On Tue, 17 Mar 2020, 23:52 Jonas Smedegaard, <[email protected]> wrote: > Quoting Nilesh Patra (2020-02-02 18:51:01) > > On Sun, 2 Feb 2020 at 22:48, Jonas Smedegaard <[email protected]> wrote: > > > > > Quoting Nilesh Patra (2020-02-02 16:01:57) > > > > I fixed node-jsonld to build with Node.js >= 12. It builds fine in > > > > a clean chroot, and autopkgtests pass. > [...] > > > I reduced your module resolving patch to only add /usr/share/nodejs > > > - if the two relative paths ('.' and 'node_modules') are really > > > needed then please explain why (again, I may very well have missed > > > something, but it looks to me like a dirty hack which might cause > > > trouble at least on non-clean build environments). > > > > > > > I have faced issues with webpack failing to resolve modules when they > > are embedded. > > I added that in to avoid webpack failing to recognize those, if in > > case modules are embedded in future. > > I have now identified that webpack.config.js needs the following: > > + resolve: { > + modules: > ['/usr/lib/nodejs','/usr/share/nodejs','/usr/share/nodejs/babel-runtime/node_modules'], > + }, > + resolveLoader: { > + modules: ['/usr/lib/nodejs','/usr/share/nodejs'], > + }, > > To me that smells of an error in node-babel-runtime. >
Seems like; and it looks apparent in yadd's commit which they pointed out in with new babel > I strongly recommend to *revert* any and all packages where resolve > paths have been patched to include '.' and/or './node_modules' as I > suspect that to not only be wrong but also be a security risk similar to > shell PATH or perl/python/ruby/whatever module-loaders including ".". Sounds good, I'll see if I can do that with a workaround for other node modules which I have worked on with this particular change. I appreciate that you reviewed and let me know the correct fixes. That said, could you as well review my changes for node-terser here[1]. I had replied on the bug[2] too, and since it's approximately been a month, I would really appreciate if you could review the changes. [1]: https://salsa.debian.org/gi-boi-guest/node-terser/ [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=950666#19 Thanks and regards, Nilesh
-- Pkg-javascript-devel mailing list [email protected] https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
