-
-
Notifications
You must be signed in to change notification settings - Fork 109
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: handle malformed npm packages gracefully in extract action #1794
Conversation
2db41f8
to
e325ab3
Compare
af18f93
to
09104a9
Compare
b108cb7
to
d044659
Compare
.aspect/rules/external_repository_action_cache/npm_translate_lock_LTE4Nzc1MDcwNjU=
Show resolved
Hide resolved
d044659
to
07d6412
Compare
I'm still curious how frequent this is and if it's better to just patch the bad package instead? I don't think we should be writing workarounds for other peoples bugs within rules_js unless it is very common (like circular deps :/). |
I know of two packages so rare but impossible to know how many unless you check all npm packages on the npm registry. The failure mode is so bad that user's would have no idea that the problem is a missing Circular deps don't feel like a bug in npm packages but rather a property of the registry which allows circular deps. Unless Bazel is in the loop, circular deps don't matter to the package managers. |
Maybe circular deps is a bad example then, I just mean something very command that we can't ignore. Where this seems so rare I wonder if it's better to just patch or open PRs for the bad packages 🤷 However with the use of |
Even if you fixed the package at head you won't be able to fix bad tarballs in the registry for versions already published 🤷♂️ |
I guess we can't do that. Up to you if you want to try doing |
43f8c15
to
c22e0b4
Compare
Lame. It should just expand to the path of the directory. I'll just special case that one. |
c22e0b4
to
2a36d89
Compare
Fixes #1637.
Inspired by https://github.com/frc971/971-Robot-Code/blob/master/third_party/rules_js/0001-Fix-package-permissions.patch. Thanks @AustinSchuhBRT.
Similar to what is already done in
npm_import.bzl
:rules_js/npm/private/npm_import.bzl
Line 489 in f52cc4c
pngjs@5.0.0
, added tonpm/private/test/package.json
, is a package known to have a malformed tarball where the directories don't have execute/list permissions.