From 3f5138184a48b69893b7050577c9ea3ac31eab8b Mon Sep 17 00:00:00 2001 From: Evan Wallace Date: Fri, 3 Mar 2023 17:05:11 -0500 Subject: [PATCH] fix #2964: install script reads version from file --- lib/npm/node-install.ts | 10 +++++----- scripts/esbuild.js | 7 +++++-- 2 files changed, 10 insertions(+), 7 deletions(-) diff --git a/lib/npm/node-install.ts b/lib/npm/node-install.ts index 4ebccd42b12..50d1ca21d4d 100644 --- a/lib/npm/node-install.ts +++ b/lib/npm/node-install.ts @@ -7,7 +7,7 @@ import zlib = require('zlib') import https = require('https') import child_process = require('child_process') -declare const ESBUILD_VERSION: string +const versionFromPackageJSON: string = require(path.join(__dirname, 'package.json')).version const toPath = path.join(__dirname, 'bin', 'esbuild') let isToPathJS = true @@ -48,8 +48,8 @@ which means the "esbuild" binary executable can't be run. You can either: } throw err } - if (stdout !== ESBUILD_VERSION) { - throw new Error(`Expected ${JSON.stringify(ESBUILD_VERSION)} but got ${JSON.stringify(stdout)}`) + if (stdout !== versionFromPackageJSON) { + throw new Error(`Expected ${JSON.stringify(versionFromPackageJSON)} but got ${JSON.stringify(stdout)}`) } } @@ -115,7 +115,7 @@ function installUsingNPM(pkg: string, subpath: string, binPath: string): void { // command instead of a HTTP request so that it hopefully works in situations // where HTTP requests are blocked but the "npm" command still works due to, // for example, a custom configured npm registry and special firewall rules. - child_process.execSync(`npm install --loglevel=error --prefer-offline --no-audit --progress=false ${pkg}@${ESBUILD_VERSION}`, + child_process.execSync(`npm install --loglevel=error --prefer-offline --no-audit --progress=false ${pkg}@${versionFromPackageJSON}`, { cwd: installDir, stdio: 'pipe', env }) // Move the downloaded binary executable into place. The destination path @@ -218,7 +218,7 @@ function maybeOptimizePackage(binPath: string): void { async function downloadDirectlyFromNPM(pkg: string, subpath: string, binPath: string): Promise { // If that fails, the user could have npm configured incorrectly or could not // have npm installed. Try downloading directly from npm as a last resort. - const url = `https://registry.npmjs.org/${pkg}/-/${pkg.replace('@esbuild/', '')}-${ESBUILD_VERSION}.tgz` + const url = `https://registry.npmjs.org/${pkg}/-/${pkg.replace('@esbuild/', '')}-${versionFromPackageJSON}.tgz` console.error(`[esbuild] Trying to download ${JSON.stringify(url)}`) try { fs.writeFileSync(binPath, extractFileFromTarGzip(await fetch(url), subpath)) diff --git a/scripts/esbuild.js b/scripts/esbuild.js index 731e3f8c7fb..07b3514d74b 100644 --- a/scripts/esbuild.js +++ b/scripts/esbuild.js @@ -1,6 +1,5 @@ const childProcess = require('child_process') const path = require('path') -const zlib = require('zlib') const fs = require('fs') const os = require('os') @@ -24,7 +23,11 @@ const buildNeutralLib = (esbuildPath) => { '--outfile=' + path.join(npmDir, 'install.js'), '--bundle', '--target=' + nodeTarget, - '--define:ESBUILD_VERSION=' + JSON.stringify(version), + // Note: https://socket.dev have complained that inlining the version into + // the install script messes up some internal scanning that they do by + // making it seem like esbuild's install script code changes with every + // esbuild release. So now we read it from "package.json" instead. + // '--define:ESBUILD_VERSION=' + JSON.stringify(version), '--external:esbuild', '--platform=node', '--log-level=warning',