Conversation
naugtur
force-pushed
the
naugtur/noble-dual-module-test
branch
from
af5caf7 to
47864ca
Compare
Member
Author
|
As an experiment, I've told agent to debug this, gave it suggestions where to look and coerced a summary. Edit: it was incorrect :D ai debugging outcomeBug Analysis: ESM/CJS Dual Package Export ResolutionIssueThe test Root CauseThe {
"exports": {
"./sha2": {
"import": "./esm/sha2.js",
"require": "./sha2.js"
}
}
}The compartment-mapper incorrectly:
Key Findings1. Condition Set Always Includes "import"In conditions.add('import');This causes the 2. Export Resolution Selects ESM PathIn for (const [key, value] of entries(exports)) {
// ...
} else if (conditions.has(key)) {
yield* interpretExports(name, value, conditions);
break; // Takes first matching condition
}
}Since 3. Parser Selection Uses package.json "type" FieldIn if (type === 'module' || module !== undefined) {
return { ...moduleLanguageForExtension, ... }; // js -> mjs
}
// ...
return { ...commonjsLanguageForExtension, ... }; // js -> cjs (default)Since 4. The
|
naugtur
changed the title
naugtur
force-pushed
the
naugtur/noble-dual-module-test
branch
from
5a6802e to
9898d34
Compare
…kage.json exports
naugtur
force-pushed
the
naugtur/noble-dual-module-test
branch
from
9898d34 to
691b217
Compare
boneskull
approved these changes
Jan 20, 2026
Member
boneskull
left a comment
boneskull
left a comment
There was a problem hiding this comment.
I think this looks right. Should we be doing something similar with the require key or ..?
Member
Author
The way the ecosystem settled, things default to cjs. (that's why the test in this PR was initially throwing an error that it found ESM syntax in CJS module) |
🦋 Changeset detectedLatest commit: 6a4d121 The changes in this PR will be included in the next version bump. This PR includes changesets to release 7 packages
Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
…et description Introduces a signal to infer ESM module type from import key in package.json exports.
Member
Author
|
Improved the changeset. Ready to merge. |
Merged
boneskull
added a commit
that referenced
this pull request
Feb 26, 2026
This PR was opened by the [Changesets release](https://github.com/changesets/action) GitHub action. When you're ready to do a release, you can merge this and publish to npm yourself or [setup this action to publish automatically](https://github.com/changesets/action#with-publishing). If you're not ready to do a release yet, that's fine, whenever you add more changesets to master, this PR will be updated. # Releases ## @endo/compartment-mapper@2.0.0 ### Major Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - **Breaking:** `CompartmentMapDescriptor` no longer has a `path` property. - **Breaking:** `CompartmentMapDescriptor`'s `label` property is now a _canonical name_ (a string of one or more npm package names separated by `>`). - **Breaking:** The `CompartmentMapDescriptor` returned by `captureFromMap()` now uses canonical names as the keys in its `compartments` property. - Breaking types: `CompartmentMapDescriptor`, `CompartmentDescriptor`, `ModuleConfiguration` (renamed from `ModuleDescriptor`) and `ModuleSource` have all been narrowed into discrete subtypes. - `captureFromMap()`, `loadLocation()` and `importLocation()` now accept a `moduleSourceHook` option. This hook is called when processing each module source, receiving the module source data (location, language, bytes, or error information) and the canonical name of the containing package. - `captureFromMap()` now accepts a `packageConnectionsHook` option. This hook is called for each retained compartment with its canonical name and the set of canonical names of compartments it links to (its connections). Useful for analyzing or visualizing the dependency graph. - `mapNodeModules()`, `loadLocation()`, `importLocation()`, `makeScript()`, `makeFunctor()`, and `writeScript()` now accept the following hook options: - `unknownCanonicalNameHook`: Called for each canonical name mentioned in policy but not found in the compartment map. Useful for detecting policy misconfigurations. - `packageDependenciesHook`: Called for each package with its set of dependencies. Can return partial updates to modify the dependencies, enabling dependency filtering or injection based on policy. - `packageDataHook`: Called once with data about all packages found while crawling `node_modules`, just prior to creation of a compartment map. - When dynamic requires are enabled via configuration, execution now takes policy into consideration when no other relationship (for example, a dependent/dependee relationship) between two Compartments exists. When policy explicitly allows access from package _A_ to _B_ and _A_ dynamically requires _B_ (via absolute path or otherwise), the operation will succeed. This can occur _if and only if_ dynamic requires are enabled _and_ a policy is provided. - Improved error messaging for policy enforcement failures. ### Patch Changes - [#3055](#3055) [`81b4c40`](81b4c40) Thanks [@naugtur](https://github.com/naugtur)! - - Introduces additional signal to consider an export from a package an ESM module when it's selected via an `import` key in `exports` in package.json in case no other indication of it being an ESM module is present. - Updated dependencies \[[`2e00276`](2e00276), [`a29ecd4`](a29ecd4), [`a7d3d26`](a7d3d26), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/module-source@1.4.0 - @endo/zip@1.1.0 ## @endo/bundle-source@4.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - [#3083](#3083) [`644ab15`](644ab15) Thanks [@turadg](https://github.com/turadg)! - Fix bundle cache corner cases, improve cache-root validation, and clarify CLI docs for `endoScript` bundle format. - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`a2c32ec`](a2c32ec), [`81b4c40`](81b4c40)]: - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/promise-kit@1.2.0 - @endo/init@1.1.13 - @endo/evasive-transform@2.1.0 ## @endo/captp@4.5.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/marshal@1.9.0 - @endo/nat@5.2.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/check-bundle@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`81b4c40`](81b4c40)]: - @endo/errors@1.3.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 ## @endo/common@1.3.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - Deprecates this package's support for the checkFoo/assertCheck pattern (`Checker`, `identChecker`) in favor of the confirm/reject pattern supported by @endo/errors/rejector.js. - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/errors@1.3.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Exports `assert.details` under its own name (i.e., `details`). - `hideAndHardenFunction` - If a function `foo` is first frozen with `hideAndHardenFunction(foo)` rather than `freeze(foo)` or `harden(foo)`, then `foo.name` is changed from `'foo'` to `'__HIDE_foo'`. When `stackFiltering: 'concise'` or `stackFiltering: 'omit-frames'`, then (currently only on v8), the stack frames for that function are omitted from the stacks reported by our causal console. - The new `Rejector` type supports the confirmFoo/reject pattern: ```js @import {FAIL, hideAndHardenFunction} from '@Endo@errors'; @import {Rejector} from '@endo/errors/rejector.js'; const confirmFoo = (specimen, reject: Rejector) => test(specimen) || reject && reject`explanation of what went wrong`; export const isFoo = specimen => confirmFoo(specimen, false); hideAndHardenFunction(isFoo); export const assertFoo = specimen => { confirmFoo(specimen, FAIL); }; hideAndHardenFunction(assertFoo); ``` Both `false` and `Fail` satisfy the `Rejector` type. We also deprecate the old checkFoo/assertChecker pattern from @endo/common. The exported `isFoo` and `assertFoo` behave the same as they had when then they were using the checkFoo/assertChecker pattern, but are now internally faster and clearer. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/evasive-transform@2.1.0 ### Minor Changes - [#3026](#3026) [`a2c32ec`](a2c32ec) Thanks [@naugtur](https://github.com/naugtur)! - - Add meaning-preserving transformation of expressions and literals containing content that would otherwise be rejected by SES for looking like dynamic import or HTML-like comments. Previously only comments were transformed. Use `onlyComments` option to opt-out of the new behavior. ## @endo/eventual-send@1.4.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`029dcc4`](029dcc4)]: - @endo/harden@1.1.0 ## @endo/exo@1.6.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`98f77e9`](98f77e9), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`c488503`](c488503), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/pass-style@1.7.0 ## @endo/harden@1.1.0 ### Minor Changes - [#3008](#3008) [`029dcc4`](029dcc4) Thanks [@kriskowal](https://github.com/kriskowal)! - - Introduces `@endo/harden`, providing a `harden` implementation that works both inside and outside HardenedJS. - Supports the `hardened` and `harden:unsafe` build conditions to select hardened-environment and no-op behaviors. - Detects pre-lockdown use of `harden` so `lockdown()` fails with a helpful error instead of leaving modules incorrectly hardened. All notable changes to this project will be documented in this file. See [Conventional Commits](https://conventionalcommits.org) for commit guidelines. ## @endo/import-bundle@1.6.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 ## @endo/lp32@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/stream@1.3.0 ## @endo/marshal@1.9.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/nat@5.2.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/memoize@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/module-source@1.4.0 ### Minor Changes - [#3008](#3008) [`a7d3d26`](a7d3d26) Thanks [@kriskowal](https://github.com/kriskowal)! - - Transitively freezes the properties of `ModuleSource` constructors and instances without requiring lockdown, for greater safety against supply-chain-attack. `ModuleSource`, particularly through the `@endo/module-source/shim.js`, necessarily runs before `lockdown` is called (if ever) and cannot rely on `harden`, so must preemptively transitively freeze its properties to be a hardened module, regardless of whether `lockdown` is ever called. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## @endo/nat@5.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ## @endo/netstring@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/promise-kit@1.2.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/pass-style@1.7.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - - Deprecates `assertChecker`. Use `Fail` in the confirm/reject pattern instead, as supported by `@endo/errors/rejector.js`. - Enables `passStyleOf` to make errors passable as a side-effect when SES locks down with `hardenTaming` set to `unsafe`, which impacts errors on V8 starting with Node.js 21, and similar engines, that own a `stack` getter and setter that would otherwise be repaired as a side-effect of `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/patterns@1.8.0 ### Minor Changes - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - `@endo/patterns` now exports a new `getNamedMethodGuards(interfaceGuard)` that returns that interface guard's record of method guards. The motivation is to support interface inheritance expressed by patterns like ```js const I2 = M.interface('I2', { ...getNamedMethodGuards(I1), doMore: M.call().returns(M.any()), }); ``` See `@endo/exo`'s `exo-wobbly-point.test.js` to see it in action together with an experiment in class inheritance. - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - [#3082](#3082) [`98f77e9`](98f77e9) Thanks [@boneskull](https://github.com/boneskull)! - The `sloppy` option for `@endo/patterns` interface guards is deprecated. Use `defaultGuards` instead. - [#3065](#3065) [`c488503`](c488503) Thanks [@gibson042](https://github.com/gibson042)! - - `containerHasSplit` now hardens its output(s) when working with copyArrays, ensuring that each output is itself a copyArray instance. - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`2e00276`](2e00276), [`d83b1ab`](d83b1ab), [`98f77e9`](98f77e9)]: - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/common@1.3.0 - @endo/eventual-send@1.4.0 - @endo/marshal@1.9.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 ## @endo/promise-kit@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4)]: - ses@1.15.0 - @endo/harden@1.1.0 ## ses@1.15.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Adds `assert.makeError` and deprecates `assert.error` as an alias, matching the API already exported from `@endo/errors`. - Before this version, the `assert` left in global scope before `lockdown` would redact errors and would be replaced by `lockdown` with a version that did _not_ redact errors if the caller opted-in with `errorTaming` set to one of the `unsafe` variants. After this version, the reverse is true: the `assert` left in global scope before `lockdown` does not redact. Then, `lockdown` replaces `assert` with a redacting `assert` unless the caller opted-out with `errorTaming` set to one of the `unsafe` variants. - [#3008](#3008) [`a29ecd4`](a29ecd4) Thanks [@kriskowal](https://github.com/kriskowal)! - - `lockdown` and `repairIntrinsics` now detect when code has already called a `harden` imported from `@endo/harden` before lockdown, and fail with a clear error about hardened modules executing before lockdown. - Adds `Object[Symbol.for('harden')]` as a variant of `globalThis.harden` that cannot be overridden by an endowment named `harden` in compartments. ## @endo/ses-ava@1.4.0 ### Minor Changes - [#3082](#3082) [`2e00276`](2e00276) Thanks [@boneskull](https://github.com/boneskull)! - - Introduces a `ses-ava` command for running tests with multiple AVA configurations. - Adds an `@endo/ses-ava/test.js` module for getting a `test` function appropriate for your configuration. - Adds an `@endo/ses-ava/prepare-endo-config.js` module suitable for use in the `require` clause of an AVA configuration, such that `@endo/ses-ava/test.js` exports a wrapped SES-AVA `test` function. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/init@1.1.13 ## @endo/stream@1.3.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab)]: - ses@1.15.0 - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/stream-node@1.2.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/harden@1.1.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/zip@1.1.0 ### Minor Changes - [#3008](#3008) [`d83b1ab`](d83b1ab) Thanks [@kriskowal](https://github.com/kriskowal)! - - Relaxes dependence on a global, post-lockdown `harden` function by taking a dependency on the new `@endo/harden` package. Consequently, bundles will now entrain a `harden` implementation that is superfluous if the bundled program is guaranteed to run in a post-lockdown HardenedJS environment. To compensate, use `bundle-source` with `-C hardened` or the analogous feature for packaging conditions with your preferred bundler tool. This will hollow out `@endo/harden` and defer exclusively to the global `harden`. ## @endo/init@1.1.13 ### Patch Changes - [#3085](#3085) [`b8b52ce`](b8b52ce) Thanks [@copilot-swe-agent](https://github.com/apps/copilot-swe-agent)! - Move async_hooks patch to dedicated entrypoint for Node.js 24 compatibility The async_hooks patch was originally added in #1115 to address debugger issues (#1105) for local debugging of Node.js processes in lockdown mode. However, the patch is breaking in Node.js 24, and it's unclear whether it's still necessary in Node.js 20+. To maintain backward compatibility while fixing the Node.js 24 breakage, the patch has been moved from the default import path to a new dedicated entrypoint `@endo/init/debug-async-hooks.js`. This allows users who need the async_hooks patch for debugging in older Node.js versions to opt-in explicitly, while preventing breakage for users on Node.js 24+. If you were relying on the async_hooks patch, import `@endo/init/debug-async-hooks.js` instead of `@endo/init/debug.js`. Note that this entrypoint may not work correctly in Node.js 24+. - Updated dependencies \[[`029dcc4`](029dcc4), [`d83b1ab`](d83b1ab)]: - @endo/harden@1.1.0 - @endo/eventual-send@1.4.0 - @endo/promise-kit@1.2.0 ## @endo/cli@2.3.12 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`644ab15`](644ab15), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`c488503`](c488503), [`98f77e9`](98f77e9), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/bundle-source@4.2.0 - @endo/eventual-send@1.4.0 - @endo/exo@1.6.0 - @endo/import-bundle@1.6.0 - @endo/pass-style@1.7.0 - @endo/promise-kit@1.2.0 - @endo/stream-node@1.2.0 - @endo/init@1.1.13 - @endo/daemon@2.5.2 ## @endo/daemon@2.5.2 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`98f77e9`](98f77e9), [`2e00276`](2e00276), [`029dcc4`](029dcc4), [`a29ecd4`](a29ecd4), [`98f77e9`](98f77e9), [`d83b1ab`](d83b1ab), [`b8b52ce`](b8b52ce), [`c488503`](c488503), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/errors@1.3.0 - @endo/patterns@1.8.0 - @endo/compartment-mapper@2.0.0 - @endo/harden@1.1.0 - @endo/captp@4.5.0 - @endo/eventual-send@1.4.0 - @endo/exo@1.6.0 - @endo/import-bundle@1.6.0 - @endo/marshal@1.9.0 - @endo/netstring@1.1.0 - @endo/promise-kit@1.2.0 - @endo/stream-node@1.2.0 - @endo/stream@1.3.0 - @endo/init@1.1.13 ## @endo/test262-runner@0.1.49 ### Patch Changes - Updated dependencies \[[`2e00276`](2e00276), [`2e00276`](2e00276), [`a29ecd4`](a29ecd4), [`81b4c40`](81b4c40)]: - ses@1.15.0 - @endo/compartment-mapper@2.0.0
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
importfieldThe way it fixes the test is not exactly matching what node.js would do in the same situation.
Node.js loads the file in
package.json->exports['./sha2'].requirebut Endo loads the one frompackage.json->exports['./sha2'].import.All this fix is doing is correcting the module type inference for
package.json->exportsin general.Changing the behavior of selecting import vs require could happen elsewhere, but it seems unimportant in Endo (until we find a package that ships breaking changes in one version across esm and cjs variants)