Skip to content

js: add support for the 'node:' prefix for importing internal modules #7734

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
kaeluka merged 3 commits into from
Jan 26, 2022
Merged

js: add support for the 'node:' prefix for importing internal modules #7734

kaeluka merged 3 commits into from
Jan 26, 2022

Conversation

@kaeluka
Copy link

@kaeluka kaeluka commented Jan 25, 2022

Context

import fs from 'node:fs/promises';

Is equivalent to

import fs from 'fs/promises';

if there is no node_modules/fs folder (which would be extremely bad practice).

References

https://nodejs.org/api/esm.html#node-imports
https://2ality.com/2021/12/node-protocol-imports.html

@kaeluka kaeluka requested a review from a team as a code owner January 25, 2022 09:57
@github-actions github-actions bot added the JS label Jan 25, 2022
@kaeluka kaeluka changed the title add support for the 'node:' prefix for importing internal modules js: add support for the 'node:' prefix for importing internal modules Jan 25, 2022
@erik-krogh
Copy link
Contributor

erik-krogh commented Jan 25, 2022

Could you add a test. (Maybe test that a require("node:fs").writeFileSync(sink, xx) works with path-injection).

And an evaluation.
You are touching something that affects basically all queries, my usual goto for that is nightly + security-extended.

@kaeluka
Copy link
Author

kaeluka commented Jan 25, 2022
edited
Loading

Thanks, @erik-krogh!

The change is now tested (I also confirmed that the test fails when undoing my change — manually). But I didn't make a new test, rather modified an existing one. Otherwise, the new test would've more been about the path-injection than about the import syntax.

I also started an experiment.

@erik-krogh
Copy link
Contributor

erik-krogh commented Jan 25, 2022

The change is now tested (I also confirmed that the test fails when undoing my change — manually).

I would rather have a some new code, such that both cases are tested.
Adding this to the bottom of the file should work:

var nodefs = require('node:fs');

var server2 = http.createServer(function(req, res) {
  let path = url.parse(req.url, true).query.path;
  
  nodefs.readFileSync(path); // NOT OK
});

@kaeluka
Copy link
Author

kaeluka commented Jan 25, 2022

Alright, @erik-krogh, I've added that snippet instead and amended the .expected file.

erik-krogh
erik-krogh approved these changes Jan 26, 2022
View reviewed changes
Copy link
Contributor

@erik-krogh erik-krogh left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

I was wondering for a while whether supporting the node: prefix on all module imports was the right thing to do.
But I think it's fine for now, and we can consider what we want to do long term when such prefixes begin seeing more adoption.

@kaeluka kaeluka merged commit b7690e5 into github:main Jan 26, 2022
@kaeluka
Copy link
Author

kaeluka commented Jan 26, 2022
edited
Loading

My thinking is that it's pbly better because it will make potential problems visible at least (FPs are easier to find than FNs). But we can easily undo the change if it proves wrong.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@erik-krogh erik-krogh erik-krogh approved these changes

Assignees

No one assigned

Labels

JS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@kaeluka @erik-krogh