Le mardi 7 novembre 2023, 10:25:04 UTC Yadd a écrit : > On 11/7/23 13:47, Bastien Roucariès wrote: > > Hi, > > > > I believe for a security point of view it is interesting to do dynamic linking of module (aka no packing external module) > > > > I plan to package webpack-node-externals in order to do this > > > > May be automagically using this in dh_nodejs will be nice ? > > > > What do you think ? > > > > Updating policy will be also nice > > > > Bastien > > Hi, > > it is not easy to replace rollup builds by webpack-style, then I don't > see a way to automatically use your recommendation inside dh-nodejs. I was thinking to create a webpack wrapper (by changing path before running dh_build) that will capture --config or default config file and apply json patch in order to add externalsPresets: { node: true }, // in order to ignore built-in modules like path, fs, etc. externals: [nodeExternals()], // in order to ignore all modules in node_modules folder May be in a first time policy will be suffisant > > To implement dynamic linking in rollup builds, we just need to manage > @rollup/plugin-node-resolve configuration. > > Cheers, > Yadd > >
Attachment:
signature.asc
Description: This is a digitally signed message part.