fix: handle malformed npm packages gracefully in extract action#1794
Conversation
2db41f8 to
e325ab3
Compare
|
af18f93 to
09104a9
Compare
b108cb7 to
d044659
Compare
d044659 to
07d6412
Compare
|
I'm still curious how frequent this is and if it's better to just patch the bad package instead? I don't think we should be writing workarounds for other peoples bugs within rules_js unless it is very common (like circular deps :/). |
I know of two packages so rare but impossible to know how many unless you check all npm packages on the npm registry. The failure mode is so bad that user's would have no idea that the problem is a missing Circular deps don't feel like a bug in npm packages but rather a property of the registry which allows circular deps. Unless Bazel is in the loop, circular deps don't matter to the package managers. |
|
Maybe circular deps is a bad example then, I just mean something very command that we can't ignore. Where this seems so rare I wonder if it's better to just patch or open PRs for the bad packages 🤷 However with the use of |
|
Even if you fixed the package at head you won't be able to fix bad tarballs in the registry for versions already published 🤷♂️ |
I guess we can't do that. Up to you if you want to try doing |
43f8c15 to
c22e0b4
Compare
Lame. It should just expand to the path of the directory. I'll just special case that one. |
c22e0b4 to
2a36d89
Compare
Fixes #1637.
Inspired by https://github.com/frc971/971-Robot-Code/blob/master/third_party/rules_js/0001-Fix-package-permissions.patch. Thanks @AustinSchuhBRT.
Similar to what is already done in
npm_import.bzl:rules_js/npm/private/npm_import.bzl
Line 489 in f52cc4c
pngjs@5.0.0, added tonpm/private/test/package.json, is a package known to have a malformed tarball where the directories don't have execute/list permissions.