[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Improve webpacking by using webpack-node-externals



On 11/7/23 14:48, Bastien Roucariès wrote:
Le mardi 7 novembre 2023, 10:25:04 UTC Yadd a écrit :
On 11/7/23 13:47, Bastien Roucariès wrote:
Hi,

I believe for a security point of view it is interesting to do dynamic linking of module (aka no packing external module)

I plan to package webpack-node-externals in order to do this

May be automagically using this in dh_nodejs will be nice ?

What do you think ?

Updating policy will be also nice

Bastien

Hi,

it is not easy to replace rollup builds by webpack-style, then I don't
see a way to automatically use your recommendation inside dh-nodejs.

I was thinking to create a webpack wrapper (by changing path before running dh_build) that will capture
--config or default config file and apply json patch in order to add
  externalsPresets: { node: true }, // in order to ignore built-in modules like path, fs, etc.
externals: [nodeExternals()], // in order to ignore all modules in node_modules folder

May be in a first time policy will be suffisant

as a _very partial_ response is implemented in dh-nodejs: when it supposes that there is a potential embed fo JS library, it creates a pkgjs-lock.json file that could permit to detect packages to rebuild in case of security issue.


Reply to: