@@ -74,6 +74,9 @@ config BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL
version), the uglify-js module at 1.3.4, a module from a
filesystem path, and a module from a git repository.
+ Warning:
+ By default, using this option taints the build!
+
config BR2_PACKAGE_NODEJS_MODULES_ADDITIONAL_DEPS
string "Additional module dependencies"
help
@@ -242,6 +242,7 @@ NODEJS_SRC_MODULES_LIST= $(call qstrip,\
#
ifneq ($(NODEJS_SRC_MODULES_LIST),)
NODEJS_SRC_DEPENDENCIES += host-nodejs
+NODEJS_TAINTS = YES
define NODEJS_SRC_INSTALL_MODULES
# If you're having trouble with module installation, adding -d to the
# npm install call below and setting npm_config_rollback=false can both
By default, there is no guarantee of reproducibility when a user enables additional NPM packages. As Yann pointed out the last time this patch series was submitted, there are several legitimate scenarios where enabling additional NPM packages is reproducible. However, the BR2_DISABLE_TAINT_CHECKING option addresses these concerns. Signed-off-by: Adam Duskett <adam.duskett@amarulasolutions.com> --- package/nodejs/Config.in | 3 +++ package/nodejs/nodejs-src/nodejs-src.mk | 1 + 2 files changed, 4 insertions(+)