-
-
Notifications
You must be signed in to change notification settings - Fork 89
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't assume process.env exists in the global scope. #62
base: master
Are you sure you want to change the base?
Conversation
…script to fail on platforms that don't support it.
This is a node module; process.env always exists. A bundler bundling this node module is broken if it doesn't ensure this code works in the target environment. Are you using such a broken bundler? |
Why do other parts of the file do this "typeof process !== 'undefined'" check then? e.g. https://github.com/browserify/node-util/blob/master/util.js#L76 . It seems inconsistent to me.
No, I'm using node-util an a platform that doesn't have process in the global scope. Other than this minor problem all the other code works fine. |
Which platform? |
Hermes https://hermesengine.dev/ . But does it matter? From the description of node-util, it is designed to work in any environment right?
|
Yes, it does matter. node modules can only run unmodified on node - they often use That the file already has a typeof process check does seem to suggest that this change is reasonable, though. |
Co-authored-by: Jordan Harband <[email protected]>
Any news? This package is used by For now, I have to define a |
File a bug on vite, if it’s broken the same way webpack 5 is. A node module bundler must be able to transparently provide browser versions of node core module and globals, including process. |
There is workaround by custom defined I don't think it is a bug of vite, not of But like inspect-js/has-symbols#11 (comment), adding a check here is great. |
It's definitely a bug, because it's talking node modules as input and not providing node globals. In the case of has-symbols, it works identically because it's a language global, available in both node and browsers. In this case, when |
Personally, I don't think polyfilling |
@JounQin i'm aware of that, but it being their design philosophy doesn't prevent it from being wrong. |
@ljharb That's why we're here talking about how to support them. It is said in README:
|
The best way to support them is to advise in the readme how users can fix these broken bundlers' mistakes, and to link them to the relevant issues to help surface the pain it's causing. |
The other Its tempting to just add the check since I don't think anyone has ever used IIRC it's something like this: npm install util process module.exports = {
plugins: [new ProvidePlugin({ process: 'process/browser' })],
resolve: {
fallback: {
process: require.resolve('process/browser'),
util: require.resolve('util/')
}
}
} If there is a webpack plugin that just provides ALL the Node.js builtins that would be ideal… |
I ran across this issue in the following way: Our application uses sinon for browser tests. Sinon has a |
@wagenet that's because |
This comment was marked as abuse.
This comment was marked as abuse.
I am not getting it. What is the potential harm in adding a safe check? |
@parikshit223933 enabling broken tools to work anyways is harmful for the ecosystem; this also adds extra bytes for every user, despite only users of broken tools needing it. |
Your point is 100% valid. Should we remove |
Yes, we probably should - I'm not sure why that check is there. |
This is not a Node module, but rather it's a polyfill of a Node module for the browser. Browser code would really be better distributed as ESM instead of CJS. Then it could be used directly without bundling. At that point it'd make a lot of sense not to assume that |
@benmccann that's its purpose, to be used in a browser, but it has package.json - it's a node module. It's meant to work with bundlers, the standard for which is browserify, which invented the concept. A bundler that deviates from this defacto standard is broken, and it would be harmful to make changes that enable people to use broken bundlers. As for "without building", that's just not feasible in modern web dev, and native ESM is both slower and less fully-featured than CJS, and, since ESM can't be consumed by CJS, but CJS can be consumed by ESM, CJS is the more universal format (assuming a build process exists). |
It's a bit rich to me that you would pick the least used of all bundlers and call it the standard. Just because something's first, doesn't mean that's what the standard is. Today Chrome, Firefox, and Safari set the standards for web browsers. No one goes around screaming that they're breaking standards because they're deviating from the behavior of Nexus and Mosaic. If my memory serves me correctly esbuild, Vite, and Rollup do not polyfill https://npmcharts.com/compare/browserify,vite,webpack,rollup,esbuild |
Webpack 5 no longer does, I believe, which is why it's a huge problem for both users and maintainers (https://blog.sindresorhus.com/webpack-5-headache-b6ac24973bf1 unfortunately no longer loads), and why, I suspect, webpack 4 on npm has 7m downloads a week and webpack 5 has merely 1.6m. esbuild, vite, and rollup making this choice also causes no end of filed issues on projects, and the solution for all of them is "sadly, your bundler forces you to configure it properly instead of doing it by default". CJS is a standard, ESM is not "the" standard - it's just one of multiple. |
webpack 5 actually has more usage than webpack 4. It's just that webpack 5's usage is split amongst several versions while webpack 4's usage is concentrated in the terminal version. E.g. these half a dozen version have over 9m downloads between them:
At this point, I'm not really sure what the argument is for continuing to use |
Thanks, fair point on webpack 5 usage - it's still barely more than half, after being out for 3 years. This is a node module. |
This comment was marked as abuse.
This comment was marked as abuse.
This comment was marked as off-topic.
This comment was marked as off-topic.
This comment was marked as resolved.
This comment was marked as resolved.
I really don't get the part "This is a node module. process.env always exists." when the pack itself specifically says it's for things like "browsers". Logically,
plus
means this package is for non-node environments, which means |
@jerry2013 sure. But a node module bundler is required, and a properly working one polyfills node globals. |
Node module bundlers have already changed how they work. Node.js is not the only special js runtime anymore. |
I get that since the code uses On the other hand, given this package is intended for "non-node" environment, would it be sensible to just remove the "deprecation and debug thing", then replace |
well, removing "deprecate" wholesale would not work. but I did find why the code has the check for process in there (#11) |
@JounQin it was never about it being the "only" one, it's the dominant one and will remain so for the foreseeable future. If you want to use the majority of things that are on npm, then they will be designed for and tested in node (which this package is, ofc), and as such, you need a working node module bundler to use them in a browser, and that will always be the case. @benmccann my experience is that many who have upgraded have done so by fixing the unfortunate decision to not polyfill things by default. |
@ljharb Why are you forcing the new bundlers to compliant with your such only one module? Why a simple |
@JounQin there are many thousands of modules on npm that assume the existence of node globals and core modules, and many of these will never be updated. The existing corpus of npm is what "forces" this form of backwards compatibility, and it's not helping anyone to go complain on individual packages in the hopes that they get you closer to an impossible goal. The only way to make the "whole world happy" is for bundlers to go back to the eternally correct behavior of automatically polyfilling needed things. |
Some platforms may not have process.env in the global scope and this shouldn't prevent util from running. Currently it will thrown an exception on import if process.env doesn't exist.