npm - @nubjs/nub - Versions diffs - 0.0.22 → 0.0.23 - Mend

@nubjs/nub 0.0.22 → 0.0.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/bin/launch.js CHANGED Viewed

@@ -9,18 +9,20 @@
 //
 // On its FIRST POSIX invocation this launcher SELF-HEALS: it rewrites the on-PATH
 // entry that dispatched it — the package manager's bin shim (pnpm cmd-shim) or
-// symlink (npm/bun) — into a MINIMAL `#!/bin/sh` trampoline that exec's the native
-// binary directly. Every later call then resolves PATH -> that tiny sh trampoline
+// symlink (npm/bun/yarn) — into a tiny `#!/bin/sh` sh/node POLYGLOT trampoline that
+// exec's the native binary. Every later call then resolves PATH -> that trampoline
 // -> native, skipping Node entirely (~native cold-start; the sh hop is ~1-2ms on
 // Linux dash/busybox, ~4ms on macOS bash — vs ~50ms for this Node launcher).
 //
-// CRITICAL: the heal target is a minimal sh SCRIPT, never a native binary. A
-// script->binary swap has an irreducible TOCTOU race (the kernel reads `#!/bin/sh`
-// then `/bin/sh` reopens the path and finds a Mach-O -> "cannot execute binary
-// file"; ~24% under a concurrent burst). A script->script swap (both `#!/bin/sh`,
-// always valid scripts) is race-free by construction — a concurrent `/bin/sh`
-// reopening the entry mid-swap always reads a valid trampoline (measured 0/600 vs
-// 146/600). So the heal needs no lock: it is best-effort, atomic (write temp +
+// CRITICAL: the heal target is a SCRIPT, never a native binary (a script->binary swap
+// has an irreducible exec-format TOCTOU race), AND it is an sh/node polyglot so the
+// swap is safe under concurrency on every PM. Two race classes are closed: (1) pnpm's
+// entry is an sh cmd-shim, so sh->sh is race-free by construction; (2) npm/bun/yarn's
+// entry is a symlink to this #!node launcher, so a concurrent Node that already passed
+// the shebang and re-reads the swapped file would parse sh-as-JS and die — UNLESS the
+// new file is also valid JS, which the polyglot is (it runs a JS fallback that spawns
+// native). Measured: pure-sh heal ~6%/200 concurrent first-call failures on npm/bun;
+// polyglot 0/600. So the heal needs no lock: it is best-effort, atomic (write temp +
 // rename), verify-before-clobber, and a no-op on Windows.
 //
 // The native binary selects its verb from argv[0]'s basename (nub vs nubx); the
@@ -88,7 +90,18 @@ function healPathEntry(verb, nativePath) {
     const ourBin = path.join(__dirname, verb); // .../@nubjs/nub/bin/<verb>
     let ourReal; try { ourReal = fs.realpathSync(ourBin); } catch { ourReal = ourBin; }
     let nativeReal; try { nativeReal = fs.realpathSync(nativePath); } catch { nativeReal = nativePath; }
-    const content = `#!/bin/sh\nexec ${shq(nativeReal)} "$@"\n`;
+    // The healed entry is an sh/node POLYGLOT. A fresh exec reads `#!/bin/sh` and sh
+    // runs line 2 (`exec native`, the fast path). But a concurrent Node that already
+    // spawned through the pre-heal node shim — passing the `#!node` shebang BEFORE the
+    // heal renamed this file in — then re-opens this path as its "script" and reads
+    // line 2 as a `":"` string statement + a `//` comment (no-op), running line 3's JS
+    // fallback (spawn native) instead of choking on sh-as-JS. So the heal is race-free
+    // on symlink-to-node-shim PMs (npm/bun/yarn) too, the guarantee pnpm gets for free.
+    // Measured: pure-sh heal ~6%/200 concurrent first-call failures; polyglot 0/600.
+    const content =
+      `#!/bin/sh\n` +
+      `":" //# nub launcher; exec ${shq(nativeReal)} "$@"\n` +
+      `var r=require("child_process").spawnSync(${JSON.stringify(nativeReal)},process.argv.slice(2),{stdio:"inherit"});process.exit(r.status==null?1:r.status)\n`;
     for (const dir of (process.env.PATH || "").split(path.delimiter)) {
       if (!dir) continue;

package/bin/nub CHANGED Viewed

@@ -1,7 +1,8 @@
 #!/usr/bin/env node
 "use strict";
-// Entry point for the `nub` command. On POSIX this file is replaced by a symlink
-// to the native binary at install time (see postinstall.js); it only executes via
-// Node on Windows or as a fallback. No argv0 override → the child sees the binary's
-// own basename ("nub") and runs the default verb.
+// Entry point for the `nub` command. The package manager links its on-PATH `nub` to
+// this Node launcher (a symlink on npm/bun/yarn, an sh cmd-shim on pnpm). On its first
+// POSIX call, launch.js self-heals that on-PATH entry into a tiny sh trampoline → the
+// native binary, so later calls skip Node entirely (see launch.js). On Windows there
+// is no such fast path and this Node launcher runs on every call.
 require("./launch.js")();

package/bin/nubx CHANGED Viewed

@@ -1,8 +1,8 @@
 #!/usr/bin/env node
 "use strict";
-// Entry point for the `nubx` command (npx-equivalent bin runner). On POSIX this
-// file is replaced by a symlink to the native binary at install time; it only
-// executes via Node on Windows or as a fallback. argv0 "nubx" makes the Rust CLI
-// enter exec mode directly (Argv0::Nubx), identical to the POSIX symlink whose
-// basename is "nubx".
+// Entry point for the `nubx` command (npx-equivalent bin runner). The package manager
+// links its on-PATH `nubx` to this Node launcher; on its first POSIX call launch.js
+// self-heals that entry into a tiny sh trampoline that exec's the platform package's
+// bin/nubx — whose argv[0] basename "nubx" makes the Rust CLI enter exec mode
+// (Argv0::Nubx). On Windows this Node launcher runs every call (no fast path).
 require("./launch.js")("nubx");

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@nubjs/nub",
-  "version": "0.0.22",
+  "version": "0.0.23",
   "description": "TypeScript-first developer supertool — a fast script runner and TS runtime powered by Node.js",
   "license": "MIT",
   "repository": "https://github.com/nubjs/nub",
@@ -14,13 +14,13 @@
     "platform.js"
   ],
   "optionalDependencies": {
-    "@nubjs/nub-darwin-arm64": "0.0.22",
-    "@nubjs/nub-darwin-x64": "0.0.22",
-    "@nubjs/nub-linux-x64": "0.0.22",
-    "@nubjs/nub-linux-x64-musl": "0.0.22",
-    "@nubjs/nub-linux-arm64": "0.0.22",
-    "@nubjs/nub-linux-arm64-musl": "0.0.22",
-    "@nubjs/nub-win32-x64": "0.0.22",
-    "@nubjs/nub-win32-arm64": "0.0.22"
+    "@nubjs/nub-darwin-arm64": "0.0.23",
+    "@nubjs/nub-darwin-x64": "0.0.23",
+    "@nubjs/nub-linux-x64": "0.0.23",
+    "@nubjs/nub-linux-x64-musl": "0.0.23",
+    "@nubjs/nub-linux-arm64": "0.0.23",
+    "@nubjs/nub-linux-arm64-musl": "0.0.23",
+    "@nubjs/nub-win32-x64": "0.0.23",
+    "@nubjs/nub-win32-arm64": "0.0.23"
   }
 }