UNPKG

lavamoat-core

Version:

LavaMoat kernel and utils

github.com/LavaMoat/lavamoat

LavaMoat/lavamoat

126 lines (108 loc) 2.8 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
import { RequireAtLeastOne } from 'type-fest' import { LavamoatModuleRecord } from '../moduleRecord' /** * Schema for LavaMoat policy files */ export type LavaMoatPolicy = RequireAtLeastOne< PartialLavaMoatPolicy, 'resources' | 'resolutions' > export type LavaMoatPolicyOverrides = PartialLavaMoatPolicy export type LavaMoatPolicyDebug = LavaMoatPolicy & { debugInfo: Record<string, DebugInfo> } export interface PartialLavaMoatPolicy { resources?: Resources resolutions?: Resolutions } export interface DebugInfo { /** * @todo This is an array of `@babel/parser`'s `ParseError`. To use it * directly we'd need to add `@babel/parser` as a production dependency of * `lavamoat-tofu`, and I don't want to do that right now. */ parseErrors?: { code: string; reasonCode: string }[] moduleRecord: Omit<LavamoatModuleRecord, 'ast'> /** * @todo Move these types into lavamoat-tofu */ sesCompat: SesCompat globals: Record<string, boolean> builtin: string[] } export interface SesCompat { dynamicRequires: SesCompatObj[] primordialMutations: SesCompatObj[] strictModeViolations: SesCompatObj[] } export interface SesCompatObj { node: SesCompatNode } export interface SesCompatNode { loc: SesCompatNodeLocation } export interface SesCompatNodeLocation { start: NodeLocation end: NodeLocation } export interface NodeLocation { column: number index: number line: number } /** * @deprecated - Use `true` instead */ export type GlobalPolicyRead = 'read' export type GlobalPolicyWrite = 'write' export type GlobalPolicyValue = GlobalPolicyRead | GlobalPolicyWrite | boolean /** * Describe the resources available to your application and direct dependencies */ export interface Resources { [k: string]: ResourcePolicy } export interface ResourcePolicy { globals?: GlobalPolicy builtin?: BuiltinPolicy packages?: PackagePolicy /** * Allow native modules */ native?: boolean } /** * Globals (including properties using dot notation) accessible to the module; * `true` to allow and `false` to deny */ export interface GlobalPolicy { [k: string]: GlobalPolicyValue } /** * Node.js builtins (including properties using dot notation); `true` to allow * and `false` to deny */ export interface BuiltinPolicy { [k: string]: boolean } /** * Additional external packages (in their entirety) accessible to the module; * `true` to allow and `false` to deny */ export interface PackagePolicy { [k: string]: boolean } /** * Custom run-time module resolutions by direct dependency */ export interface Resolutions { /** * The key is the dependency name */ [k: string]: { /** * The key is the original module path and the value is the new module path */ [k: string]: string } }