jon
jon2w ago

`deno run` that never writes to `DENO_DIR` or `deno.lock`?

I am working on an application that embeds a deno 1.46.3 binary and uses it to deno run some app plugins. The plugins are folders that are included in our app bundle, which contain deno configuration and .ts files. Because we need to sign our app bundle, and some plugins are bundled within the app bundle, we run into the issue where the signature will be invalidated due to deno run --cached-only being able to modify deno.lock and any already-cached deno-deps. We don't want to use --frozen, because this would return an error instead of an invalid signature. We don't want to compile because having many copies of deno would make our app much larger in size. It seems like some combination of --cached-only, --no-remote or maybe --vendor could help us out, but we haven't had luck yet. Another approach we may explore is using the OS filesystem to mark our bundled plugin folders as readonly.
0 Replies
No replies yetBe the first to reply to this messageJoin