Skip to content

fix: inheriting NODE_OPTIONS on macOS with integrated terminal#204682

Merged
deepak1556 merged 1 commit intomainfrom
robo/fix_node_options_macOS
Feb 8, 2024
Merged

fix: inheriting NODE_OPTIONS on macOS with integrated terminal#204682
deepak1556 merged 1 commit intomainfrom
robo/fix_node_options_macOS

Conversation

@deepak1556
Copy link
Collaborator

Fixes #204005

With electron/electron#40770 NODE_OPTIONS and NODE_REPL_EXTERNAL_MODULE will be removed if the application launching the VS Code application does not share the same codesign attributes. This is to prevent sandboxed applications on macOS from bypassing the sandbox by using the ELECTRON_RUN_AS_NODE mode of our application.

One downside with the detection is that launching the application from CLI will remove these variables if the user had set them in their terminal config files, so any external applications like nodejs binary cannot use these variables from integrated terminal if shell integration is not in play. This patch adds a workaround to temporarily store the variables in VSCODE_ and restore them in the terminal environment.

Alternative take on #204396 /cc @forivall

@deepak1556 deepak1556 added this to the February 2024 milestone Feb 8, 2024
@deepak1556 deepak1556 requested review from Tyriar and bpasero February 8, 2024 05:47
@deepak1556 deepak1556 self-assigned this Feb 8, 2024
// Restore NODE_OPTIONS if it was set
if (env['VSCODE_NODE_OPTIONS']) {
env['NODE_OPTIONS'] = env['VSCODE_NODE_OPTIONS'];
delete env['VSCODE_NODE_OPTIONS'];
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sanitizeProcessEnvironment will remove VSCODE_ variables, this is not necessary but no harm in being explicit.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We do this so as to not leak our own NODE_OPTIONS into terminal/debug processes where it could cause problems.

Copy link
Member

@bpasero bpasero left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Curious why we would only do this on macOS and not other platforms?

@deepak1556
Copy link
Collaborator Author

The equivalent on windows would be app container but we don't have a demonstration of similar issue there. This is only an issue on macOS (where we also got the report) since LaunchServices allows calling into an unsandboxed app from a sandboxed app.

Copy link
Member

@Tyriar Tyriar left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

fyi @connor4312 in case this new NODE_OPTIONS info is going to break JS debug terminals.

@deepak1556 deepak1556 merged commit cfb7370 into main Feb 8, 2024
@deepak1556 deepak1556 deleted the robo/fix_node_options_macOS branch February 8, 2024 18:02
@GBrachetta
Copy link

Will this be on 1.87?
So far (1.86.1) the issue is still there.

@beorn
Copy link

beorn commented Feb 8, 2024

I believe there are other NODE_* variables that are affected too - e.g., if you install node via Nix then NODE_PATH is set and required to be set.

@deepak1556
Copy link
Collaborator Author

@GBrachetta yes this will be on 1.87 and latest insiders should have the fixes. I will see if we can backport to 1.86.2 for next week but that will require some runtime changes as well to include the changes mentioned in #204005 (comment)

deepak1556 added a commit that referenced this pull request Feb 13, 2024
fix: inheriting NODE_OPTIONS on macOS with integrated terminal (#204682)
@microsoft microsoft locked and limited conversation to collaborators Jun 10, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Warning about Node.js environment variables on launch

5 participants