PORT=xxxx, if in use, causes portfinder to string concatenate because input is not sanitized

[tomsseisums]

This could be considered an issue on portfinder (https://github.com/indexzero/node-portfinder/blob/master/lib/portfinder.js#L316), though, that's a non-binary providing library and is not expected to be used with ENV variables. Not their functionality, so to speak. Therefore I am reporting here because I feel this is more like wrong usage of depending library.

---

[developer@webapps vue-webpack-latest]$ DEBUG=portfinder:testPort,portfinder:getPort,portfinder.defaultHosts PORT=8090 yarn dev
yarn run v1.3.2
$ webpack-dev-server --inline --progress --config build/webpack.dev.conf.js
  portfinder:defaultHosts exports._defaultHosts is: [ '0.0.0.0', '127.0.0.1', '::1', '10.0.2.15', 'fe80::a00:27ff:fe90:d222', '192.168.56.56', 'fe80::a00:27ff:fe8f:11cf' ] +0ms
  portfinder:getPort in eachSeries() iteration callback: host is 0.0.0.0 +936ms
  portfinder:testPort entered testPort(): trying 0.0.0.0 port 8090 +2ms
  portfinder:testPort done w/ testPort(): failed 0.0.0.0 w/ port 8090 with error EADDRINUSE +7ms
  portfinder:testPort entered testPort(): trying 0.0.0.0 port 80901 +0ms
net.js:1458
      throw new RangeError('"port" argument must be >= 0 and < 65536');
      ^

RangeError: "port" argument must be >= 0 and < 65536
    at Server.listen (net.js:1458:13)
    at Object.internals.testPort (/srv/http/javascript-webapps.localdomain/vue-webpack-latest/node_modules/portfinder/lib/portfinder.js:66:18)
    at Server.onError (/srv/http/javascript-webapps.localdomain/vue-webpack-latest/node_modules/portfinder/lib/portfinder.js:57:15)
    at Object.onceWrapper (events.js:316:30)
    at emitOne (events.js:115:13)
    at Server.emit (events.js:210:7)
    at emitErrorNT (net.js:1339:8)
    at _combinedTickCallback (internal/process/next_tick.js:138:11)
    at process._tickCallback (internal/process/next_tick.js:180:9)
    at Function.Module.runMain (module.js:607:11)
    at startup (bootstrap_node.js:158:16)
    at bootstrap_node.js:575:3
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.

Expected Behavior

Port incremented from 8090 to 8091.

Actual Behavior

Since process.env.PORT is of string type, concatenation happens instead of numeric increment, making the next port 80901 which is out of range.

For Bugs; How can we reproduce the behavior?

Pass port as ENV variable with its value set to a port already in use.

---

P.S. Managed to mess up and report on webpack-dev-server before: webpack/webpack-dev-server#1197 (leaving this for reference)

[LinusBorg]

Thanks! That should be fixable on our side.

[LinusBorg]

Wow, I just realized webpack-dev-server seems to use portfinder internally already. That's not really documented... I'll have to test this.

If it really looks for free ports on its own already, that means we can remove our extra implementation of portfinder i guess, but that's independent of fixing this bug.