Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

esbuild tries to read ".." #2261

Closed
nmattia opened this issue May 21, 2022 · 5 comments
Closed

esbuild tries to read ".." #2261

nmattia opened this issue May 21, 2022 · 5 comments

Comments

@nmattia
Copy link

nmattia commented May 21, 2022

I'm running esbuild with restricted access on macOS, where esbuild does not have access to anything outside of the current directory. Running esbuild then crashes because it tries to read the parent directory, even though it's only supposed to read app.jsx:

$ /usr/bin/sandbox-exec -f profile.sb ./node_modules/.bin/esbuild app.jsx
✘ [ERROR] Cannot read directory "..": operation not permitted

1 error

where the sandbox profile is:

(version 1)
(allow default)
(allow network*)
(deny file* (subpath "/Users/user"))
(allow file-read-metadata (subpath "/Users/user"))
(allow file* (subpath "/Users/user/project"))
(deny file* (subpath "/Applications"))
(deny file* (subpath "/Users/user/Applications"))
(allow file* (subpath "/Users/user/Library/Application Support"))
@hyrious
Copy link

hyrious commented May 22, 2022

This is because esbuild needs to know package.json and tsconfig.json to resolve files and adjust behaviors. For example, package.json#imports and tsconfig#path can add extra resolve rules, package.json#type can change cjs interop behavior to node or babel.

@evanw
Copy link
Owner

evanw commented May 22, 2022

If you want to just read that file, you can use the transform API instead: https://esbuild.github.io/api/#transform-api. This means using cat app.jsx | esbuild on the command line.

@nmattia
Copy link
Author

nmattia commented May 23, 2022
edited

Thanks for the quick reply!

I should have clarified, I do have both a package.json and a tsconfig.json in ., so esbuild shouldn't need to go look for them in ... But maybe I'm using the command wrong, and there's a --no-discovery option or something? Also, shouldn't esbuild just abort the search if .. is not readable?

@evanw
Copy link
Owner

evanw commented May 25, 2022

The reason that the parent directories are traversed ahead of time is because esbuild caches parent directory lookups for speed. You can read more about that in this thread: #938.

Thank you very much for providing an easy way to reproduce the problem. I have already fixed an issue like yours in the past here: #942. But that case raised EACCES while your case is raising EPERM instead. It should be straightforward to fix this by adding a check for EPERM (and then treating such directories as empty).

@evanw evanw closed this as completed in 18657e0 May 25, 2022
@nmattia
Copy link
Author

nmattia commented May 30, 2022

Thanks for the fix!

@nmattia nmattia mentioned this issue Jul 18, 2022
Closed
7 tasks
@hrishikesh-k hrishikesh-k mentioned this issue Aug 8, 2022
Closed
@nmattia nmattia mentioned this issue Nov 4, 2022
Closed
@dragoon4890 dragoon4890 mentioned this issue May 26, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@evanw @nmattia @hyrious