Skip to content

Commit

Permalink
feat(api-server): ability to install plugins at runtime #764
Browse files Browse the repository at this point in the history 
The API server will now use npm as a dependency to install
plugin packages before trying to import them (via require())

This is helpful in being able to ship a container image that
contains the API server and does not need additional chores
to be done in order to be able to use plugins (such as
starting a new node package with its own dependencies).

The security implications here are of course that we are
pulling code form the internet at runtime and if npm's
verification method for the code fails or if the plugin
package is malicious to begin with then that's a full breach
but these were security implications of the plugin architecture
to begin with so there is not much additional that we can
probably do here apart from a few addditional guard rails
to protect users from themselves by maybe always requiring
explicit versions so that auto-upgrade is out of the question.

Fixes #764

Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
  • Loading branch information
@petermetz
petermetz committed Apr 5, 2021
1 parent eaefbab commit 8dda0f6
Show file tree
Hide file tree
Showing 12 changed files with 2,064 additions and 129 deletions.
1 change: 1 addition & 0 deletions package.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@
"build:dev:backend": "npm-run-all lint clean tsc",
"build:dev:frontend": "lerna run build:dev:frontend",
"build:dev:cmd-api-server": "lerna exec --stream --scope '*/*api-server' -- 'del-cli dist/** && tsc --project ./tsconfig.json && webpack --env=dev --target=node --config ../../webpack.config.js'",
"test:cmd-api-server": "tap --timeout=600 \"packages/cactus-*cmd-api-server/src/test/typescript/{unit,integration}/\"",
"build:dev:common": "lerna exec --stream --scope '*/*common' -- 'del-cli dist/** && tsc --project ./tsconfig.json && webpack --env=dev --target=node --config ../../webpack.config.js'",
"build:dev:core-api": "lerna exec --stream --scope '*/*core-api' -- 'del-cli dist/** && tsc --project ./tsconfig.json && webpack --env=dev --target=node --config ../../webpack.config.js'",
"build:dev:test-tooling": "lerna exec --stream --scope '*/*test-tooling' -- 'del-cli dist/** && tsc --project ./tsconfig.json && webpack --env=dev --target=node --config ../../webpack.config.js'",
Expand Down
Loading

0 comments on commit 8dda0f6

Please sign in to comment.