Signed-off-by: snek <snek@deno.com>
2024-07-09 11:00:23 -07:00
David Sherret
e30ad77ffa
feat: support wildcards in npm workspaces (#24471)
Implemented in https://github.com/denoland/deno_config/pull/74

Closes https://github.com/denoland/deno/issues/24420
2024-07-09 00:23:45 +00:00
David Sherret
147411e64b
feat: npm workspace and better Deno workspace support (#24334)
Adds much better support for the unstable Deno workspaces as well as
support for npm workspaces. npm workspaces is still lacking in that we
only install packages into the root node_modules folder. We'll make it
smarter over time in order for it to figure out when to add node_modules
folders within packages.

This includes a breaking change in config file resolution where we stop
searching for config files on the first found package.json unless it's
in a workspace. For the previous behaviour, the root deno.json needs to
be updated to be a workspace by adding `"workspace":
["./path-to-pkg-json-folder-goes-here"]`. See details in
https://github.com/denoland/deno_config/pull/66

Closes #24340
Closes #24159
Closes #24161
Closes #22020
Closes #18546
Closes #16106
Closes #24160
2024-07-04 00:54:33 +00:00
Nathan Whitaker
c13b6d1413
feat(cli): Add --frozen flag to error out if lockfile is out of date (#24355)
Closes #18296.

Adds a `--frozen` (alias `--frozen-lockfile`) flag that errors out if
the lockfile is out of date. This is useful for running in CI (where an
out of date lockfile is usually a mistake) or to prevent accidental
changes in dependencies.

![Screenshot 2024-06-26 at 7 11
13 PM](https://github.com/denoland/deno/assets/17734409/538404b8-b422-4f05-89e8-4c9b1c248576)
2024-07-02 15:00:16 -07:00
David Sherret
6f30ef88a2
fix(windows): check USERPROFILE env var for finding home directory (#24384) 2024-07-01 18:17:17 -04:00
Bartek Iwańczuk
2a2ff96be1
fix(ext/node): discover .npmrc in user's homedir (#24021)
This commit adds discovery of `.npmrc` files in user's homedir.

This is not a perfect fix as it doesn't merge multiple `.npmrc` files
together as per https://github.com/denoland/deno/issues/23954
but allows to fallback if no `.npmrc` file is discovered in the project
root.
2024-06-27 00:17:00 +02:00
David Sherret
4ec9250c40
fix(npm): use more relaxed package.json version constraint parsing (#24202) 2024-06-13 18:29:27 -04:00
Nathan Whitaker
a7531361ef
fix(cli): Explicitly cache NPM packages during deno install (#24190)
Fixes a regression introduced in
https://github.com/denoland/deno/pull/24170, where we wouldn't actually
set up the node modules dir on `deno install` if there was an up to date
deno lockfile present.

Previously we were relying on the fact that resolving pending module
resolution called `cache_packages` (which sets up the node modules dir).
When pending resolutions were removed, and the `resolve_pending`
function with it, we also removed the `cache_packages` call needed to
set up node modules.
2024-06-12 16:06:41 -07:00
David Sherret
4bc96c5d2a
fix(npm): resolve dynamic npm imports individually (#24170)
* https://github.com/denoland/deno_npm/pull/57
* https://github.com/denoland/deno_graph/pull/498

Closes https://github.com/denoland/deno/issues/17802
2024-06-11 08:55:12 -04:00
David Sherret
3be0a1e8b4
chore: add test for worker shutting down during npm import (#24109) 2024-06-10 13:46:28 +02:00
David Sherret
31154ff958
fix(check): attempt to resolve types from pkg before @types pkg (#24152)
I've been meaning to fix this for ages, but I finally ran into it here:


https://github.com/dsherret/ts-ast-viewer/actions/runs/9432038675/job/25981325408

We need to resolve the `@types` package as a fallback instead of eagerly
resolving it.
2024-06-08 20:05:28 -04:00
Luca Casonato
c1f23c5788
fix(ext/node): lossy UTF-8 read node_modules files (#24140)
Previously various reads of files in `node_modules` would error on
invalid UTF-8. These were cases involving:

- reading package.json from Rust
- reading package.json from JS
- reading CommonJS files from JS
- reading CommonJS files from Rust (for ESM translation)
- reading ESM files from Rust
2024-06-08 18:36:13 +02:00
David Sherret
566adb7c0a
fix(npm): use configured auth for tarball urls instead of scope auth (#24111)
Deno was using the scope auth for the tarball urls, which is not always
correct. We are going to do a release immediately for this issue.
2024-06-05 21:24:52 +00:00
Bartek Iwańczuk
0db73f6333
fix: update deno_npm (#24065) 2024-06-05 19:22:40 +00:00
David Sherret
a013b9113d
fix: support importing statically unanalyzable npm specifiers (#24107)
Closes https://github.com/denoland/deno/issues/20479
Closes https://github.com/denoland/deno/issues/18744
2024-06-05 15:18:06 -04:00
David Sherret
7ed90a20d0
fix: better handling of npm resolution occurring on workers (#24094)
Closes https://github.com/denoland/deno/issues/24063
2024-06-05 17:04:16 +02:00
David Sherret
2d3b596cf5
feat: do not require DENO_FUTURE=1 for npmrc support (#24043) 2024-05-30 04:07:57 +00:00