1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2024-12-11 18:17:48 -05:00
Commit graph

29 commits

Author SHA1 Message Date
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
Nathan Whitaker
36ebc03f17
fix(cli): Warn on not-run lifecycle scripts with global cache (#25786)
Refactors the lifecycle scripts code to extract out the common
functionality and then uses that to provide a warning in the global
resolver.

While ideally we would still support them with the global cache, for now
a warning is at least better than the status quo (where people are
unaware why their packages aren't working).
2024-09-24 19:23:57 +00:00
Nathan Whitaker
1e261c9756
fix: Update deno_npm to fix deno install with crossws (#25837)
Partially addresses https://github.com/denoland/deno/issues/25648.

This allows packages that use `crossws` to be installed with `deno
install`. `crossws` specifies an optional peer dependency on
`uWebSockets`, but `uWebSockets` is not on npm (it is used with `git:`
or `github:` specifiers). Previously we would error on this, now we
don't error on non-existent optional peer dependencies.
2024-09-24 02:12:48 +00:00
Bartek Iwańczuk
5b14c71daf
feat: improve warnings for deprecations and lifecycle script for npm packages (#25694)
This commit improves warning messages for deprecated npm packages
and packages that rely on lifecycle script.
2024-09-18 19:04:25 +00:00
David Sherret
72f025c743
fix: remove recently added deno.json node_modules aliasing (#25542)
This was initially added in #25399 in order to make transitioning over
from package.json to deno.json more easy, but it causes some problems
that are shown in the issue and it also means that the output of `deno
install` would have different resolution than `npm install`. Overall, I
think it's too much complexity to be smarter about this and it's
probably best to not do it. If someone needs an aliased folder then they
should keep using a package.json

Closes #25538
2024-09-09 20:19:29 +00:00
Nathan Whitaker
98e8e2f8bc
feat(add/install): Flag to add dev dependency to package.json (#25495)
```
deno install --dev npm:chalk
```
Adds to `devDependencies` if a `package.json` is present, otherwise it
just adds to `imports` in `deno.json`
2024-09-07 02:22:27 -07:00
Nathan Whitaker
292344af42
fix(install): Make sure target node_modules exists when symlinking (#25494)
Fixes https://github.com/denoland/deno/issues/25493
2024-09-06 19:08:56 +00:00
Nathan Whitaker
c32d692a8f
feat(install): deno install with entrypoint (#25411)
```
deno install --entrypoint one.ts two.ts
```

effectively equivalent to `deno cache`
2024-09-04 13:06:16 -07:00
David Sherret
c6d1b0a1cc
fix(byonm): resolve npm deps of jsr deps (#25399)
This allows using npm deps of jsr deps without having to add them to the
root package.json.

Works by taking the package requirement and scanning the
`node_modules/.deno` directory for the best matching package, so it
relies on deno's node_modules structure.

Additionally to make the transition from package.json to deno.json
easier, Deno now:

1. Installs npm deps in a deno.json at the same time as installing npm
deps from a package.json.
2. Uses the alias in the import map for `node_modules/<alias>` for
better package.json compatiblity.
2024-09-04 14:00:44 +00:00
Bartek Iwańczuk
81e941bc92
fix(install): recommend using deno install -g when using a single http url (#25388)
Closes https://github.com/denoland/deno/issues/25361
2024-09-03 17:55:29 +02:00
Bartek Iwańczuk
4e19474129
chore: remove DENO_FUTURE=1 from spec tests (#25329)
Towards https://github.com/denoland/deno/issues/25241
2024-08-31 21:25:32 +00:00
David Sherret
4a5642779e
fix: upgrade deno_ast 0.42 (#25313) 2024-08-30 17:12:13 -04:00
Bartek Iwańczuk
b1c6142f74
BREAKING: DENO_FUTURE=1 by default, or welcome to Deno 2.0 (#25213)
This commit effectively turns Deno into Deno 2.0.

This is done by forcing `DENO_FUTURE=1` env var, that was available in
the past few months to try Deno 2 changes.

This commit contains several breaking changes scheduled for Deno 2:
- all deprecated JavaScript APIs are not available any more, mostly
`Deno.*` APIs
- `window` global is removed
- FFI, WebGPU and FS APIs are now stable and don't require
`--unstable-*` flags
- import assertions are no longer supported
- "bring your own node modules" is enabled by default

This is the first commit in a series that are scheduled before the Deno
2 release.

Follow up work is tracked in
https://github.com/denoland/deno/issues/25241.

---------

Co-authored-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-08-30 13:58:58 -04:00
David Sherret
b708a13eb0
feat: improve lockfile v4 to store normalized version constraints and be more terse (#25247)
Stores normalized version constraints in the lockfile, which will
improve reproducibility and will fix a bug with duplicate specifiers
ending up in the lockfile. Also, gets rid of some duplicate data in the
specifiers area of the lockfile.
2024-08-28 14:17:47 -04:00
Nathan Whitaker
f606402677
fix(install): Use relative symlinks in deno install (#25164)
Fixes https://github.com/denoland/deno/issues/25161
2024-08-22 21:55:17 +00:00
Nathan Whitaker
48da3c17ea
fix(add): Handle packages without root exports (#25102)
Fixes #24607.

This PR makes the logic that caches top level dependencies (things
present in import map) smarter, so we handle JSR dependencies without
root exports.
2024-08-21 15:23:32 -07:00
Bartek Iwańczuk
1f47248143
fix: adjust suggestion for lockfile regeneration (#25107)
Ref https://github.com/denoland/deno/pull/24436#issuecomment-2288568645
2024-08-20 20:13:17 +02:00
HasanAlrimawi
0704454755
feat: Print deprecation message for npm packages (#24992)
This commit adds ability to print deprecation notices
for npm packages that have been marked as deprecated.

Closes #24013
2024-08-20 19:53:53 +02:00
David Sherret
526f39fbb9
feat(FUTURE): terse lockfile (v4) (#25059) 2024-08-19 03:01:39 +00:00
Nathan Whitaker
854c7ba198
fix(install): Properly handle dist tags when setting up node_modules (#24968)
Fixes https://github.com/denoland/deno/issues/24966.
Fixes https://github.com/denoland/deno/issues/24932.
2024-08-09 13:35:54 +00:00
Nathan Whitaker
3f692bed0a
fix(add): Support dist tags in deno add (#24960)
Fixes #24956.
2024-08-08 16:45:41 +00:00
Bartek Iwańczuk
c94d1b10f8
feat(install): change 'Add ...' message (#24949)
Changes messages printed by `deno add` from
`Add @oak/oak - jsr:@oak/oak^16.1.0` to
`Add jsr:@oak/oak16.1.0`.
2024-08-08 16:25:05 +02:00
Nathan Whitaker
795ed23b35
fix(future): Emit deno install warning less often, suggest deno install in error message (#24706)
Two small changes:

- In our BYONM errors, suggest running `deno install` instead of `npm
install` if `DENO_FUTURE` is set
- Only emit warning about `deno install` changes if you do `deno install
<foo>` with deno_future unset
2024-07-24 23:37:13 +00:00
David Sherret
147411e64b
feat: npm workspace and better Deno workspace support (#24334)
Adds much better support for the unstable Deno workspaces as well as
support for npm workspaces. npm workspaces is still lacking in that we
only install packages into the root node_modules folder. We'll make it
smarter over time in order for it to figure out when to add node_modules
folders within packages.

This includes a breaking change in config file resolution where we stop
searching for config files on the first found package.json unless it's
in a workspace. For the previous behaviour, the root deno.json needs to
be updated to be a workspace by adding `"workspace":
["./path-to-pkg-json-folder-goes-here"]`. See details in
https://github.com/denoland/deno_config/pull/66

Closes #24340
Closes #24159
Closes #24161
Closes #22020
Closes #18546
Closes #16106
Closes #24160
2024-07-04 00:54:33 +00:00
Nathan Whitaker
a7531361ef
fix(cli): Explicitly cache NPM packages during deno install (#24190)
Fixes a regression introduced in
https://github.com/denoland/deno/pull/24170, where we wouldn't actually
set up the node modules dir on `deno install` if there was an up to date
deno lockfile present.

Previously we were relying on the fact that resolving pending module
resolution called `cache_packages` (which sets up the node modules dir).
When pending resolutions were removed, and the `resolve_pending`
function with it, we also removed the `cache_packages` call needed to
set up node modules.
2024-06-12 16:06:41 -07:00
David Sherret
448fe67b7a
feat(vendor): support modifying remote files in vendor folder without checksum errors (#23979)
Includes:

* https://github.com/denoland/deno_graph/pull/486
* https://github.com/denoland/deno_graph/pull/488
* https://github.com/denoland/deno_lockfile/pull/25
* https://github.com/denoland/deno_lockfile/pull/22
* https://github.com/denoland/deno_graph/pull/483
* https://github.com/denoland/deno_graph/pull/470
2024-05-28 14:58:43 -04:00
Nathan Whitaker
5de30c5323
fix(cli): Support deno.lock with only package.json present + fix DENO_FUTURE install interactions with lockfile (#23918)
Fixes #23571.

Previously, we required a `deno.json` to be present (or the `--lock`
flag) in order for us to resolve a `deno.lock` file. This meant that if
you were using deno in an npm-first project deno wouldn't use a
lockfile.

Additionally, while I was fixing that, I discovered there were a couple
bugs keeping the future `install` command from using a lockfile.

With this PR, `install` will actually resolve the lockfile (or create
one if not present), and update it if it's not up-to-date. This also
speeds up `deno install`, as we can use the lockfile to skip work during
npm resolution.
2024-05-23 12:31:05 -07:00
David Sherret
5385a42ec4
perf(jsr): download metadata files as soon as possible and in parallel (#23836)
* https://github.com/denoland/deno_graph/pull/471
* https://github.com/denoland/deno_graph/pull/473
2024-05-16 00:58:57 +02:00
Bartek Iwańczuk
4e23a5b1fc
FUTURE: deno install changes (#23498)
This PR implements the changes we plan to make to `deno install` in deno
2.0.
- `deno install` without arguments caches dependencies from
`package.json` / `deno.json` and sets up the `node_modules` folder
- `deno install <pkg>` adds the package to the config file (either
`package.json` or `deno.json`), i.e. it aliases `deno add`
- `deno add` can also add deps to `package.json` (this is gated behind
`DENO_FUTURE` due to uncertainty around handling projects with both
`deno.json` and `package.json`)
- `deno install -g <bin>` installs a package as a globally available
binary (the same as `deno install <bin>` in 1.0)

---------

Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-05-08 12:34:46 -07:00