Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
feat(api-server): ability to install plugins at runtime #764
The API server will now use npm as a dependency to install plugin packages before trying to import them (via require()) This is helpful in being able to ship a container image that contains the API server and does not need additional chores to be done in order to be able to use plugins (such as starting a new node package with its own dependencies). The security implications here are of course that we are pulling code form the internet at runtime and if npm's verification method for the code fails or if the plugin package is malicious to begin with then that's a full breach but these were security implications of the plugin architecture to begin with so there is not much additional that we can probably do here apart from a few addditional guard rails to protect users from themselves by maybe always requiring explicit versions so that auto-upgrade is out of the question. Fixes #764 Signed-off-by: Peter Somogyvari <[email protected]>
- Loading branch information
