Skip to content

modules: enforce extensions and dissalow directories #21572

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 3 commits into from
Closed

modules: enforce extensions and dissalow directories #21572

wants to merge 3 commits into from

Conversation

MylesBorins
Copy link
Contributor

this build on top of the limitations of the package name map proposal. It enforces the use of file extensions and doesn't support index.js or package.json resolution for the default ESM loader implementation.

The current approach is naive and has lots of room for improvement but this can serve as a base for discussion

Refs: https://github.com/domenic/package-name-maps

@MylesBorins
modules: enforce extensions and disallow directories
1125e44 
this build on top of the limitations of the package name map proposal.
It enforces the use of file extensions and doesn't support index.js
or package.json resolution for the default ESM loader implementation.

The current approach is naive and has lots of room for improvement
but this can serve as a base for discussion

Refs: https://github.com/domenic/package-name-maps
@MylesBorins
doc: document esm limitations
afb45d3
@nodejs-github-bot
Copy link
Collaborator

@MylesBorins build started: https://ci.nodejs.org/blue/organizations/jenkins/node-test-pull-request-lite-pipeline/detail/node-test-pull-request-lite-pipeline/171/pipeline

@nodejs-github-bot nodejs-github-bot added the errors Issues and PRs related to JavaScript errors originated in Node.js core. label Jun 28, 2018
@MylesBorins MylesBorins requested review from bmeck and guybedford June 28, 2018 06:50
@MylesBorins MylesBorins mentioned this pull request Jun 28, 2018
Closed
vsemozhetbyt
vsemozhetbyt reviewed Jun 28, 2018
View reviewed changes
doc/api/errors.md
@@ -1388,6 +1388,11 @@ OpenSSL crypto support.
An attempt was made to use features that require [ICU][], but Node.js was not
compiled with ICU support.

<a id="ERR_NON_EXPLICIT_SPECIFIER"></a>

This comment was marked as resolved.

Sign in to view

This comment was marked as resolved.

Sign in to view

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, sorry, N is before _. But then it should go before ERR_NO_CRYPTO, right?

doc/api/errors.md Outdated
<a id="ERR_NON_EXPLICIT_SPECIFIER"></a>
### ERR_NON_EXPLICIT_SPECIFIER

Modules that are imported must use explicit file extensions
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing period.

doc/api/esm.md Outdated
@@ -54,6 +54,14 @@ property:

## Notable differences between `import` and `require`

### Mandatory file extensions

You must provide a file extension when using the `import` keyword.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We usually avoid you in API docs, as per style guide.

lib/internal/errors.js Outdated
@@ -740,6 +740,9 @@ E('ERR_NAPI_INVALID_TYPEDARRAY_ALIGNMENT',
'start offset of %s should be a multiple of %s', RangeError);
E('ERR_NAPI_INVALID_TYPEDARRAY_LENGTH',
'Invalid typed array length', RangeError);
E('ERR_NON_EXPLICIT_SPECIFIER',
'The file %s does not include an extensionimported modules must declare' +
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

extensionimported -> extension. Imported?

@MylesBorins MylesBorins added esm Issues and PRs related to the ECMAScript Modules implementation. modules-agenda Issues and PRs to discuss during the meetings of the Modules team. labels Jun 28, 2018
guybedford
guybedford reviewed Jun 28, 2018
View reviewed changes
lib/internal/modules/esm/default_resolve.js
@@ -24,6 +25,10 @@ function search(target, base) {
// We cannot search without a base.
throw new ERR_MISSING_MODULE(target);
}
if ((target[0] === '.' || target[0] === '/') &&
(extname(target) <= 1)) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It may be a little clearer to have an explicit .length check here instead of relying on JavaScript magic.

lib/internal/modules/esm/default_resolve.js
@@ -24,6 +25,10 @@ function search(target, base) {
// We cannot search without a base.
throw new ERR_MISSING_MODULE(target);
}
if ((target[0] === '.' || target[0] === '/') &&
Copy link
Contributor

@guybedford guybedford Jun 28, 2018
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check should be target[0] === '.' && (target[1] === '/' || target[1] === '.' && target[2] === '/') || target[0] === '/' to ensure support for filenames starting with .. Alternatively just the regex /^\.{0,2}\//.test(target).

I understand this is an initial implementation, but note that this implementation still supports "main"s and URLs getting default extensions. Happy to do a deeper review in due course.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe String.prototype.startsWith can be used?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we do use a method, i'd prefer the non-taintable approaches used elsewhere for robustness

@bmeck
Copy link
Member

bmeck commented Jun 28, 2018

We should discuss migration strategies here in depth and the impact of this, in particular this seems at odds with the findings of nodejs/modules#139 about migration strategies that support a smooth ability to migrate. It would be good if the overall reasoning about why matching package-name-maps is seen as superior to the migration path findings in that issue.

bmeck
bmeck suggested changes Jun 28, 2018
View reviewed changes
Copy link
Member

@bmeck bmeck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this should not land without heavy discussion and documentation of a migration strategy existing somewhere

@MylesBorins MylesBorins mentioned this pull request Jul 9, 2018
Closed
@MylesBorins
Copy link
Contributor Author

Closing in lieu of #21729

@MylesBorins MylesBorins closed this Jul 9, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@bmeck bmeck bmeck requested changes

@guybedford guybedford guybedford left review comments

@YurySolovyov YurySolovyov YurySolovyov left review comments

@vsemozhetbyt vsemozhetbyt vsemozhetbyt left review comments

Assignees
No one assigned
Labels
errors Issues and PRs related to JavaScript errors originated in Node.js core. esm Issues and PRs related to the ECMAScript Modules implementation. modules-agenda Issues and PRs to discuss during the meetings of the Modules team.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@MylesBorins @nodejs-github-bot @bmeck @guybedford @YurySolovyov @vsemozhetbyt