1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-11-29 16:30:56 -05:00
Commit graph

84 commits

Author SHA1 Message Date
Marvin Hagemeister
6ef2875395
fix(npm): match npm bearer token generation (#26544)
Spend some time stepping through the npm client code and noticed that
the bearer token was different from ours. They do some double encoding
and @dsherret helped me in matching the encoding behavior.

Fixes https://github.com/denoland/deno/issues/26033
2024-10-30 00:16:11 +01:00
Marvin Hagemeister
f4ef7b0eb7
fix: .npmrc settings not being passed to install/add command (#26473)
We weren't passing the resolved npmrc settings to the install commands.
This lead us to always fall back to the default registry url instead of
using the one from npmrc.

Fixes https://github.com/denoland/deno/issues/26139
Fixes https://github.com/denoland/deno/issues/26033
Fixes https://github.com/denoland/deno/issues/25924
Fixes https://github.com/denoland/deno/issues/25822
Fixes https://github.com/denoland/deno/issues/26152

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-10-25 02:09:38 +02:00
Marvin Hagemeister
374049b1eb
fix(npm): ensure scoped package name is encoded in URLs (#26390)
Fixes https://github.com/denoland/deno/issues/26385
2024-10-25 02:09:32 +02:00
Luca Casonato
3eda179220
feat(cli): improve deno info output for npm packages (#25906) 2024-10-14 14:29:50 +02:00
Nathan Whitaker
7a990d9d42
feat(npm): support --allow-scripts on deno run (and deno add, deno test, etc) (#26075)
Fixes https://github.com/denoland/deno/issues/25533. Fixes
https://github.com/denoland/deno/issues/25396.

Previously we only supported it on `deno install` and `deno cache`,
which is annoying if you're using `nodeModulesDir: auto`.

Also changes from printing output of lifecycle scripts directly to
capturing the output and only printing it on error.
2024-10-12 12:14:32 -07:00
David Sherret
cac28b5262
feat(byonm): support deno run npm:<package> when package is not in package.json (#25981)
Closes https://github.com/denoland/deno/issues/25905
2024-10-02 21:17:39 +01:00
David Sherret
d116709d06
chore: remove unnecessary envs in spec tests (#25982) 2024-10-02 10:14:38 +01:00
Marvin Hagemeister
c5c1869992
fix: precompile preserve SVG camelCase attributes (#25945)
See https://github.com/denoland/deno_ast/pull/278

Fixes https://github.com/denoland/deno/issues/25810
2024-09-30 21:25:30 +02:00
David Sherret
7cccb7422b
fix(info): move "version" field to top of json output (#25890) 2024-09-26 15:57:12 -04:00
Nathan Whitaker
543c687c34
feat(install): warn repeatedly about not-run lifecycle scripts on explicit installs (#25878)
Currently we only warn once. With this PR, we continue to warn about
not-run scripts on explicit `deno install` (or cache). For `run` (or
other subcommands) we only warn the once, as we do currently.
2024-09-26 17:13:33 +00:00
Nathan Whitaker
13c53d9727
fix(installl): make bin entries executable even if not put in node_modules/.bin (#25873)
Fixes https://github.com/denoland/deno/issues/25862.

npm only makes bin entries executable if they get linked into `.bin`, as
we did before this PR. So this PR actually deviates from npm, because
it's the only reasonable way to fix this that I can think of.

---

The reason this was broken in moment is the following:

Moment has dependencies on two typescript versions: 1.8 and 3.1

If you have two packages with conflicting bin entries (i.e. two
typescript versions which both have a bin entry `tsc`), in npm it is
non-deterministic and undefined which one will end up in `.bin`.

npm, due to implementation differences, chooses to put typescript 1.8
into the `.bin` directory, and so `node_modules/typescript/bin/tsc` ends
up getting marked executable. We, however, choose typescript 3.2, and so
we end up making `node_modules/typescript3/bin/tsc` executable.

As part of its tests, moment executes `node_modules/typescript/bin/tsc`.
Because we didn't make it executable, this fails.

Since the conflict resolution is undefined in npm, instead of trying to
match it, I think it makes more sense to just make bin entries
executable even if they aren't chosen in the case of a conflict.
2024-09-26 09:36:25 -07:00
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
Nathan Whitaker
36ebc03f17
fix(cli): Warn on not-run lifecycle scripts with global cache (#25786)
Refactors the lifecycle scripts code to extract out the common
functionality and then uses that to provide a warning in the global
resolver.

While ideally we would still support them with the global cache, for now
a warning is at least better than the status quo (where people are
unaware why their packages aren't working).
2024-09-24 19:23:57 +00:00
Satya Rohith
94bdebe399
refactor(tests): migrate npm itests to specs (#25764)
Towards https://github.com/denoland/deno/issues/25241
2024-09-20 22:38:32 +02:00
snek
a01dce3a25
fix: cjs resolution cases (#25739)
Fixes cjs modules being loaded as esm.
2024-09-19 21:10:34 -07:00
Bartek Iwańczuk
5b14c71daf
feat: improve warnings for deprecations and lifecycle script for npm packages (#25694)
This commit improves warning messages for deprecated npm packages
and packages that rely on lifecycle script.
2024-09-18 19:04:25 +00:00
David Sherret
8fe90d2861
fix(npm): better error handling for remote npm deps (#25670)
* https://github.com/denoland/deno_npm/pull/68
2024-09-16 21:23:40 +00:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
Leo Kettmeir
9a36b6fb04
fix(flags): require global flag for permission flags in install subcommand (#25391)
Also rewrites some of the subcommands help text

Closes https://github.com/denoland/deno/issues/25362

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-03 12:40:50 -07:00
David Sherret
bf7571a6f9
fix: make some warnings more standard (#25324) 2024-09-03 10:45:01 +02:00
Asher Gomez
bc51eca700
BREAKING: remove deno bundle (#25339)
`deno bundle` now produces:
```
error: ⚠️ `deno bundle` was removed in Deno 2.

See the Deno 1.x to 2.x Migration Guide for migration instructions: https://docs.deno.com/runtime/manual/advanced/migrate_deprecations
```

`deno bundle --help` now produces:
```
⚠️ `deno bundle` was removed in Deno 2.

See the Deno 1.x to 2.x Migration Guide for migration instructions: https://docs.deno.com/runtime/manual/advanced/migrate_deprecations

Usage: deno bundle [OPTIONS]

Options:
  -q, --quiet     Suppress diagnostic output
      --unstable  Enable all unstable features and APIs. Instead of using this flag, consider enabling individual unstable features
                    To view the list of individual unstable feature flags, run this command again with --help=unstable
```
2024-09-02 17:27:37 +02:00
Bartek Iwańczuk
4e19474129
chore: remove DENO_FUTURE=1 from spec tests (#25329)
Towards https://github.com/denoland/deno/issues/25241
2024-08-31 21:25:32 +00:00
David Sherret
f891e73bbf
refactor: remove DENO_FUTURE (#25314) 2024-08-30 21:58:24 +00:00
Bartek Iwańczuk
b1c6142f74
BREAKING: DENO_FUTURE=1 by default, or welcome to Deno 2.0 (#25213)
This commit effectively turns Deno into Deno 2.0.

This is done by forcing `DENO_FUTURE=1` env var, that was available in
the past few months to try Deno 2 changes.

This commit contains several breaking changes scheduled for Deno 2:
- all deprecated JavaScript APIs are not available any more, mostly
`Deno.*` APIs
- `window` global is removed
- FFI, WebGPU and FS APIs are now stable and don't require
`--unstable-*` flags
- import assertions are no longer supported
- "bring your own node modules" is enabled by default

This is the first commit in a series that are scheduled before the Deno
2 release.

Follow up work is tracked in
https://github.com/denoland/deno/issues/25241.

---------

Co-authored-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-08-30 13:58:58 -04:00
Nathan Whitaker
86d5b919d8
feat(config): Node modules option for 2.0 (#25299) 2024-08-29 15:57:43 -07:00
Bartek Iwańczuk
27d0897841
test: run specs::npm::exec_file_inside_npm_package with DENO_FUTURE=1 (#25282)
The test is failing if run with `DENO_FUTURE=1` which is blocking
https://github.com/denoland/deno/pull/25213.

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-08-29 02:21:59 +02:00
David Sherret
b708a13eb0
feat: improve lockfile v4 to store normalized version constraints and be more terse (#25247)
Stores normalized version constraints in the lockfile, which will
improve reproducibility and will fix a bug with duplicate specifiers
ending up in the lockfile. Also, gets rid of some duplicate data in the
specifiers area of the lockfile.
2024-08-28 14:17:47 -04:00
Bartek Iwańczuk
3dba98532a
fix: replace npm install hint with deno install hint (#25244)
Needed for https://github.com/denoland/deno/pull/25213.

With Deno 2, we should suggest using `deno install` instead of `npm
install`.
2024-08-28 02:31:41 +00:00
David Sherret
e13230226f
feat: lockfile v4 by default (#25165)
This won't be fully stabilized until 2.0 is released.
2024-08-26 23:01:50 +00:00
Yusuke Tanaka
d54d29662f
chore: enable log feature for tracing crate (#25078)
This commit enables the `log` feature for the `tracing` crate.

This allows us to examine additional detailed logs emitted by third party crates
that use `tracing` crate for logging by setting `RUST_LOG` env var or passing
`-L` option in command line.

Closes #25045
2024-08-22 19:15:10 -07:00
Bartek Iwańczuk
1f47248143
fix: adjust suggestion for lockfile regeneration (#25107)
Ref https://github.com/denoland/deno/pull/24436#issuecomment-2288568645
2024-08-20 20:13:17 +02:00
Yoshiya Hinosawa
b6cdb31c05
fix(ext/node): fix prismjs compatibiliy in Web Worker (#25062)
PrismJS uses `WorkerGlobalScope` and `self` for detecting browser's Web
Worker context:
59e5a34713/prism.js (L11)

Now the detection logic above is broken when it's imported from Deno's
Web Worker context because we only hide `self` (Prism assumes when
`WorkerGlobalScope` is available, `self` is also available).

This change fixes the above by also hiding `WorkerGlobalScope` global in
Node compat mode.

closes #25008
2024-08-17 11:16:43 +09:00
Yoshiya Hinosawa
105d27bc7d
fix(ext/node): improve shelljs compat with managed npm execution (#24912)
This change improves the Node.js compatibility in managed npm resolution
mode by disabling the discovery of `node_modules` when the
main specifier is inside of `DENO_DIR`.

closes #22732
closes #24589
2024-08-16 12:48:48 +09:00
Asher Gomez
f89b531149
feat(node): support username and _password in .npmrc file (#24793)
Closes #23950
2024-08-14 18:53:15 +02:00
Nathan Whitaker
795ed23b35
fix(future): Emit deno install warning less often, suggest deno install in error message (#24706)
Two small changes:

- In our BYONM errors, suggest running `deno install` instead of `npm
install` if `DENO_FUTURE` is set
- Only emit warning about `deno install` changes if you do `deno install
<foo>` with deno_future unset
2024-07-24 23:37:13 +00:00
David Sherret
52ababc4bf
fix(node): better detection for when to surface node resolution errors (#24653) 2024-07-24 00:22:24 +00:00
Nathan Whitaker
a4c76add56
fix(cli): Respect implied BYONM from DENO_FUTURE in deno task (#24652)
Regression from
04f9db5b22

Originally I thought to fix the issue in the PR we needed to explicitly
pass through the `node-modules-dir` flag, but after applying the correct
fix that david pointed out (setting `NPM_PROCESS_STATE`) that wasn't
necessary (or correct).

We had a test for deno task with BYONM, but it only tested with
`"unstable": ["byonm"]` in deno.json, so it didn't catch this.
2024-07-19 18:59:04 +00:00
David Sherret
d80d0cea7c
chore: fix ci (#24633) 2024-07-18 04:21:57 +00:00
David Sherret
ecd4f900c6
fix(publish): surface syntax errors when using --no-check (#24620) 2024-07-17 23:06:30 -04:00
Nathan Whitaker
f122845445
chore: fix flakey lifecycle scripts test (#24629)
Failed in
https://github.com/denoland/deno/actions/runs/9982978127/job/27589707376
2024-07-18 03:54:13 +02:00
David Sherret
f4b9d85862
fix(workspace): support resolving bare specifiers to npm pkgs within a workspace (#24611)
This makes bare specifiers for npm packages work when inside a
workspace, which emulates the same behaviour as when there's a
node_modules directory. The bare specifier can be overwritten by
specifying an import map entry or package.json dependency entry.

* https://github.com/denoland/deno_config/pull/88

Closes #24605
2024-07-17 09:13:22 -04:00
Nathan Whitaker
c9da27e147
fix(cli): Create child node_modules for conflicting dependency versions, respect aliases in package.json (#24609)
Fixes #24419.
2024-07-16 20:30:28 +00:00
Nathan Whitaker
04f9db5b22
fix(node): Fix --allow-scripts with no deno.json (#24533)
We would resolve the wrong package.json, resulting in an inability to
run CJS (or other node-mode) scripts
2024-07-15 12:11:09 -07:00
David Sherret
29186d7e59
fix(workspace): do not resolve to self for npm pkg depending on matching req (#24591)
Closes #24584
2024-07-15 15:08:51 -04:00
David Sherret
9510a8b7d1
fix(config): regression - should not discover npm workspace for nested deno.json not in workspace (#24559)
Closes #24554
2024-07-12 15:33:30 -04:00
Nathan Whitaker
3d0e1b65b1
fix(node): Ignore broken default install scripts (#24534)
NPM inserts a default install script when a package has a `binding.gyp`
file.

It's possible, however, for the package to exclude the `binding.gyp`
file when they publish, and in this case the install script will never
succeed for a user of the package.

This happens with `fsevents`, for instance. They don't include the
`binding.gyp` file in their published tarball, but the default install
script appears in the manifest served by `npm`.

This causes us to warn that `fsevents` has an install script, but when
you try to run it it fails due to `binding.gyp` not existing.
2024-07-11 18:39:45 +00:00
David Sherret
f950f59983
fix(npm): only warn about lifecycle scripts not being run when setting up directory (#24530)
Closes #24518
2024-07-11 16:41:42 +00:00
David Sherret
a49d0bd10b
fix(check): CJS types importing dual ESM/CJS package should prefer CJS types (#24492)
Closes #16370
2024-07-10 14:46:25 -04:00
Nathan Whitaker
69afa8718f
chore: tweak warning message for un-run install scripts (#24508)
Previously when we printed out the packages that skipped install
scripts, we didn't prefix them with `npm:`. When you pass
`--allow-scripts` though, we require `npm:`, which means you can't just
copy paste the package name from the warning message.
2024-07-10 18:03:41 +00:00
Nathan Whitaker
ce7dc2be92
feat(node): Support executing npm package lifecycle scripts (preinstall/install/postinstall) (#24487)
Adds support for running npm package lifecycle scripts, opted into via a
new `--allow-scripts` flag.

With this PR, when running `deno cache` (or `DENO_FUTURE=1 deno
install`) you can specify the `--allow-scripts=pkg1,pkg2` flag to run
lifecycle scripts attached to the given packages.

Note at the moment this only works when `nodeModulesDir` is true (using
the local resolver).

When a package with un-run lifecycle scripts is encountered, we emit a
warning suggesting things may not work and to try running lifecycle
scripts. Additionally, if a package script implicitly requires
`node-gyp` and it's not found on the system, we emit a warning.

Extra things in this PR:
- Extracted out bits of `task.rs` into a separate module for reuse
- Added a couple fields to `process.config` in order to support
`node-gyp` (it relies on a few variables being there)
- Drive by fix to downloading new npm packages to test registry

---

TODO:
- [x] validation for allow-scripts args (make sure it looks like an npm
package)
- [x] make allow-scripts matching smarter
- [ ] figure out what issues this closes

---
Review notes:
- This adds a bunch of deps to our test registry due to using
`node-gyp`, so it's pretty noisy
2024-07-10 03:06:08 +00:00