Deny env permissions silently (without throwing)
Hi. An
npm module I'm using tries to read, or rather check for an existence of an env variable. The problem is it throws due to not having permission to access env.
I'd rather not give any env permissions to any of my scripts.
I think the offending npm module can do with having env variables undefined, it's just that it throws just trying to see if the variables are there. Can I somehow make Deno silently return empty/null without throwing an error?
(if it's any importance, the offending module is npm:deepl-node , which uses npm:axios, which tries to see if there is something in NODE_EXTRA_CA_CERTS and is then unable to handle the access denied exception)7 Replies
I think you'd need to grant permission, which you could do to just that env var. E.g.
--allow-env=NODE_EXTRA_CA_CERTS. If you wanted to avoid any code possibly using that env var, you could always remove this env combined with the above. E.g. Deno.env.delete("NODE_EXTRA_CA_CERTS");Yeah, that doesn't look very pretty, but would work, thank you! Deleting the variable afterwards might be overprotective, but would definitely make me feel less dirty haha.
Choose your dirt 😅
Interesting. I've used several npm modules and they seem to work OK when I
--deny-env. I wonder if they're handling the exception better than deepl-node, or if Deno changed the behavior there. 🤔
Yes, behavior now (Deno v2.1.6) seems to be that the node compatibility process.env.x will return undefined if permission is denied for reading x.nice! good to know I can now remove the hairy workarounds!
Yeah. I'm still not a fan of
--deny-env though, so I'm writing up an issue documenting the problem.GitHub
Request: NPM/Node Compatibility: Better handling for
process.env ...I'm loving Deno's NPM compatibility, but there's a pain point: Lots of npm dependencies try to read various environment variables when they're loaded, which runs into Deno's per...