## The Context The context provided to hooks has a method called `requireCordovaModule`.
https://github.com/apache/cordova-lib/blob/1bc9dd050cbc12b046fd7e20628084d79d2f9fe4/src/hooks/Context.js#L50-L72 The apparent purpose of this method is to allow users to require modules of the exact version of Cordova that is running the hook. I guess that makes some sense, given how we currently use the Node module system to provide singletons. ## The Problem However, this method conceptually leaks all internals of `cordova-lib`, including any of its dependencies, to the hooks context. The [only documentation on this method](https://cordova.apache.org/docs/en/latest/guide/appdev/hooks/#javascript) even **encourages** users to use it to require Q, which we could break, if we removed Q from our dependencies as part of #681. I can see how this might have seemed like a great idea when promises weren't available in native JS, but that has thankfully changed now. ## The Solution I suggest we limit the modules allowed to import using `Context.prototype.requireCordovaModule` to a fixed whitelist containing only `cordova-*` dependencies of `cordova-lib` and `cordova-lib` itself. As a first step, we should only issue a deprecation warning if anything not on the whitelist is required. As an additional safety measure, we might warn users about using private interfaces when they deep-require something (like `require('cordova-lib/src/hooks/Context')` for example). What do you think? I'm looking forward to your feedback. [ Full content available at: https://github.com/apache/cordova-lib/issues/689 ] This message was relayed via gitbox.apache.org for [email protected]
