fix: avoid ProvidePlugin injection for local const require bindings#21041
Conversation
🦋 Changeset detectedLatest commit: 9d4c234 The changes in this PR will be included in the next version bump. This PR includes changesets to release 1 package
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Fixes a parser-hook interaction where a local const NAME = require("...") binding could still fall through to ProvidePlugin’s free-variable handling when both use the same identifier, causing duplicate declarations during module concatenation.
Changes:
- Update CommonJS imports parser handling to “bail out” after processing tagged
const require(...)bindings. - Add a regression config-case covering
ProvidePlugin({ process })+ localconst process = require(...)with module concatenation enabled. - Add simple fixture module used by the regression case.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.
| File | Description |
|---|---|
| test/configCases/plugins/provide-plugin-require-binding/webpack.config.js | Adds a dedicated config-case enabling ProvidePlugin and concatenateModules for the regression |
| test/configCases/plugins/provide-plugin-require-binding/process.js | Adds a minimal process-like module used by both the local binding and ProvidePlugin |
| test/configCases/plugins/provide-plugin-require-binding/index.js | Adds runtime assertion ensuring the local binding wins over ProvidePlugin injection |
| lib/dependencies/CommonJsImportsParserPlugin.js | Stops hook fall-through by returning true after handling the tagged require-binding |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| @@ -732,6 +732,7 @@ class CommonJsImportsParserPlugin { | |||
| // chain), so we have to assume the whole exports object is used. | |||
| binding.dep.referencedExports = null; | |||
| } | |||
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #21041 +/- ##
==========================================
- Coverage 91.67% 91.65% -0.02%
==========================================
Files 573 573
Lines 59874 59875 +1
Branches 16159 16159
==========================================
- Hits 54888 54877 -11
- Misses 4986 4998 +12
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
|
Thanks for the fix. ❤️ |
Summary
Fix a parser interaction introduced by the CommonJS
const NAME = require(LITERAL)binding tracking.When a local const require binding has the same name as a
ProvidePlugindefinition, for example:with:
webpack could still fall through from the local require-binding hook to the
ProvidePluginhook forprocess. That caused webpack to emit both a provided dependency declaration and the local const binding in the same scope, eventually failing with:This change returns
trueafter handling bare reads of tagged CommonJS require bindings, so the local binding is treated as handled and does not trigger same-name free variable hooks.What kind of change does this PR introduce?
fix
Did you add tests for your changes?
Yes. Added a regression test in
test/configCases/plugins/provide-plugin-require-bindingcovering a localconst process = require(...)binding together withProvidePlugin({ process })and module concatenation enabled.Validated with:
Does this PR introduce a breaking change?
No.
This only prevents a local
const NAME = require(...)binding from falling through to same-name free variable hooks after webpack has already handled that local binding. ExistingProvidePluginbehavior for actual free variables is unchanged.If relevant, what needs to be documented once your changes are merged or what have you already documented?
No documentation changes are needed. This is a bug fix for parser behavior.
Use of AI
AI assistance was used to help investigate the regression, identify the parser fallback path, draft the minimal code change, and prepare the PR description. The generated code and text were reviewed and validated by a human before submission, following webpack's AI usage policy.