[Pkg-javascript-devel] [RFS] node-jsonld
Xavier
yadd at debian.org
Tue Mar 17 18:54:01 GMT 2020
Le 17/03/2020 à 19:22, Jonas Smedegaard a écrit :
> Quoting Nilesh Patra (2020-02-02 18:51:01)
>> On Sun, 2 Feb 2020 at 22:48, Jonas Smedegaard <jonas at jones.dk> wrote:
>>
>>> Quoting Nilesh Patra (2020-02-02 16:01:57)
>>>> I fixed node-jsonld to build with Node.js >= 12. It builds fine in
>>>> a clean chroot, and autopkgtests pass.
> [...]
>>> I reduced your module resolving patch to only add /usr/share/nodejs
>>> - if the two relative paths ('.' and 'node_modules') are really
>>> needed then please explain why (again, I may very well have missed
>>> something, but it looks to me like a dirty hack which might cause
>>> trouble at least on non-clean build environments).
>>>
>>
>> I have faced issues with webpack failing to resolve modules when they
>> are embedded.
>> I added that in to avoid webpack failing to recognize those, if in
>> case modules are embedded in future.
>
> I have now identified that webpack.config.js needs the following:
>
> + resolve: {
> + modules: ['/usr/lib/nodejs','/usr/share/nodejs','/usr/share/nodejs/babel-runtime/node_modules'],
> + },
> + resolveLoader: {
> + modules: ['/usr/lib/nodejs','/usr/share/nodejs'],
> + },
>
> To me that smells of an error in node-babel-runtime.
Hi,
I fixed something that looks like this in @babel/runtime 7.4.5:
https://salsa.debian.org/js-team/node-babel/-/blob/babel7/debian/patches/load-plugins-from-system-libraries.diff
> I strongly recommend to *revert* any and all packages where resolve
> paths have been patched to include '.' and/or './node_modules' as I
> suspect that to not only be wrong but also be a security risk similar to
> shell PATH or perl/python/ruby/whatever module-loaders including ".".
>
> - Jonas
>
>
More information about the Pkg-javascript-devel
mailing list