@AJ I was talking more about the following: Indeterminate because unless you're doing a complete ongoing audit of all modules and their dependencies, you'll hit indeterminate behavior in the following cases:
1. eval From https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Functions_and_function_scope/Strict_mode : "eval of strict mode code does not introduce new variables into the surrounding scope." Even if you're particularly zealous that you shouldn't use eval, it's doubtful your dependency authors are quite so zealous. So you'll need to require no dependencies use eval in any way to ensure no indeterminate behavior. 2. Implicit this From https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Functions_and_function_scope/Strict_mode : "the value passed as this to a function in strict mode isn't boxed into an object" You'll need to make sure no dependencies are depending on the implicit this binding. Again, not that that this is a best practice, but it's pretty common to foo.call(null) and that behaves differently. Imagine a module safely assuming this is an object, and then fails checking this.constructor b/c this === null. Yes it's contrived, yes they probably don't have a good reason to be doing it, but the node module ecosystem is young and you're going to create some really strange headaches for yourself that may very well not be worth it. Lastly, and IMHO most importantly, 3. arguments From https://developer.mozilla.org/en-US/docs/JavaScript/Reference/Functions_and_function_scope/Strict_mode : "strict mode code doesn't alias properties of arguments objects created within it. In normal code within a function whose first argument is arg, setting arg also sets arguments[0], and vice versa" It's pretty common to use argument names and arguments[i] interchangeably from what I've seen. This would be my greatest concern for indeterminate behavior, and it would be pretty pervasive. Since all the other changes in strict mode raise errors where they previously did not, you'll at least be aware of them, so there's that. At any rate, this discussion has come up before here on the list, and my main point boiled down to: "While the additional errors will be nice and may expose some underlying vulnerabilities, you may just as likely introduce a whole bunch of bizarre new bugs." It's worth at least the consideration for anyone considering using strict global. My recommendation? Use strict mode for all the code you write (not globally), and update your existing modules to conform. Don't just flip the switch in your production app for the above reasons. Maybe npm should include a new package.json flag for expressing whether a module has been verified for strict mode compliance. Either way, the community should be moving toward strict mode as fast as possible for its many current and future (performance) benefits. Cheers, Adam Crabtree On Wed, Mar 13, 2013 at 12:26 PM, Joshua Holbrook <[email protected]>wrote: > I seriously don't understand: Why bother? Why make things that used to > work no longer work? That's basically the only thing that "use strict" > at the global level will do for you. > > --Josh > > On Wed, Mar 13, 2013 at 11:21 AM, AJ ONeal <[email protected]> wrote: > > Ben, > > > > That is correct. > > > > See http://stackoverflow.com/a/4304187 > > > > Although some shells or OSes may allow arguments to shebang, I've had > issues > > with it on my setup (OSX and Linux with Bash and ZSH). > > > > And then there's Windows... > > > > I believe my solution will also work on Windows, but it's certainly not > the > > ideal solution. > > I think that would be a native bin that invokes node with strict mode. > > > > AJ ONeal > > (317) 426-6525 > > > > > > On Wed, Mar 13, 2013 at 11:18 AM, Ben Noordhuis <[email protected]> > wrote: > >> > >> On Wed, Mar 13, 2013 at 6:03 PM, AJ ONeal <[email protected]> wrote: > >> > Perhaps the very best part of node v0.10.0 is that all of the core > >> > modules > >> > are finally fully ES5 compliant!!! > >> > > >> > Although, you can't use es5-compliant mode with a shebang > >> > (because you can't pass the --use_strict argument), > >> > so I made a shim that will run node in es5 (strict) mode for you. [0] > >> > > >> > Install > >> > > >> > sudo npm install -g node-es5 > >> > > >> > Usage > >> > > >> > #!/usr/bin/env node-es5 > >> > > >> > (P.S. Dear core devs: please provide a native cli for strict mode > node) > >> > > >> > Except in the case that you're writing code that also runs in the > >> > browser, > >> > you can now skip the obligatory > >> > > >> > (function () { > >> > "use strict"; > >> > > >> > // code goes here > >> > }()); > >> > > >> > Not that there's any harm in putting it in... but it's just annoying. > >> > > >> > You can also take out `strict: true` from your `.jshintrc` for your > node > >> > projects. (An `implicitstrict` option may come soon [1]). > >> > > >> > Anyway, this is certainly a GIANT step forward in eliminating the > >> > excuses of > >> > using bug-prone ES3 code. > >> > > >> > Hurrah to the Node Devs! > >> > > >> > AJ ONeal > >> > > >> > [0]: https://github.com/coolaj86/node-es5 > >> > [1]: https://github.com/jshint/jshint/issues/924 > >> > >> AJ, am I missing something? > >> > >> #!/path/to/node --use_strict > >> console.log('Hello, world.'); > >> > >> You're saying that doesn't work for you? > >> > >> -- > >> -- > >> Job Board: http://jobs.nodejs.org/ > >> Posting guidelines: > >> https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > >> You received this message because you are subscribed to the Google > >> Groups "nodejs" group. > >> To post to this group, send email to [email protected] > >> To unsubscribe from this group, send email to > >> [email protected] > >> For more options, visit this group at > >> http://groups.google.com/group/nodejs?hl=en?hl=en > >> > >> --- > >> You received this message because you are subscribed to the Google > Groups > >> "nodejs" group. > >> To unsubscribe from this group and stop receiving emails from it, send > an > >> email to [email protected]. > >> For more options, visit https://groups.google.com/groups/opt_out. > >> > >> > > > > -- > > -- > > Job Board: http://jobs.nodejs.org/ > > Posting guidelines: > > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > > You received this message because you are subscribed to the Google > > Groups "nodejs" group. > > To post to this group, send email to [email protected] > > To unsubscribe from this group, send email to > > [email protected] > > For more options, visit this group at > > http://groups.google.com/group/nodejs?hl=en?hl=en > > > > --- > > You received this message because you are subscribed to the Google Groups > > "nodejs" group. > > To unsubscribe from this group and stop receiving emails from it, send an > > email to [email protected]. > > For more options, visit https://groups.google.com/groups/opt_out. > > > > > > -- > -- > Job Board: http://jobs.nodejs.org/ > Posting guidelines: > https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines > You received this message because you are subscribed to the Google > Groups "nodejs" group. > To post to this group, send email to [email protected] > To unsubscribe from this group, send email to > [email protected] > For more options, visit this group at > http://groups.google.com/group/nodejs?hl=en?hl=en > > --- > You received this message because you are subscribed to the Google Groups > "nodejs" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > > -- Better a little with righteousness than much gain with injustice. Proverbs 16:8 -- -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en --- You received this message because you are subscribed to the Google Groups "nodejs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
