-
Notifications
You must be signed in to change notification settings - Fork 29.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Policy: add scopes to ease usability #34552
Conversation
I've noted that full protocol scoping is not currently possible for |
Ugggg, |
e25f721
to
6233f31
Compare
rebased due to this and conditions landing a bit uncleanly |
this is pretty much just ready for review, some odd quirks about node do leak out like how the '-e' and '-p' CLI flags treat their location as files? |
doc/api/policy.md
Outdated
If a dependency is not found, the resource may include `"cascade": true` which | ||
will delegate to a scope. Scopes may also use `"cascade": true`. The scope for |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
These two sentences are a bit confusing and awkward together
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
how about combining them:
If a scope or resource includes
"cascade": true
unknown specifiers will
be searched for in their containing scope.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rephrased
test/fixtures/policy/dependencies/dependencies-scopes-policy.json
Outdated
Show resolved
Hide resolved
Wrote up some attack concerns on adding this feature in some slides. I believe the risk of using this feature is acceptable. |
I intend to land this on Monday. |
rebased but waiting on ci reliability (seems unrelated?) |
PR-URL: #34552 Reviewed-By: James M Snell <jasnell@gmail.com>
Landed in 4234904 |
PR-URL: #34552 Reviewed-By: James M Snell <jasnell@gmail.com>
Checklist
make -j4 test
(UNIX), orvcbuild test
(Windows) passesThis adds a mechanism matching
package.json
that allows setting default "integrity" and "dependency" values by a URL subspace. It also adds the ability to opt-in to cascading permissions by introducing"cascade": true
. It uses a separate field in the policy file due to collisions of string representation of scopes and potential resources.