lavamoat-core - npm Package Compare versions

Comparing version 1.1.0 to 1.1.3

package.json

 {
   "name": "lavamoat-core",
-  "version": "1.1.0",
+  "version": "1.1.3",
   "description": "LavaMoat kernel and utils",
@@ -15,3 +15,3 @@ "main": "src/index.js",
     "acorn-walk": "^7.1.1",
-    "cytoplasm": "^3.0.3",
+    "cytoplasm": "^3.1.1",
     "fromentries": "^1.2.0",
@@ -53,3 +53,3 @@ "json-stable-stringify": "^1.0.1",
   },
-  "gitHead": "7785b3715b811cc61c9ca6ee536ed8c2cf4aefc7"
+  "gitHead": "c8fd2a5dea15e236bceebd59296ed56b5f02a9ad"
 }

src/generateConfig.js

@@ -47,2 +47,6 @@ const through = require('through2')
     if (isDependency) return
+    // skip json files
+    const filename = moduleData.file || 'unknown'
+    const fileExtension = filename.split('.').pop()
+    if (fileExtension === 'json') return
     // get eval environment
@@ -49,0 +53,0 @@ const ast = acornGlobals.parse(moduleData.source)

src/kernelCoreTemplate.js

@@ -38,2 +38,3 @@ (function(){
 
+    const corePackages = new Set(lavamoatConfig.corePackages)
     const moduleCache = new Map()
@@ -43,2 +44,10 @@ const globalStore = new Map()
     const membrane = new Membrane({ debugMode })
+    const endowmentsMembraneSpace = membrane.makeMembraneSpace({
+      label: '<endowments>',
+      // this ensures all arguments passed to the endowments membrane are unwrapped
+      // the danger is if the endowments space calls functions or sets values on those
+      // unwrapped values, it also exposes its own refs unwrapped
+      dangerouslyAlwaysUnwrap: true,
+    })
+    membraneSpaceForPackage.set(endowmentsMembraneSpace.label, endowmentsMembraneSpace)
 
@@ -100,10 +109,14 @@ return {
       if (!moduleInitializer) {
+
+        // prepare the membrane-wrapped endowments
+        const endowmentsMembraneSpace = getMembraneSpaceForPackage('<endowments>')
+        const membraneWrappedEndowments = membrane.bridge(endowments, endowmentsMembraneSpace, packageMembraneSpace)
+
         // determine if its a SES-wrapped or naked module initialization
         if (runInSes) {
+
           // set the module initializer as the SES-wrapped version
           const moduleRealm = realm.global.Realm.makeCompartment()
           const globalsConfig = configForModule.globals
-          const endowmentsMembraneSpace = getMembraneSpaceForPackage('<endowments>')
-          const membraneEndowments = membrane.bridge(endowments, endowmentsMembraneSpace, packageMembraneSpace)
-          prepareRealmGlobalFromConfig(moduleRealm.global, globalsConfig, membraneEndowments, globalStore)
+          prepareRealmGlobalFromConfig(moduleRealm.global, globalsConfig, membraneWrappedEndowments, globalStore)
           // execute in module realm with modified realm global
@@ -116,6 +129,10 @@ try {
           }
+
         } else {
+
+          // expose the raw global on the endowments (?)
           endowments.global = globalRef
           // set the module initializer as the unwrapped version
-          moduleInitializer = unsafeEvalWithEndowments(`${moduleSource}`, endowments)
+          moduleInitializer = unsafeEvalWithEndowments(`${moduleSource}`, membraneWrappedEndowments)
+
         }
@@ -207,3 +224,3 @@ }
       const isSamePackage = packageName === parentModulePackageName
-      const isInParentWhitelist = packageName in parentPackagesWhitelist
+      const isInParentWhitelist = parentPackagesWhitelist[packageName] === true
       const parentIsEntryModule = parentModulePackageName === '<root>'
@@ -222,9 +239,3 @@
         const inGraph = getMembraneSpaceForPackage(packageName)
-        let outGraph
-        // set <root>'s membrane space to <endowments> so it receives unwrapped refs
-        if (parentModulePackageName === '<root>') {
-          outGraph = getMembraneSpaceForPackage('<endowments>')
-        } else {
-          outGraph = getMembraneSpaceForPackage(parentModulePackageName)
-        }
+        const outGraph = getMembraneSpaceForPackage(parentModulePackageName)
         const protectedExports = membrane.bridge(moduleExports, inGraph, outGraph)
@@ -236,2 +247,8 @@ return protectedExports
     function getMembraneSpaceForPackage (packageName) {
+      // core modules use the endowments MembraneSpace
+      if (corePackages.has(packageName)) {
+        return membraneSpaceForPackage.get('<endowments>')
+      }
+
+      // if exists, return it
       if (membraneSpaceForPackage.has(packageName)) {
@@ -241,2 +258,3 @@ return membraneSpaceForPackage.get(packageName)
 
+      // create the membrane space for this package
       const membraneSpace = membrane.makeMembraneSpace({
@@ -243,0 +261,0 @@ label: packageName,

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

255947

increased by0.33%

Lines of code

4668

increased by0.32%

Dependency changes

• Updatedcytoplasm@^3.1.1