Over the past couple of weeks, I came across multiple blogs and YouTube videos about the v2.0 release of Deno - a JavaScript, TypeScript, and WebAssembly runtime built with Rust and designed to offer secure defaults for developers. Since I was searching for an issue to create my second PR in Hacktoberfest, I decided contributed to this trending repository. My pull request focused on the compatibility layer of Deno, which was enhanced with the recent release to better support Node.js and npm. The specific task in my PR involved replacing built-in global proxy functions with primordials in the Node compatibility layer.
Deno
Deno
(/ˈdiːnoʊ/, pronounced
dee-no) is a JavaScript, TypeScript, and WebAssembly runtime with secure
defaults and a great developer experience. It's built on V8
Rust, and Tokio.
Learn more about the Deno runtime in the documentation.
Installation
Install the Deno runtime on your system using one of the commands below. Note that there are a number of ways to install Deno - a comprehensive list of installation options can be found here.
Shell (Mac, Linux):
curl -fsSL https://deno.land/install.sh | sh
PowerShell (Windows):
irm https://deno.land/install.ps1 | iex
Homebrew (Mac):
brew install deno
Chocolatey (Windows):
choco install deno
WinGet (Windows):
winget install --id=DenoLand.Deno
Build and install from source
Complete instructions for building Deno from source can be found in the manual here.
Your first Deno program
Deno can be used for many different applications, but is…
Exploring the Project
Given that Deno is a large and complex project with multiple languages and layers of functionality, setting up the environment was a critical first step. The setup process required installing Rust and configuring Cargo, along with other necessary dependencies for local development. Following the contribution guidelines, I reviewed both the project documentation and setup instructions. This part took some time but was essential for navigating the project’s structure and development process smoothly.
Working on the Issue
The issue I tackled was part of a larger effort to increase code reliability and security in Deno’s Node compatibility layer - Issue #24236. As per the documentation, Primordials are frozen intrinsic objects in Deno, used to safeguard against prototype pollution by replacing direct references to global objects with safe alternatives. In my case, I worked on updating randomInt.ts - a file responsible for the randomInt function’s implementation in the core.
My task was to replace certain global methods, like Number.isSafeInteger, with their primordial equivalents e.g., NumberIsSafeInteger. To ensure accuracy, I first researched the correct primordials for each global method. This led me to explore both the Node and Deno documentation to confirm the use of primordials and understand their role in reducing security risks in Deno’s core.
Code Changes and Pull Request
As always I created a new branch for this pull request and made the necessary changes to the randomInt.ts file, while reviewing similar accepted pull requests to align with best practices. I followed Deno’s style guidelines for linting and formatting, but I was not able to run the lint script due to some issue with cargo. I decided to push the code changes after testing locally and to review the linting errors(if any) generated by the CI workflow on GitHub. I submitted my PR, following the guidelines for new pull requests and eventually got a lint error. After changing the PR to draft and resolving the error locally, I pushed the new changes which passed all the tests and it was ready for review.
fix(ext/node): use primordials in ext\node\polyfills\internal\crypto\_randomInt.ts
#26534
Towards #24236
used primordials from ext:core to replace usage of built-in functions
While waiting for review on my PR I noticed new commits were merged into main and my branch was out of sync. Out of boredom, I decided to merge the new main branch into my branch which interestingly made my PR fail most of the cases. After investigating the cause for a while I concluded it was because of the new changes still under CI/CD workflows runs. Since I had the previous branch locally I forced pushed to origin in order to revert the merge and decided to leave merging for reviewers. The PR was reviewed and accepted after several hours and this time it did not fail any tests during merge.
Conclusion
This PR allowed me to explore Rust alongside JavaScript in a large, open-source project being used by numerous users. Though it involved minimal code changes, contributing to a project as substantial as Deno was a valuable experience, helping me understand how small adjustments can enhance overall system stability and security.
Top comments (0)