Closed rschristian closed 2 years ago
I think it's not related the Node.js version, but the @types/node
.
In my tests, put your cursor on webcrypto
, gd
jump to definition to goto ~/Library/Caches/typescript/4.4/node_modules/@types/node/crypto.d.ts
.
Have no idea where this cache file came from, maybe Typescript/tsserver will generate this ?
Having had a bit more time to investigate, this is quite disastrous.
It seems coc-tsserver
grabs the latest definitions from DefinitelyTyped, rather than the actual version in use for all modules. I just skirted a very serious security issue that arose due to being shown a type definition for a function that did not match the version I was using.
While this is a rare situation no doubt, there's absolutely no way to trust the types shown by this extension while automatic type acquisition is enabled at the moment. Definitely would recommend disabling:
tsserver.disableAutomaticTypeAcquisition
Summary
Unfortunately it seems that
coc-tsserver
is using a version of Node that differs from my own, so it offers suggestions and doesn't raise a warning on modules that don't exist in the version of Node in use.Reproduction
Using Node v14.x (or earlier):
import { webcrypto } from 'crypto';
to aindex.mjs
filenode index.mjs
The error is entirely correct,
webcrypto
was added in Node v15.0.0. So why iscoc-tsserver
not showing errors here?I should note that everything works as expected if I try to use a named export that exists in no version of Node, like
foo
:System Information
:CocInfo
output:vim version: NVIM v0.5.1 node version: v14.17.4 coc.nvim version: 0.0.80-7904a9e7df coc.nvim directory: /home/name/.vim/plugged/coc.nvim term: alacritty platform: linux
Node.js provider (optional)
Certainly let me know if I can/should provide more information, I'm just guessing on what might be useful to track this down.