-
Notifications
You must be signed in to change notification settings - Fork 30.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
module: fix null
restrictions in imports and exports patterns
#44328
Conversation
Review requested:
|
@aduh95 nice quick work, and good test cases. We should make sure that this normalization applies in all suitable paths. Note also that any changes to the exports resolution require a corresponding spec change. There are two options for this - normalization and validation. For normalization we would add an initial line to **PACKAGE\_IMPORTS\_EXPORTS\_RESOLVE**(_matchKey_, _matchObj_, _packageURL_,
_isImports_, _conditions_)
> 1. Replace in _matchKey_ any _"//"_ with _"/"_. For validation, we would update the existing validations in > If _subpath_ split on _"/"_ or _"\\"_ contains any _"."_, _".."_, or
> _"node\_modules"_ segments, case insensitive and including percent
> encoded variants, throw an _Invalid Module Specifier_ error. With: > If _subpath_ split on _"/"_ or _"\\"_ contains any empty, _"."_, _".."_, or
> _"node\_modules"_ segments, case insensitive and including percent
> encoded variants, throw an _Invalid Module Specifier_ error. I'm ok with validation or normalization. Perhaps slightly tending towards preferring validation since I can't imagine a scenario where supporting these double slashings would be desired. Where normalization in general opens up more vectors, we probably want to reduce vectors. The following code paths / test cases come to mind as needing to be included in this PR as well:
|
IIUC, except the first point all of those test cases are already covered by the tests as is. Or am I missing something? |
I didn't thoroughly check the tests, CommonJS ones are there and it does seem many are included. Here is a list of some other cases: {
"exports": {
"./expt//": "./mapping/",
"./expt//sub/": "./mapping/sub/",
"./expt//exact": "./mapping/exact.js"
}
} With corresponding variations for imports. Did you have any further feedback on validation versus normalization? |
Wasn't that removed in v17.0.0? Lines 2851 to 2857 in 5e5fb82
IMO it's totally OK to let users define and/or use multiple slashes in a row in their exports/imports, and also it makes sense for when defining a |
It would be very confusing if we allowed an author to define |
I don't know, HTTP let you do that, and that doesn't seem to cause much harm. |
I heavily disagree - it's caused a TON of harm, as have most of the ways the web is lax about structure. |
Only flat file systems are affected by this for `file:` which is the only
thing exports/imports field govern. The only real flat file systems still
in use are IOT or a special mounting of S3 directly these days. Normalizing
seems fine to me as it is prohibitively hard to have "a//b" preserved in
modern FS. If this affected network I might have more opinions but this
shouldn't affect network where that kind of things are commonly preserved.
…On Mon, Aug 22, 2022, 1:33 PM Jordan Harband ***@***.***> wrote:
I heavily disagree - it's caused a TON of harm, as have most of the ways
the web is lax about structure.
—
Reply to this email directly, view it on GitHub
<#44328 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AABZJI3UOGJ76U4OTHK5LBLV2PBZNANCNFSM57EZV4YQ>
.
You are receiving this because you are on a team that was mentioned.Message
ID: ***@***.***>
|
Just because it was deprecated doesn't mean we don't still support it and have tests for it. I'm ok with both approaches, but for normalization we very specifically need to apply it more generally something like the suggested spec text. I do think validation would be safer though overall, again if done carefully with respect to the spec work and edge cases. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We must include the corresponding change in the ESM resolver spec.
Superseded by #44477. |
@aduh95 I wonder if it's time to start thinking about the upcoming runtime deprecations? |
@guybedford Runtime deprecation has landed on v19.x (#44495), so I guess the next step would be to remove it completely. |
Ahh, yes then I think we have a number of runtime deprecations that we should probably remove for 20? |
We could always decide to wait on some of the more recent deprecations though as well. |
Fixes: #44316
/cc @nodejs/modules