fix(npm): allow to read package.json if permissions are granted (#17209)

This commit changes signature of "deno_core::ModuleLoader::resolve" to pass an enum indicating whether or not we're resolving a specifier for dynamic import. Additionally "CliModuleLoader" was changes to store both "parent permissions" (or "root permissions") as well as "dynamic permissions" that allow to check for permissions in top-level module load an dynamic imports. Then all code paths that have anything to do with Node/npm compat are now checking for permissions which are passed from module loader instance associated with given worker.
2025-08-04 10:59:13 +00:00 · 2023-01-10 14:35:44 +01:00 · 2023-01-10 14:35:44 +01:00 · 636352e0ca
commit 636352e0ca
parent 45768f0e83
26 changed files with 306 additions and 93 deletions
--- a/cli/npm/resolvers/local.rs
+++ b/cli/npm/resolvers/local.rs
@ -19,6 +19,7 @@ use deno_core::futures::future::BoxFuture;
 use deno_core::futures::FutureExt;
 use deno_core::url::Url;
 use deno_runtime::deno_core::futures;
+use deno_runtime::deno_node::NodePermissions;
 use deno_runtime::deno_node::NodeResolutionMode;
 use deno_runtime::deno_node::PackageJson;
 use tokio::task::JoinHandle;
@ -245,8 +246,16 @@ impl InnerNpmPackageResolver for LocalNpmPackageResolver {
    .boxed()
  }

-  fn ensure_read_permission(&self, path: &Path) -> Result<(), AnyError> {
-    ensure_registry_read_permission(&self.root_node_modules_path, path)
+  fn ensure_read_permission(
+    &self,
+    permissions: &mut dyn NodePermissions,
+    path: &Path,
+  ) -> Result<(), AnyError> {
+    ensure_registry_read_permission(
+      permissions,
+      &self.root_node_modules_path,
+      path,
+    )
  }

  fn snapshot(&self) -> NpmResolutionSnapshot {