fix(compartment-mapper): Take only first matching tag of package exports #2275
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #2276
Description
If a
package.json
"exports"
is a list of ordered constraints, Endo’s Compartment Mapper currently uses all of the accepted entries and not just the first. This causes subsequent entries to override the first if they produce matching paths. I believe the intended behavior is to use the first that matches.Security Considerations
This amounts to a difference in behavior between Endo and Node in the treatment of Package Exports.
Scaling Considerations
None.
Documentation Considerations
Fixing this issue will bring Endo into accord with Node.js’s somewhat light documentation on this feature.
Testing Considerations
Existing snapshot tests cover the behavior and must be updated to reflect the correct interpretation.
Compatibility Considerations
This will improve ecosystem compatibility. No known bundles depend on the existing behavior, but we cannot rule out the possibility.
There is a possibility that this change will break existing bundles that depend on the current erroneous behavior, for example preferring
default
over anendo
tag. I am considering this a bugfix and not a breaking change since it is a bug to rely on the current behavior.Upgrade Considerations
Even if this behavior might break the bundling process for existing contracts, it will not invalidate existing bundles. This change should not break upgrades but may create a speed bump for upgrading tool dependencies.