npm - @secure-exec/core - Versions diffs - 0.3.0-rc.1 → 0.3.0-rc.2 - Mend

@secure-exec/core 0.3.0-rc.1 → 0.3.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/node-runtime.d.ts CHANGED Viewed

@@ -76,6 +76,38 @@ export interface NodeRuntimeCreateOptions {
      * ```
      */
     mounts?: HostDirectoryMount[];
+    /**
+     * Mount a host `node_modules` directory into the VM in one call so guest
+     * `import`/`require` resolve real, host-installed npm packages.
+     *
+     * Pass the absolute host path to a `node_modules` directory (or an object
+     * with that path and an explicit guest location). The whole directory is
+     * projected lazily, Docker-style, at a guest `node_modules` on the resolution
+     * path, so any package inside it resolves the way Node would over a real
+     * filesystem (ancestor `node_modules` walk, `exports`/conditions, symlinks).
+     * This is the ergonomic alternative to wiring up individual `mounts` entries
+     * per package.
+     *
+     * By default the directory is mounted at `/tmp/node_modules`, which is where
+     * the resolution walk for a program run by {@link NodeRuntime.exec} /
+     * {@link NodeRuntime.run} begins (each program is written under `/tmp`). Pass
+     * the object form with `guestPath` to mount it elsewhere on a different
+     * module's resolution path.
+     *
+     * ```ts
+     * const rt = await NodeRuntime.create({
+     *   nodeModules: "/abs/path/to/project/node_modules",
+     * });
+     * await rt.exec(`
+     *   import isNumber from "is-number";
+     *   console.log(isNumber(42));
+     * `);
+     * ```
+     *
+     * The host filesystem is never exposed beyond the mounted `node_modules`
+     * subtree. The mount is read-only.
+     */
+    nodeModules?: string | NodeModulesMount;
     /**
      * Host-side tools the guest can invoke as shell commands. Each entry is
      * registered as a named guest command; when the guest runs it, the
@@ -138,6 +170,21 @@ export interface HostDirectoryMount {
     /** Mount read-only (the default). Pass `false` to allow guest writes. */
     readOnly?: boolean;
 }
+/**
+ * Object form of the `nodeModules` create option: a host `node_modules`
+ * directory to project, optionally at an explicit guest path. The string form
+ * (`nodeModules: "/abs/node_modules"`) is shorthand for `{ hostPath }`.
+ */
+export interface NodeModulesMount {
+    /** Absolute host `node_modules` directory to project (read lazily). */
+    hostPath: string;
+    /**
+     * Absolute guest path to mount it at. Defaults to `/tmp/node_modules`, where
+     * the resolution walk for {@link NodeRuntime.exec} / {@link NodeRuntime.run}
+     * programs begins. Override to put it on a different module's resolution path.
+     */
+    guestPath?: string;
+}
 /** Result of {@link NodeRuntime.exec}. */
 export interface NodeRuntimeExecResult {
     stdout: string;

package/dist/node-runtime.js CHANGED Viewed

@@ -45,6 +45,8 @@ const DEFAULT_PERMISSIONS = {
     env: "allow",
     network: "deny",
 };
+/** Guest path a `nodeModules` mount is projected at by default. */
+const DEFAULT_NODE_MODULES_GUEST_PATH = "/tmp/node_modules";
 let nextProgramId = 0;
 /**
  * Ergonomic, batteries-included runtime for executing guest JavaScript.
@@ -81,7 +83,21 @@ export class NodeRuntime {
         // Project host directories into the VM, Docker-style. NodeFileSystem
         // reads lazily through the VFS so large trees never traverse the
         // protocol frame as a single blob.
-        const mounts = (options.mounts ?? []).map((mount) => ({
+        const hostMounts = [...(options.mounts ?? [])];
+        // The `nodeModules` helper is sugar over a single host directory mount:
+        // project the whole host `node_modules` at a guest `node_modules` on the
+        // resolution path so any package inside resolves like real Node would.
+        if (options.nodeModules !== undefined) {
+            const nodeModules = typeof options.nodeModules === "string"
+                ? { hostPath: options.nodeModules }
+                : options.nodeModules;
+            hostMounts.push({
+                guestPath: nodeModules.guestPath ?? DEFAULT_NODE_MODULES_GUEST_PATH,
+                hostPath: nodeModules.hostPath,
+                readOnly: true,
+            });
+        }
+        const mounts = hostMounts.map((mount) => ({
             path: mount.guestPath,
             fs: new NodeFileSystem({ root: mount.hostPath }),
             readOnly: mount.readOnly ?? true,

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@secure-exec/core",
-	"version": "0.3.0-rc.1",
+	"version": "0.3.0-rc.2",
 	"type": "module",
 	"license": "Apache-2.0",
 	"main": "./dist/index.js",
@@ -183,7 +183,7 @@
 		"test": "vitest run"
 	},
 	"dependencies": {
-		"@secure-exec/sidecar": "0.3.0-rc.1",
+		"@secure-exec/sidecar": "0.3.0-rc.2",
 		"@rivetkit/bare-ts": "^0.6.2"
 	},
 	"devDependencies": {