deno: šŸ› `deno` v1.13 breaks shims using `--allow-plugin`

With the change in v1.13 from --allow-plugin to --allow-ffi (PR #11152), prior shims using --allow-plugin are now brokenā€¦

error: Found argument '--allow-plugin' which wasn't expected, or isn't valid in this context
        Did you mean --allow-run?

USAGE:
    deno run <SCRIPT_ARG>... --allow-env=<allow-env> --allow-net=<allow-net> --allow-read=<allow-read> --allow-run=<allow-run> --allow-write=<allow-write>

For more information try --help

IMO, --allow-plugin should have been deprecated but allowed until a later date (maybe v2). Changing the command line API like this can suddenly break working setups (as it did mine). To me, this seems to be the definition of a semver API change requiring a major version update.

About this issue

  • Original URL
  • State: closed
  • Created 3 years ago
  • Comments: 23 (20 by maintainers)

Commits related to this issue

Most upvoted comments

Opened #13325

+2
dsherret on Jan 10, 2022

If you have -A and that expands to include --allow-run what precisely could a future flag add that would be more powerful than --allow-run?

I get what it is trying to do, but I donā€™t think itā€™s reasonable. If a user says they want -A then we should trust they want -A. (Maybe we can print a warning to say ā€œyou installed with -A but we strongly recommend enumerating the permissionsā€¦ā€)

+2
hayd on Aug 31, 2021

@MarkTiedemann , thanks for taking the time to look at this issue.

I do feel that Iā€™m not correctly communicating the problem to you; Iā€™ll try to restate it and improve my explanationā€¦

I understand that --unstable is necessary to use the unstable APIs. I also understand that people who want to use them are knowingly buying into the unstable API with all that entails. Iā€™m not complaining or concerned about the proper use of the unstable command line flags by devs using an unstable API.

But the important point here is that deno, during ordinary usage, is adding the unstable --allow-plugin (and --allow-ffi?) command line flag to all app shims installed using deno install -A ...; eg, here is what deno install -A ... createsā€¦

% generated by deno install %
@deno "run" "--allow-read" "--allow-write" "--allow-net" "--allow-env" "--allow-run" "--allow-plugin" "--allow-hrtime" "https://deno.land/x/..." %*

and

#!/bin/sh
# generated by deno install
deno "run" "--allow-read" "--allow-write" "--allow-net" "--allow-env" "--allow-run" "--allow-plugin" "--allow-hrtime" "https://deno.land/x/..." "$@"

This is not specifically requested by the user installing the app and is for the most part opaque to casual users. And, then, this acts as a future trip mine which, without any warning, breaks all those shims when upgrading from v1.12 to v1.13, blocking use of all the apps installed using that installation directive.

error: Found argument '--allow-plugin' which wasn't expected, or isn't valid in this context
        Did you mean --allow-run?

USAGE:
    deno run <SCRIPT_ARG>... --allow-env=<allow-env> --allow-net=<allow-net> --allow-read=<allow-read> --allow-run=<allow-run> --allow-write=<allow-write>

For more information try --help

Again, I see this as a bug which needs to be addressed going forward to avoid tripping up ordinary users.

Likely, a good solution going forward is to never add unstable flags when installing using deno install -A .... Teach deno to add unstable command line flags only when explicitly requested, ie, for access to an unstable API, the dev must use deno install -A --unstable --allow-ffi ....

+2
rivy on Aug 25, 2021

I believe requirement for --unstable is already in place. I think @dsherretā€™s PR should address the problem of forward compatibility.

+1
bartlomieju on Jan 10, 2022

Not stale.

This should be addressed at least as a policy statement going forward so that it doesnā€™t happen againā€¦

+1
rivy on Nov 11, 2021

Yes, @MarkTiedemann, weā€™re saying the same thingā€¦

No, weā€™re not.

Iā€™m suggesting that the bug is that the expansion of -A should not add (ā€¦) any unstable permission (eg, --allow-plugin or --allow-ffi, which it does) to the expansion of -A.

Iā€™m saying that the bug is that -A should not be expanded.

There should not be a difference between deno run -A and deno install -A. I expect deno install -A to produce a shim that executes deno run -A.

+1
MarkTiedemann on Aug 31, 2021

@rivy Thanks for clarifying!

I was not aware that deno install -A ... produced a deno run shim including all --allow-* flags.

This seems like a design issue IMO, too.

I would have expected deno install -A ... to produce a deno run -A ... shim.

+1
MarkTiedemann on Aug 25, 2021

They should make the --allow-plugin flag an alias for the --allow-ffi.

They cannot be aliased because they are not the same thing: One is a native plugin API, the other is a FFI API. They are not compatible.

And if --allow-ffi goes away, itā€™ll break all over again.

Yes, itā€™s unstable, it may break. Denoā€™s stability is described in more detail in the manual: https://deno.land/manual@v1.13.2/runtime/stability

ā€œYou should be aware that many unstable APIs have not undergone a security review, are likely to have breaking API changes in the future, and are not ready for production.ā€

PS: If you are not sure about the stability of an unstable API, sometimes it helps to check the roadmap (https://github.com/denoland/deno/issues/11168). Usually, if an unstable API is mentioned, itā€™s either ā€œstabilizeā€ or ā€œremoveā€. For example, ā€œRemove native plugins API, introduce FFI APIā€ has been the number 1 item on the roadmap for a while now. An example of an unstable API being stabilized is the new HTTP server which is mentioned as ā€œStabilize native HTTP server APIā€.

+1
MarkTiedemann on Aug 24, 2021
Read more comments on GitHub
← deno: šŸ› `deno coverage` line and branch counts are incorrect
deno: Error: Another accept task is ongoing :: JS Native classes making HTTP dispatcher fail. →