fix: remove globalThis check and align with what bundlers can accept
#4022
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Hi @JoviDeCroock, I'm @github-actions bot happy to help you with this PR 👋 Supported commandsPlease post this commands in separate comments and only one per comment:
|
JoviDeCroock
force-pushed
the
fix-node-env-issue
branch
3 times, most recently
from
a8f5b4a to
b0ca7e0
Compare
|
CC @graphql/graphql-js-reviewers |
JoviDeCroock
commented
May 1, 2024
JoviDeCroock
commented
May 1, 2024
n1ru4l
approved these changes
May 2, 2024
JoviDeCroock
commented
May 4, 2024
This was referenced May 23, 2024
saihaj
approved these changes
May 29, 2024
|
CI is failing with a rate limit issue, I can't force a retry 😅 |
|
Love love love the documentation page; excellent work! 🙌 |
yaacovCR
pushed a commit
that referenced
this pull request
Sep 6, 2024
#4022) As surfaced in [Discord](https://discord.com/channels/625400653321076807/862957336082645006/1206980831915282532) this currently is a breaking change in the 16.x.x release line which is preventing folks from upgrading towards a security fix. This PR should result in a patch release on the 16 release line. This change was originally introduced to support CFW and browser environments which should still be supported with the `typeof` check CC @n1ru4l This also adds a check whether `.env` is present as in the DOM using `id="process"` defines that as a global which we don't want to access on accident. as shown in #4017 Bundles also target `process.env.NODE_ENV` specifically which fails when it replaces `globalThis.process.env.NODE_ENV` as this becomes `globalThis."production"` which is invalid syntax. Fixes #3978 Fixes #3918 Fixes #3928 Fixes #3758 Fixes #3934 This purposefully does not account for #3925 as we can't address this without breaking CF/plain browsers so the small byte-size increase will be expected for bundled browser environments. As a middle ground we did optimise the performance here. We can revisit this for v17. Most bundlers will be able to tree-shake this with a little help, in #4075 (comment) you can find a conclusion with a repo where we discuss a few. - Next.JS by default replaces [`process.env.NODE_ENV`](https://github.com/vercel/next.js/blob/b0ab0fe85fe8c93792051b058e060724ff373cc2/packages/next/webpack.config.js#L182) you can add `typeof process` linearly - Vite allows you to specify [`config.define`](https://vitejs.dev/config/shared-options.html#define) - ESBuild by default will replace `process.env.NODE_ENV` but does not support replacing `typeof process` - Rollup has a plugin for this https://www.npmjs.com/package/@rollup/plugin-replace Supersedes #4021 Supersedes #4019 Supersedes #3927 > This now also adds a documentation page on how to remove all of these
This was referenced Sep 18, 2024
Thompson1985
approved these changes
Dec 4, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As surfaced in Discord this currently is a breaking change in the 16.x.x release line which is preventing folks from upgrading towards a security fix. This PR should result in a patch release on the 16 release line.
This change was originally introduced to support CFW and browser environments which should still be supported with the
typeofcheck CC @n1ru4lThis also adds a check whether
.envis present as in the DOM usingid="process"defines that as a global which we don't want to access on accident. as shown in #4017Bundles also target
process.env.NODE_ENVspecifically which fails when it replacesglobalThis.process.env.NODE_ENVas this becomesglobalThis."production"which is invalid syntax.Fixes #3978
Fixes #3918
Fixes #3928
Fixes #3758
Fixes #3934
This purposefully does not account for #3925 as we can't address this without breaking CF/plain browsers so the small byte-size increase will be expected for bundled browser environments. As a middle ground we did optimise the performance here. We can revisit this for v17.
Most bundlers will be able to tree-shake this with a little help, in #4075 (comment) you can find a conclusion with a repo where we discuss a few.
process.env.NODE_ENVyou can addtypeof processlinearlyconfig.defineprocess.env.NODE_ENVbut does not support replacingtypeof processSupersedes #4021
Supersedes #4019
Supersedes #3927