1
0
Fork 0
mirror of https://github.com/denoland/deno.git synced 2025-01-10 16:11:13 -05:00
Commit graph

278 commits

Author SHA1 Message Date
Nathan Whitaker
7a990d9d42
feat(npm): support --allow-scripts on deno run (and deno add, deno test, etc) (#26075)
Fixes https://github.com/denoland/deno/issues/25533. Fixes
https://github.com/denoland/deno/issues/25396.

Previously we only supported it on `deno install` and `deno cache`,
which is annoying if you're using `nodeModulesDir: auto`.

Also changes from printing output of lifecycle scripts directly to
capturing the output and only printing it on error.
2024-10-12 12:14:32 -07:00
David Sherret
edac916604
fix(install): surface package.json dependency errors (#26023) 2024-10-04 07:52:00 +00:00
David Sherret
ac73b1042b
feat(permissions): allow importing from cdn.jsdelivr.net by default (#26013)
The exploit `--allow-import` is preventing against requires a
compromised host. To make things easier and given its popularity, we're
going to have the default `--allow-import` value include
`cdn.jsdelivr.net:443`, but this can be overridden by replacing the
`--allow-import` value with something else.
2024-10-03 10:05:46 +00:00
David Sherret
cac28b5262
feat(byonm): support deno run npm:<package> when package is not in package.json (#25981)
Closes https://github.com/denoland/deno/issues/25905
2024-10-02 21:17:39 +01:00
MujahedSafaa
29104384c4
fix: remove the typo in the help message (#25962)
This PR fixes: https://github.com/denoland/deno/issues/25274

Remove the extra shorthand -S that attached to the --deny-sys.
2024-10-01 13:24:12 +00:00
Bartek Iwańczuk
c487a86b04
fix: Hide 'deno cache' from help output (#25960)
`deno cache` was soft-deprecated in favor of `deno install`. It should
not show up in the help output.
2024-10-01 15:05:21 +02:00
Leo Kettmeir
7ad14589f9
fix(flags): move some content from docs.deno.com into help output (#25951) 2024-09-30 16:00:54 -07:00
David Sherret
c8f692057b
refactor: bury descriptor parsing in PermissionsContainer (#25936)
Closes https://github.com/denoland/deno/issues/25634
2024-09-30 09:19:24 -04:00
David Sherret
fc739dc5eb
refactor: use deno_path_util (#25918) 2024-09-28 07:55:01 -04:00
David Sherret
a8d1ab5276
fix(flags): --allow-all should conflict with lower permissions (#25909)
Using `--allow-all` with other `--allow-x` permission flags should cause
an error since `--allow-all` is a superset of `--allow-x`.

Closes #25901
2024-09-27 16:49:43 +00:00
Nathan Whitaker
543c687c34
feat(install): warn repeatedly about not-run lifecycle scripts on explicit installs (#25878)
Currently we only warn once. With this PR, we continue to warn about
not-run scripts on explicit `deno install` (or cache). For `run` (or
other subcommands) we only warn the once, as we do currently.
2024-09-26 17:13:33 +00:00
Bartek Iwańczuk
5504acea67
feat: add --allow-import flag (#25469)
This replaces `--allow-net` for import permissions and makes the
security sandbox stricter by also checking permissions for statically
analyzable imports.

By default, this has a value of
`--allow-import=deno.land:443,jsr.io:443,esm.sh:443,raw.githubusercontent.com:443,gist.githubusercontent.com:443`,
but that can be overridden by providing a different set of hosts.

Additionally, when no value is provided, import permissions are inferred
from the CLI arguments so the following works because
`fresh.deno.dev:443` will be added to the list of allowed imports:

```ts
deno run -A -r https://fresh.deno.dev
```

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-26 01:50:54 +00:00
Nathan Whitaker
36ebc03f17
fix(cli): Warn on not-run lifecycle scripts with global cache (#25786)
Refactors the lifecycle scripts code to extract out the common
functionality and then uses that to provide a warning in the global
resolver.

While ideally we would still support them with the global cache, for now
a warning is at least better than the status quo (where people are
unaware why their packages aren't working).
2024-09-24 19:23:57 +00:00
Leo Kettmeir
1eebd20725
fix: error out if a valid flag is passed before a subcommand (#25830)
Closes #25808
2024-09-23 16:01:05 -07:00
Bartek Iwańczuk
a7ac89935b
feat(fmt): stabilize CSS, HTML and YAML formatters (#25753)
This commits stabilizes CSS, HTML and YAML formatters
in `deno fmt`.

It is no longer required to use either of these flags:
- `--unstable-css`
- `--unstable-html`
- `--unstable-yaml`
Or these `unstable` options in the config file:
- `fmt-css`
- `fmt-html`
- `html-yaml`
2024-09-23 18:01:04 +02:00
Nathan Whitaker
4b131d24a7
fix(cli): Default to auto with --node-modules-dir flag (#25772)
Fixes a regression where we were ignoring `--node-modules-dir` if there
was no value passed with it. We should instead default to "auto", to
maintain compat with deno 1
2024-09-20 13:55:33 -07:00
Leo Kettmeir
3e053f8f06
fix(flags): properly error out for urls (#25770)
Closes https://github.com/denoland/deno/issues/25760
2024-09-20 11:10:46 -07:00
Nathan Whitaker
6a04bbe076
fix(cli): Only set allow net flag for deno serve if not already allowed all (#25743)
Fixes #25740
2024-09-19 15:03:57 -07:00
Asher Gomez
5057f58145
feat: suggest deno install --entrypoint instead of deno cache (#25228)
Hides `deno cache` from `--help` output.

---------

Signed-off-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-18 19:55:50 +00:00
Leo Kettmeir
a1d0a427e8
feat: default to TS for file extension and support ext flag in more scenarios (#25472)
Closes #11220
Currently does lint, fmt, and repl
2024-09-18 21:15:13 +02:00
Leo Kettmeir
c90b074579
fix(flags): don't treat empty run command as task subcommand (#25708) 2024-09-18 20:36:37 +02:00
HasanAlrimawi
49a0b7ab93
fix: remove --allow-run warning when using deno without args or subcommand (#25684)
Closes #25676 

---------

Co-authored-by: David Sherret <dsherret@gmail.com>
2024-09-18 17:05:11 +02:00
Yazan AbdAl-Rahman
bed46474b2
fix: do not panic running invalid file specifier (#25530)
Co-authored-by: Bedis Nbiba <bedisnbiba@gmail.com>
2024-09-18 14:51:39 +01:00
Yusuke Tanaka
d5c00ef50e
feat(cli): evaluate code snippets in JSDoc and markdown (#25220)
This commit lets `deno test --doc` command actually evaluate code snippets in
JSDoc and markdown files.

## How it works

1. Extract code snippets from JSDoc or code fences
2. Convert them into pseudo files by wrapping them in `Deno.test(...)`
3. Register the pseudo files as in-memory files
4. Run type-check and evaluation

We apply some magic at the step 2 - let's say we have the following file named
`mod.ts` as an input:

````ts
/**
 * ```ts
 * import { assertEquals } from "jsr:@std/assert/equals";
 *
 * assertEquals(add(1, 2), 3);
 * ```
 */
export function add(a: number, b: number) {
  return a + b;
}
````

This is virtually transformed into:

```ts
import { assertEquals } from "jsr:@std/assert/equals";
import { add } from "files:///path/to/mod.ts";

Deno.test("mod.ts$2-7.ts", async () => {
  assertEquals(add(1, 2), 3);
});
```

Note that a new import statement is inserted here to make `add` function
available. In a nutshell, all items exported from `mod.ts` become available in
the generated pseudo file with this automatic import insertion.

The intention behind this design is that, from library user's standpoint, it
should be very obvious that this `add` function is what this example code is
attached to. Also, if there is an explicit import statement like
`import { add } from "./mod.ts"`, this import path `./mod.ts` is not helpful for
doc readers because they will need to import it in a different way.

The automatic import insertion has some edge cases, in particular where there is
a local variable in a snippet with the same name as one of the exported items.
This case is addressed by employing swc's scope analysis (see test cases for
more details).

## "type-checking only" mode stays around

This change will likely impact a lot of existing doc tests in the ecosystem
because some doc tests rely on the fact that they are not evaluated - some cause
side effects if executed, some throw errors at runtime although they do pass the
type check, etc. To help those tests gradually transition to the ones runnable
with the new `deno test --doc`, we will keep providing the ability to run
type-checking only via `deno check --doc`. Additionally there is a `--doc-only`
option added to the `check` subcommand too, which is useful when you want to
type-check on code snippets in markdown files, as normal `deno check` command
doesn't accept markdown.

## Demo

https://github.com/user-attachments/assets/47e9af73-d16e-472d-b09e-1853b9e8f5ce

---

Closes #4716
2024-09-17 21:35:48 -07:00
David Sherret
62e952559f
refactor(permissions): split up Descriptor into Allow, Deny, and Query (#25508)
This makes the permission system more versatile.
2024-09-16 21:39:37 +01:00
Leo Kettmeir
f2b53d42ac
feat(flags): support user provided args in repl subcommand (#25605)
closes https://github.com/denoland/deno/issues/11547
2024-09-13 05:17:46 -07:00
Luca Casonato
018329a4d3
fix: no cmd prefix in help output go links (#25459) 2024-09-12 22:44:43 +00:00
Bartek Iwańczuk
c64aa50c0e
feat(upgrade): better error message on failure (#25503)
Co-authored-by: crowlkats <crowlkats@toaxl.com>
2024-09-11 17:19:45 +02:00
Leo Kettmeir
be5419d479
fix: add link to env var docs (#25557) 2024-09-10 13:09:06 +00:00
Bartek Iwańczuk
064a73f7a0
BREAKING: Remove --unstable flag (#25522)
This commit effectively removes the --unstable flag.

It's still being parsed, but it only prints a warning that a granular
flag should be used instead and doesn't actually enable any
unstable feature.

Closes https://github.com/denoland/deno/issues/25485
Closes https://github.com/denoland/deno/issues/23237
2024-09-09 23:44:29 +02:00
Nathan Whitaker
98e8e2f8bc
feat(add/install): Flag to add dev dependency to package.json (#25495)
```
deno install --dev npm:chalk
```
Adds to `devDependencies` if a `package.json` is present, otherwise it
just adds to `imports` in `deno.json`
2024-09-07 02:22:27 -07:00
Leo Kettmeir
56363e4f4e
fix(jupyter): allow unstable flags (#25483)
Closes #25463
2024-09-06 10:11:59 +00:00
Leo Kettmeir
b54347c448
feat(flags): allow double commas to escape values in path based flags (#25453)
Fixes https://github.com/denoland/deno/issues/6553
Fixes https://github.com/denoland/deno/issues/9535
2024-09-05 06:14:43 -07:00
Bartek Iwańczuk
5319b85f14
feat(uninstall): alias to 'deno remove' if -g flag missing (#25461)
Close https://github.com/denoland/deno/issues/25457
2024-09-05 13:51:37 +02:00
Nathan Whitaker
c32d692a8f
feat(install): deno install with entrypoint (#25411)
```
deno install --entrypoint one.ts two.ts
```

effectively equivalent to `deno cache`
2024-09-04 13:06:16 -07:00
David Sherret
74fc66da11
fix: lock down allow-run permissions more (#25370)
`--allow-run` even with an allow list has essentially been
`--allow-all`... this locks it down more.

1. Resolves allow list for `--allow-run=` on startup to an absolute
path, then uses these paths when evaluating if a command can execute.
Also, adds these paths to `--deny-write`
1. Resolves the environment (cwd and env vars) before evaluating
permissions and before executing a command. Then uses this environment
to evaluate the permissions and then evaluate the command.
2024-09-04 14:51:24 +02:00
Leo Kettmeir
9a36b6fb04
fix(flags): require global flag for permission flags in install subcommand (#25391)
Also rewrites some of the subcommands help text

Closes https://github.com/denoland/deno/issues/25362

---------

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-03 12:40:50 -07:00
Bartek Iwańczuk
81e941bc92
fix(install): recommend using deno install -g when using a single http url (#25388)
Closes https://github.com/denoland/deno/issues/25361
2024-09-03 17:55:29 +02:00
Luca Casonato
5cf97f539b
BREAKING(permissions): remove --allow-hrtime (#25367)
Remove `--allow-hrtime` and `--deny-hrtime`. We are doing this because
it is already possible to get access to high resolution timers through
workers and SharedArrayBuffer.

Co-authored-by: Bartek Iwańczuk <biwanczuk@gmail.com>
2024-09-03 11:24:25 +02:00
Bartek Iwańczuk
b9b4b0dd67
feat: hide several --unstable-* flags (#25378)
This commit hides following unstable flags:
- `--unstable-ffi` (the API is now stable)
- `--unstable-webgpu` (this API is now stable)
- `--unstable-fs` (no more unstable APIs)
- `--unstable-byonm` (BYONM is on by default)


The flags are still parseable, but they are not used. Concrete cleanup
will be done in a follow up PR.
2024-09-03 11:11:41 +02:00
Asher Gomez
5f08d634f7
BREAKING: remove deno vendor (#25343) 2024-09-03 17:00:57 +10:00
Asher Gomez
f6eab6c4bd
BREAKING: remove --allow-none flag (#25337)
Towards #22079

Signed-off-by: Luca Casonato <hello@lcas.dev>
Co-authored-by: Luca Casonato <hello@lcas.dev>
2024-09-02 22:06:27 +00:00
Asher Gomez
c62829fc03
BREAKING: remove --trace-ops (#25344)
Towards #22079
2024-09-02 18:26:05 +02:00
David Sherret
3015f16fbf
fix: remove entrypoint hack for Deno 2.0 (#25332) 2024-09-02 15:33:07 +00:00
Asher Gomez
bc51eca700
BREAKING: remove deno bundle (#25339)
`deno bundle` now produces:
```
error: ⚠️ `deno bundle` was removed in Deno 2.

See the Deno 1.x to 2.x Migration Guide for migration instructions: https://docs.deno.com/runtime/manual/advanced/migrate_deprecations
```

`deno bundle --help` now produces:
```
⚠️ `deno bundle` was removed in Deno 2.

See the Deno 1.x to 2.x Migration Guide for migration instructions: https://docs.deno.com/runtime/manual/advanced/migrate_deprecations

Usage: deno bundle [OPTIONS]

Options:
  -q, --quiet     Suppress diagnostic output
      --unstable  Enable all unstable features and APIs. Instead of using this flag, consider enabling individual unstable features
                    To view the list of individual unstable feature flags, run this command again with --help=unstable
```
2024-09-02 17:27:37 +02:00
Asher Gomez
503f95a54f
BREAKING: remove --ts flag (#25338) 2024-09-02 17:27:26 +02:00
Asher Gomez
4c35668d90
BREAKING: remove --jobs flag (#25336) 2024-09-02 17:26:42 +02:00
Bartek Iwańczuk
c29e5b9d1e
fix(upgrade): more informative information on invalid version (#25319)
Before:
```
$ deno upgrade v1.xx
error: Invalid version passed
```

After:
```
$ deno upgrade v1.xx
error: Invalid version passed (v1.xx)

Example usage:
  deno upgrade | deno upgrade 1.46 | deno upgrade canary
```

Also updates help text to use "shorthand version" without flags, but a
positional arg.
2024-08-31 00:22:20 +00:00
David Sherret
f891e73bbf
refactor: remove DENO_FUTURE (#25314) 2024-08-30 21:58:24 +00:00
Bartek Iwańczuk
b1c6142f74
BREAKING: DENO_FUTURE=1 by default, or welcome to Deno 2.0 (#25213)
This commit effectively turns Deno into Deno 2.0.

This is done by forcing `DENO_FUTURE=1` env var, that was available in
the past few months to try Deno 2 changes.

This commit contains several breaking changes scheduled for Deno 2:
- all deprecated JavaScript APIs are not available any more, mostly
`Deno.*` APIs
- `window` global is removed
- FFI, WebGPU and FS APIs are now stable and don't require
`--unstable-*` flags
- import assertions are no longer supported
- "bring your own node modules" is enabled by default

This is the first commit in a series that are scheduled before the Deno
2 release.

Follow up work is tracked in
https://github.com/denoland/deno/issues/25241.

---------

Co-authored-by: Asher Gomez <ashersaupingomez@gmail.com>
Co-authored-by: Nayeem Rahman <nayeemrmn99@gmail.com>
Co-authored-by: Nathan Whitaker <nathan@deno.com>
2024-08-30 13:58:58 -04:00