From a62061eb7641144022a67ba269b797ec0d52527c Mon Sep 17 00:00:00 2001
From: David Sherret <dsherret@users.noreply.github.com>
Date: Thu, 22 Aug 2024 14:40:29 -0400
Subject: [PATCH] fix: improve error message when a dependency imports outside
 of npm (#64)

---
 src/registry.rs | 39 ++++++++++++++++++++++++++++++++++++++-
 1 file changed, 38 insertions(+), 1 deletion(-)

diff --git a/src/registry.rs b/src/registry.rs
index c480d22..3a9961b 100644
--- a/src/registry.rs
+++ b/src/registry.rs
@@ -81,6 +81,10 @@ pub struct NpmDependencyEntryError {
 pub enum NpmDependencyEntryErrorSource {
   #[error(transparent)]
   NpmVersionReqParseError(#[from] NpmVersionReqParseError),
+  #[error("Package specified a dependency outside of npm ({}). Deno does not install these for security reasons. The npm package should be improved to have all its dependencies on npm.
+
+To work around this, you can use a package.json and install the dependencies via `npm install`.", .specifier)]
+  RemoteDependency { specifier: String },
 }
 
 #[derive(Debug, Clone, Eq, PartialEq)]
@@ -204,6 +208,8 @@ impl NpmPackageVersionInfo {
       kind: NpmDependencyEntryKind,
     ) -> Result<NpmDependencyEntry, Box<NpmDependencyEntryError>> {
       parse_dep_entry_inner(key_value, kind).map_err(|source| {
+        let (_name, version_req) =
+          parse_dep_entry_name_and_raw_version(key_value.0, key_value.1);
         Box::new(NpmDependencyEntryError {
           parent_nv: PackageNv {
             name: nv.0.to_string(),
@@ -211,7 +217,17 @@ impl NpmPackageVersionInfo {
           },
           key: key_value.0.to_string(),
           version_req: key_value.1.to_string(),
-          source,
+          source: if version_req.starts_with("https://")
+            || version_req.starts_with("http://")
+            || version_req.starts_with("git:")
+            || version_req.starts_with("git+")
+          {
+            NpmDependencyEntryErrorSource::RemoteDependency {
+              specifier: version_req.to_string(),
+            }
+          } else {
+            source
+          },
         })
       })
     }
@@ -1155,4 +1171,25 @@ mod test {
       assert_eq!(result, expected_result);
     }
   }
+
+  #[test]
+  fn remote_deps_as_entries() {
+    for specifier in [
+      "https://example.com/something.tgz",
+      "git://github.com/example/example",
+      "git+ssh://github.com/example/example",
+    ] {
+      let deps = NpmPackageVersionInfo {
+        dependencies: HashMap::from([("a".to_string(), specifier.to_string())]),
+        ..Default::default()
+      };
+      let err = deps.dependencies_as_entries("pkg-name").unwrap_err();
+      match err.source {
+        NpmDependencyEntryErrorSource::RemoteDependency {
+          specifier: err_specifier,
+        } => assert_eq!(err_specifier, specifier),
+        _ => unreachable!(),
+      }
+    }
+  }
 }