module: disallow CJS <-> ESM edges in a cycle from require(esm) #52264
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Review requested:
|
nodejs-github-bot
added
lib / src
github-actions
bot
removed
the
request-ci
GeoffreyBooth
approved these changes
Mar 29, 2024
github-actions
bot
removed
the
request-ci
|
Just to confirm - can this deal with the case where the require(esm) module is to a parent of a cycle that hasn't been executed yet? That is, the invariant should specifically be that none of the require(esm) module, nor any of its transitive dependencies are currently part of an ESM execution operation. Consider the graph: Where we import That is, my intuition here would be that a full upfront graph analysis must be done at require(esm) time to ensure acyclic behaviour. |
This patch disallows CJS <-> ESM edges when they come from require(esm) requested in ESM evalaution. Drive-by: don't reuse the cache for imported CJS modules to stash source code of required ESM because the former is also used for cycle detection.
joyeecheung
force-pushed
the
require-esm-cycle
branch
from
f22f103
to
f414613
Compare
joyeecheung
force-pushed
the
require-esm-cycle
branch
from
f414613
to
971affd
Compare
Yes this can be detected. Added a test. |
github-actions
bot
removed
the
request-ci
guybedford
approved these changes
Apr 7, 2024
aduh95
approved these changes
Apr 7, 2024
Comment on lines
+359
to
+364
| function urlToFilename(url) { | ||
| if (url && StringPrototypeStartsWith(url, 'file://')) { | ||
| return fileURLToPath(url); | ||
| } | ||
| return url; | ||
| } |
There was a problem hiding this comment.
We could use that util in more places:
node/lib/internal/modules/esm/translators.js
Line 244 in d6b57f6
node/lib/internal/modules/esm/translators.js
Line 266 in d6b57f6
Can happen in a follow-up PR.
joyeecheung
added
commit-queue
nodejs-github-bot
removed
the
commit-queue
|
Landed in db17461 |
| already being evaluated. | ||
|
|
||
| To avoid the cycle, the `require()` call involved in a cycle should not happen | ||
| at the top-level of either a ES Module (via `createRequire()`) or a CommonJS |
There was a problem hiding this comment.
Suggested change
| at the top-level of either a ES Module (via `createRequire()`) or a CommonJS | |
| at the top-level of either an ES Module (via `createRequire()`) or a CommonJS |
| parseCachedModule.loaded = true; | ||
| // If it's cached by the ESM loader as a way to indirectly pass | ||
| // the module in to avoid creating it twice, the loading request | ||
| // come from imported CJS. In that case use the importedCJSCache |
There was a problem hiding this comment.
Suggested change
| // come from imported CJS. In that case use the importedCJSCache | |
| // came from imported CJS. In that case use the importedCJSCache |
Comment on lines
+260
to
+264
| * @param {import('../cjs/loader.js').Module} mod CJS module wrapper of the ESM. | ||
| * @param {string} filename Resolved filename of the module being require()'d | ||
| * @param {string} source Source code. TODO(joyeecheung): pass the raw buffer. | ||
| * @param {string} isMain Whether this module is a main module. | ||
| * @returns {ModuleNamespaceObject} | ||
| * @param {import('../cjs/loader.js').Module|undefined} parent Parent module, if any. |
There was a problem hiding this comment.
nit: we could DRY this up with a @typedef
Comment on lines
+270
to
+279
| // This module job is already created: | ||
| // 1. If it was loaded by `require()` before, at this point the instantiation | ||
| // is already completed and we can check the whether it is in a cycle | ||
| // (in that case the module status is kEvaluaing), and whether the | ||
| // required graph is synchronous. | ||
| // 2. If it was loaded by `import` before, only allow it if it's already evaluated | ||
| // to forbid cycles. | ||
| // TODO(joyeecheung): ensure that imported synchronous graphs are evaluated | ||
| // synchronously so that any previously imported synchronous graph is already | ||
| // evaluated at this point. |
There was a problem hiding this comment.
w00t! thanks for this!
| } | ||
| throw new ERR_REQUIRE_CYCLE_MODULE(message); | ||
| } | ||
| // Othersie the module could be imported before but the evaluation may be already |
There was a problem hiding this comment.
Suggested change
| // Othersie the module could be imported before but the evaluation may be already | |
| // Otherwise the module could be imported before but the evaluation may be already |
Comment on lines
355
to
+356
| const { responseURL, source } = loadResult; | ||
| let { format: finalFormat } = loadResult; | ||
| const { format: finalFormat } = loadResult; |
There was a problem hiding this comment.
nit: collapsable
Suggested change
| const { responseURL, source } = loadResult; | |
| let { format: finalFormat } = loadResult; | |
| const { format: finalFormat } = loadResult; | |
| const { | |
| format: finalFormat, | |
| responseURL, | |
| source, | |
| } = loadResult; |
marco-ippolito
added
the
backport-blocked-v20.x
joyeecheung
added a commit
to joyeecheung/node
that referenced
this pull request
Jun 17, 2024
This patch disallows CJS <-> ESM edges when they come from require(esm) requested in ESM evalaution. Drive-by: don't reuse the cache for imported CJS modules to stash source code of required ESM because the former is also used for cycle detection. PR-URL: nodejs#52264 Fixes: nodejs#52145 Reviewed-By: Geoffrey Booth <webadmin@geoffreybooth.com> Reviewed-By: Guy Bedford <guybedford@gmail.com> Reviewed-By: Antoine du Hamel <duhamelantoine1995@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch disallows CJS <-> ESM cycle edges when they come from require(esm) requested in ESM evalaution.
Drive-by: don't reuse the cache for imported CJS modules to stash source code of required ESM because the former is also used for cycle detection.
Fixes: #52145