phylum-dev / cli

Command line interface for the Phylum API
https://phylum.io
GNU General Public License v3.0
103 stars 11 forks source link

Disable sandbox for extension lockfile generation #1292

Closed cd-work closed 11 months ago

cd-work commented 11 months ago

Currently the lockfile generation sandbox does not spawn a separate process, thus enabling the sandbox for the calling process directly. Since extensions might be doing other things after generating the lockfile for a manifest, this could prevent them from operating correctly.

This patch removes the sandboxing for lockfile generation when calling parseLockfile from an extension. In the future it should be possible to enable this again by spawning a separate process for lockfile generation.