search

denoland / deno

A modern runtime for JavaScript and TypeScript.
https://deno.com
MIT License
94.57k stars 5.25k forks source link

Vendored npm dependencies fail while offline. #24322

Open Faeranne opened 3 months ago

Faeranne commented 3 months ago

Version: Deno 1.44.4

I'm attempting to build a Lume site inside nix, and have been trying to use vendor and node_modules as an alternative to storing the deno cache. To make builds deterministic, Nix blocks builders from accessing the network unless they specify a hash that matches their output. Since the deno cache stores headers, this isn't a path that I can take. But for some reason, when offline and without a cache, whether through the Nix builder, or by turning off my network access and clearing the cache folder, Deno seems to ignore the node_modules folder entirely, and re-attempts downloading through NPM, which immediately fails. While online, it seems to have 0 issue, and doesn't seem to attempt to even connect to NPM, though it does make a single dns request. I've also noticed that I get the error failed reading lockfile while offline, but again it's fine when online.

I've attempted multiple combinations of arguments to try and get this to behave, but the one that I would assume covers the most ground is deno cache --vendor --lock=deno.lock https://deno.land/x/lume@v2.2.2/cli.ts Assuming DENO_DIR is set, I can run this in a completely empty directory, delete the cache folder, turn off the internet, and be greeted with the above error and a cache folder with only a single empty npm folder. This seems to suggest that deno is vendoring the non-npm dependencies just fine, but is refusing to check the node_modules/.deno until it makes a dns request to the npm registry?

dsherret commented 3 months ago

Assuming DENO_DIR is set, I can run this in a completely empty directory, delete the cache folder, turn off the internet, and be greeted with the above error and a cache folder with only a single empty npm folder. This seems to suggest that deno is vendoring the non-npm dependencies just fine, but is refusing to check the node_modules/.deno until it makes a dns request to the npm registry?

Yes, Deno needs the npm package information from the global cache in order to get stuff like what system a certain npm package is for, if it has any bin entries, etc.

Probably the upcoming "bring your own node_modules" support would be useful for you and will cause it to only use the local node_modules folder as is, but you'll need to run a separate npm install command with a package.json to set it up: https://docs.deno.com/runtime/manual/tools/unstable_flags#--unstable-byonm (this will be the default in Deno 2.0 and there will be a deno install command)

Faeranne commented 3 months ago

Is there any way to get Deno to generate a package.json file? Nix has ways to pre-install the node_modules folder if a package.json is already required, and the vendor folder seems pretty straight-forward to create from the deno.lock, but gathering every required npm package from something like Lume (where the imports are often interwoven with logic) is extremely time-consuming. If it's possible to make the package.json on-the-fly, this would 100% resolve the issue in question.