esm.sh
esm.sh copied to clipboard
esm-dev
Issues running esm.sh in a restricted environement
Hi, I'm trying to run esm.sh in a security-restricted environment with yarn, an internal (Artifactory) registry and connection to the outside internet severely restricted / proxied. I was able to make it work by slightly modifying the code. I'm not sure if the modifications make sense and if you plan to provide a way to configure some of the options that are currently preventing the server from running in certain conditions, but here's a list of what I did to run it. If you have a better way of doing this, could you please let me know?
yarnAdd doesn't follow the registry specified with yarn config set registry
My yarn configuration has registry set to an internal Artifactory instance. esm.sh, though, seems to hit the default registry, ignoring the configuration. I traced this back to the "--no-default-rc" option set in the yarnAdd function. By just commenting the option out, I was able to make esm.sh follow the configuration.
startNodeServices doesn't follow the registry specified with yarn config set registry
Similarly, the yarn add command won't follow the yarn configuration for some reason. If I rig it to use the modified yarnAdd function in the previous issue, it works.
if getDenoStdVersion fails, it will kill the server
In my particular case, I don't need the deno target. If esm.sh tries to hit deno.land to get the latest version and the URL is not reachable, the server will die. I fixed this by modifying the existing log.Fatalf("getDenoStdVersion: %v", err) line with log.Warnf("getDenoStdVersion: %v", err), it will warn that the it can't verify the latest deno version but run fine othwerwise. The node check will kill the server in a similar way, but I found out that just installing the right version of node (v16) will be sufficient for the server to not check.
some http requests won't follow HTTP_PROXY / HTTPS_PROXY
I didn't investigate it too much since I need to run the server in a strict configuration where it can reach only the internal registry, but it seems the httpClient instance you use in some places in the code doesn't honour the HTTP_PROXY environment variable in a situation where connections to the outside internet are proxied. If I instead use the default http.Get, it will proxy without problems.
I'm also running in a restricted environment. I'm using .npmrc for anything other than yarnAdd, which needs this fix https://github.com/esm-dev/esm.sh/pull/310
Also, if your environment is anything like mine, this might help https://github.com/esm-dev/esm.sh/pull/314
@cristiano-belloni I'd be curious if either of the previous merges, and npmrc suggestion, helped? if so what's left?
@cristiano-belloni I'd be curious if either of the previous merges, and npmrc suggestion, helped? if so what's left?
Just tried them, they helped with the first two points. Still have the getDenoStdVersion problem (-> should work with just the npm internal registry if we can't connect to the deno site) and the last point (-> env variable proxy not honoured when doing some http Gets).
You might have the fix for getDenoStdVersion, have you considered a pull request?
As far as the httpClient, that's a standard Go library client. The problem seems to be that it overrides the Transport, where as the standard Go library's DefaultTransport has support for a proxy environment. It's possible that it just needs this configured for httpClient:
Proxy: http.ProxyFromEnvironment,
You might have the fix for
getDenoStdVersion, have you considered a pull request?
I have created a very small one here: https://github.com/esm-dev/esm.sh/pull/327