►
Description
A
Okay,
we
should
be
live,
hey
there,
so
this
is
the
nodejs
user
feedback
session
for
tooling,
so
that's
command
line,
tooling
and
and
command
line
applications
written
in
node,
and
we
are
going
to
talk
about
a
few
issues
around
that
and
gather
some
feedback
from
the
community.
So
we
had
a
feedback
session
jeez.
How
long
ago
was
that
it
was.
It
was
probably
like
at
least
six
weeks
ago
so
and
in
that
session
we
we
covered
a
few
things
and
then
we've
had
a
issue
in
the
node
GS
user
feedback.
A
There
are
a
few
kind
of
main
points
that
keep
coming
up
again
and
again,
when
you
know
people
who
are
using
node.js
for
tooling,
you
know
talk
about
what
they
need
and
so
that
first
one
and
I'm
just
going
to
get
right
into
it
is
the
is
involves
a
lot
of
cross
platform
issues
and
certain
problems
within
especially
the
FS
module
and
so
like,
for
example,
the
FS
stopwatch
is,
is
kind
of
a
it's
kind
of
doesn't
work
like
you'd
expect.
It
doesn't
work
very
well,
maybe
it
only
works
on
on
Linux.
A
B
That's
a
whole
meeting
in
itself,
yeah
there's
a
lot.
We
have
to
support
all
platforms,
well,
Mac,
Linux
and
Windows.
We
don't
support
BSD,
we
need
recursive
file
watching
and
Linux
doesn't
support
it.
So
that
means
the
recursive
flag
that
is
available.
An
FS
watch
is
useless
to
us.
We
keep
a
tree
of
every
single
directory,
all
the
way
up
to
the
root
and
watch
all
the
parent
nodes
and
if
you
say
recursive
we'll
watch
deeply
into
everything
below
that.
So
it's
very
expensive.
We
actually
won.
B
B
We
need
to
watch
directories
or
files
that
may
have
permission
changes.
So
we
wrote
a
library,
absolutely
FS
watcher
that
will
do
all
this
the
hard
way,
so
it
will
watch
for
fommy.
It
watches
the
directory
for
any
permission,
changes
in
the
directory
and
then
it
will
send
messages
to
the
children,
nodes
or
parent
nodes
or
whatever,
and
we
tried
to
wire
up
some
metrics
to
it
so
that
we
can
keep
an
eye
on
it.
How
many
file
system
Watchers?
Are
we
creating?
How
many?
B
How
many
nodes
are
there
in
the
tree
and
whatnot?
We
only
watch
directories.
We
don't
watch
files,
so
if
you
say
watch
a
file,
we're
actually
watching
the
directory
to
see
if
the
file
changed,
if
or
any
events
that
that
way,
because
messages
seem
to
be
more
normalized
and
that
you
know
the
whole
like
multiple
events
coming
in,
like
windows,
I
think
admits
like
three
events:
if
there's
a
file,
that's
been
added
or
whatever,
but
in
Linux
and
Mac
is
only
two,
so
we
have
to
keep
track
of
a
timestamp.
B
For
the
last
time
there
was
a
an
event
and
the
event
type
and
try
to
remove,
duplicates
and
and
then
hire
a
title
into
a
nice
neat
package
with
event,
emitters
and
what-have-you.
So
it's
been
very,
very
painful,
but
we're
I,
tested
and
believe
me,
I
didn't
want
to
reinvent
the
wheel:
I
tested
almost
27,
filesystemwatcher
libraries
and
NPM,
and
none
of
them
none
of
them
could
watch
files
that
didn't
exist,
so
I
mean
just
because
you're
watching
something
doesn't
exist
doesn't
mean
that
it
couldn't
possibly
exist
eventually.
I
hope
that
answers
your
question.
A
Yeah
so
I
mean
yeah,
yeah
I'm
looking
around
like
well.
How
do
other
systems
handle
the
sort
of
thing
so
I'm,
looking
at
like
Python,
for
example,
so
python
it
doesn't
as
far
as
I
can
tell
it
doesn't
have
any
dove
functionality
to
do
this.
There's
a
program
watchdog
which
will
let
you
monitor,
file
system
events
there.
A
B
Don't
care
if
it's
hard
to
do
fix
it?
I'm
sorry,
but
I
do
I
got
too
many
other
problems
to
worry
about
and,
frankly,
the
quality
of
the
stuff.
That's
an
NPM
is
not
satisfactory
to
what
I
need
to
get
done.
So
I
can
I
can't
spend
more
time
reinventing
the
wheel.
I
just
want
it
to
work.
I
know
it's
hard
and
what
I've
come
up
with
sucked,
but
I,
hey,
I,
think
that
we
can
fix
it.
B
I
think
there's
got
to
be
a
way
and
I
maybe
I
mean
we
know
it
as
the
luxury
of
shipping
native
code
right.
It
can
compile
in
watch
man
or
something
like
that.
I
don't
know,
but
I
struggle
great
with
with
you
know,
a
lot
with
with
native
add-ons.
Obviously,
I
went
through
the
growing
pains
of
the
old.
You
know
all
the
API
module
updates
and
and
I
know
that
an
API
is
out,
but
even
then
distributing
we
have
people
on
Windows
that
don't
have
Visual
Studio
installed
to
have
them.
B
Have
a
compiler
installed
at
all.
It's
tough!
It's
just
it's
too
taxing
for
what
we
for
our
users.
So
we
try
to
avoid
native
as
much
as
possible
and
things
like
walkman
just
isn't
a
good
solution
for
us.
But
if
it's
and
done
embedded
in
the
node
runtime,
then
that's
perfect,
because
it's
got
its
native
and
it's
already
built
for
their
system.
It's
already
in
their
correct
architecture.
So
Chris.
C
B
So
I'm
an
engineer
at
Appcelerator,
we
were
acquired
by
ax
way,
I've
been
working
on
tooling
for
the
titanium
mobile
sdk
for
about
five
years,
all
a
node.
It
wasn't
written
in
Python,
but
we
now
are
all
in
node.
All
of
our
CL
eyes
have
been
built.
You
know
just
we
started
back
in
the
old
days
of
using
optimists
and
Winston
for
logging
and
all
this
stuff
and
we've
over
time.
B
A
service
that
runs
in
the
background
constantly
invisible
to
the
user,
so
we're
doing
pit
files
in
the
whole
nine
and
it
runs
very
similar
to
ADB.
You
know
what
you
can
like
log
cat
into
it
and
get
log
messages
and
whatnot.
So
how
we
do
our
logging
is
very
is
very
different.
We
don't
then
like
a
web
server,
we
keep
all
logs
in
memory
and
we
fill
up
a
buffer
and
blow
away
everything.
That's
older.
B
Since
the
demon
is
constantly
running,
we
have
to
monitor
state
of
the
machine,
always
so
the
case
of
titanium
mobile,
we're
doing
lots
of
things
with
Android
and
with
iOS
and
Visual
Studio
on
Windows
and
whatnot.
We
need
to
monitor
constantly
all
these
things
we
are
watching
if
you
install
a
new
Xcode.
If
you
install
new,
if
you
download
a
new
Android
SDK,
we
know
about
it
instantly
and
that
data
is
refreshed.
B
If
you
connect
a
device
to
your
machine,
we
have
a
bit
of
native
code,
I
had
to
write
there,
that
that
meant
an
Android
device
or
an
iOS
device.
We
immediately
are
listening
tracking
that
and
then
we
can
broadcast
out
those
changes
to
any
listeners.
Now,
a
real
product
called
AB
seller,
ater
studio,
which
is
basically
Eclipse,
plus,
plus
and-
and
there
are
a
list
of
devices
of
what's
connected,
is
driven
by
this
event-driven,
this
monitoring
of
the
devices
and
whatnot.
B
A
B
Then
so,
originally
we
weren't.
We
would
say
that
you
know
you
had
to
have
node
installed
and
then
we,
when
we
ended
up
having
studio,
install
node
and
as
you
guys
can
imagine,
people
are
like
now-
I,
don't
really
want
to
use
studio,
I
want
to
use
atom
or
BS
code
or
sublime,
or
something
like
that
then,
and
just
switch
over
to
the
CLI
to
do
the
build
and
in
which
case
know
that
people
would
have
to
have
their
own
version
of
node
installed.
B
So,
however,
with
the
daemon
different
story,
the
daemon
can
you
start
the
daemon,
with
whatever
version
and
nodes
on
your
machine
as
a
bootstrap,
but
then
the
actual
core,
the
demonized
process
is
actually
spawned
using
a
version
of
node
that
we
download
we've
locked
down
the
node
version
of
the
daemon.
In
the
background,
the
reason
we
do
this
is
because
we're
going
to
basically
be
running
native
extensions.
Like
I
said
we
have
a
native
native
a
non.
We
have
a
native
a
non
for
watching
your
iOS
devices
being
connected.
B
We
need
to
lock
down
the
node
version
so
that
we
know
that
it
will
never
so
that
we
can
ship
binaries
in
a
way
that
doesn't
allow
people
to
have
to
have
the
bill.
You
know
they
should
they
don't
have
to
have
Visual
Studio
or
bad
example
for
iOS,
but
we're
heading
down
that
road,
because
we're
start
doing
encryption
and
all
kinds
of
other
fun
stuff.
In
native
and
right
now
we
do
now
and
in
fact,
I'm
actually
kind
of
interested
to
hear
what
other
people
are
doing
for
distributing
native
add-ons.
B
You
know:
how
are
they
building
them
and
I
mean?
Are
they
doing
pre
build?
Why
are
they
doing
node
pre
chip?
That's
we
use
no
pre
jet
unless
we've
built
it
already
and
yes,
our
CI
server
is
trying
to
build
stuff
for
every
architecture,
but
unless
we
missed
one,
a
new
node
version
comes
out
or
something
we
got
a
hustle
to
get
a
new
build
going.
You
know,
I'm.
A
B
So
what
we
did
is
we
actually
initially
started
off
with
actually
building
binaries
and
and
publishing
them
with
our
packaged,
an
p.m..
But
as
you
can
imagine,
we
started
getting
like
eight
binaries
in
a
single
package
and
and
if
there
was
a
new
version,
node
we
had
to
a
you
know,
cut
a
new
version
of
the
module.
B
It
wasn't
ideal,
so
me
I
would
I,
don't
know
that
there's
a
better
way
but
pre
Bill,
defying
downloading
a
precompiled,
binary
or
or
just
shoving
it
inside
the
package,
because
then
we
could
do
offline
installs,
which
is
actually
some
people
actually
want
that
they
want
to
be
able
to
say,
give
me
a
zip
file
with
everything
with
all
the
node
modules
and
everything
in
it.
I
know
it
sounds
crazy,
but
they
want
to
be
able
to
do
offline
installs
of
our
stuff.
Now.
D
B
But
that
was
more
so
that
we
could
lock
down
needed,
add
on
so
we
can
get
and
guarantee
that
those
are
gonna
run
with
a
certain
version,
and
but
you
still
need
a
note
version
globally
installed
our
node
version
stuff
down.
It's
like
home
directory,
not
accelerators,
right
and
and
believe
me
I,
actually
thought
I
had
a
lot
of
resistance
doing
that
a
lot
of
people
at
accelerator
like
no?
No,
no,
no,
no!
No.
We
are
not
downloading
another
30
Meg
or
whatever.
It
is
executing
a
binary.
B
Forget
that,
but
then
I
was
like
how's
this
any
different
than
like
you
know.
Other
CL
is,
you
know,
note
is
just
the
runtime
guys
it's
a
dependency.
We
have
to
worry
about
this
dependent
important
dependency,
especially
when
we
start
getting
into
using
ES
2015
features
and
whatnot
yeah.
We
use
babel.
C
B
That's
another
talk
in
itself
because
that's
painful,
but
there's
a
lot
of
stuff
that
we
don't
transpile
that
requires
no
to
eat
now.
That's
our
minimum.
D
D
B
D
It's
it's
in
a
turbo,
it's
just
that
that
actually
includes
NPM
and
that's
NPM
is
a
significant
portion
of
this
of
the
space
and,
if
you've,
if
you're,
not
installing
in
PM's
that
potentially
could
be
smaller,
so
I'm
just
wondering
if
that
or
but
of
course,
if
you
use
NPM
once
you're
installed
that
you
know
you
can't
remove,
it's
got
to
be
there.
We.
B
B
Then
also
for
Mac,
we
actually,
we
were
downloading
the
pre-built
binary
for
that.
Much
like
the
you
guys
are
familiar
with
n
a
little
shell
script
yeah
that
thing
just
goes
and
downloads
the
node
binary
for
Mac
and
that
that
works,
but
all
the
sudden,
you
start
getting
security
issues
because
it's
not
assigned
binary.
So
you
have
to
use
the
pkg
distribution
of
node,
and
so
we
do
for
that.
As
I
I
extract
I,
don't
know,
Keiji
extract
the
no
extracted
into
a
temple
or
just
plop
out
no
nuke
everything
else.
A
So
so,
but
I
mean
it's,
it
sounds
like
the
the
problems
go
beyond
FS
watch
in
particular.
It's
it's.
You
know
they
solved.
Its
native
modules
are
difficult
to
deal
with.
It
looks
like
you
also
mentioned.
Actually
so
Gus
Kaplan
just
joined
us
I
just
wanted
to
give
give
him
a
to
say
you
know
if,
if
you
know
you
use
FS
watch
or
if
you've
had
to
watch
files
using
node
and
and
what
your
experience
with
that
has
been.
A
B
Seen
sure
if
you
run
a
32-bit
version
of
node
on
a
64-bit
machine,
it
returns,
the
architecture
is
32-bit,
which
is
the
architecture
of
the
node.
Binary
is
32-bit,
not
the
architecture
of
the
machine,
so
I
wrote
a
little
function
that
does
a
spawn
sync
on
UNIX,
II
machines
and
we'll
go
and
query
/proc
whatever
and
get
that
architecture,
and
this
is
important
because
a
minute
ago
I
was
describing
how
we
download
a
node
version,
that's
geared
towards
your
architecture.
So
we
have
to
know
if
we
downloading
Nexus
or
whatever.
B
D
Linux
we've
dropped.
32-Bit
supports
as
well
is
that
official,
because
I
I
mean
1010.
If
you
look
at
10.8
includes
32-bit,
there's
still
some
discussions
going
back
and
forth
on
that
front,
but.
B
D
A
D
A
D
D
So
I
guess
it's
that,
like
somebody's
gonna
have
to
do
some
work.
So
if
we
thought
it
was
important
enough,
if
we
could
get
the
past
context
and
explain
why
it's
important
to
say
a
new
field
or
something
that
might
be
possible
way
forward,
if
we,
if
we
don't
think
it's
important
enough
to
spend
any
time
that
I
don't
think
it's
just
gonna,
anybody
else
is
going
to
necessarily
jump
up
and
fix
it.
So
it's
probably
worth
like
in
terms
of
you
know
this
group
prioritizing
where
we
want
to
spend
some
of
our
cycles
easy.
C
D
Like
this
is
one
where,
if
we
thought
we
thought
this
is
where
it's
worth
investing
some
time,
you
know
figuring
out
where
the
past
discussions
were
what
the
context
was.
You
know
maybe
there's
already
a
you
know
old
discussion
as
to
why
it
makes
sense
the
way
it
is
that
we
just
don't
understand
or,
if
not,
then
it's
to
say
well,
let's
propose
doing
this
to
fix
it
like
adding
something
else
that
would
give
you
the
right
answer.
Mm-Hm.
A
Okay,
so
there's
a
rim
raff
there's
make
derp.
There
are
these
things
that
do
very
common,
very,
very
common
file
system
operations
that
you
know
in.
In
the
opinion
of
a
lot
of
people
in
these
discussions
and
and
and
anyone
I've
asked
about,
it
basically
says
this
needs
to
be
in
core,
so
you
know,
there's
I,
think
rim
ref
and
make
derp
kind
of
speak
for
themselves.
A
Basically,
it
claims
to
improve
cross-platform
compatibility
with
Windows
and
and
incorrect
some
some
other
issues
and
I
guess
I'm
personally,
just
just
kind
of
curious
like
why
why
it
does
there
need
I
mean
why
is
there
a
a
user
land
module?
Why
do
these
exist
like
to
fix
problems
in
in
core?
If
there's
a
a
a
Windows
issue
and
for
whatever
reason
why
why
did
it?
Why
do
we
have
to
fix
this
in
user
land?
A
Does
anybody
know
really
like
what
happened
with
graceful,
FS
and
and
why
it
exists,
and
why
that
wasn't
built
in
is
it?
Is
it
just
a
question
of
well,
it
would
be
a
breaking
change
or
what's
going
on
there's
anybody
does
really
know
about
that.
One
I
don't
have
context
on
that.
Okay
I
know
graceful.
Fs
was
Isaac's
thing.
I
know
there
was
a
question.
E
E
D
Right
now,
I'm
wondering:
what
do
you
think
is?
Is
that
a
point
in
time
kind
of
decision
in
terms
of
well?
Okay?
You
know
we
didn't
have
the
knowledge
or
history
that
where
we
see
that
there's
lots
of
people
using
those
and
lots
of
people
saying
this,
you
know
why
aren't
these
part
of
core
versus
you
know
in
the
beginning,
it's
like
hey
I'd,
like
to
have
something
like
this
and
it
just
seems
like
a
convenience
and
it's
like
well,
okay,
you
can
go
build
it.
D
E
So
they're
the
first
question:
you
know
the
the
the
guiding
principle
early
on
is,
you
know.
Complexity
goes
into
user
land
and
yeah.
One
of
the
you
know
that
the
attempts
that
were
made
with
node
was,
to
you
know
not
end
up
like
having
a
dead
code,
standard
library,
many
mature
platforms
that
you
know
have
exposed
if
stuff
in
the
standard
library
eventually
does
you
know,
atrophy
and
use
land.
You
know
takes
precedent
there.
E
You
know
at
the
same
time
you
know
the
the
overriding
thought
was
that
you
know
at
some
point
you
know
like
our
sink
like
node
would
be
done.
You
know
the
api's
would
be
you
know
frozen
and
like
once
we
got
to
1.0
know,
wouldn't
you
know
evolve
it
all,
and
you
know
here
we
are
nine
years
later
and
no.
That
is
not
the
case
and
I.
Don't
think
anyone
who
works
either
on
core
or
works
with
node
in
their
day-to-day
expects
that
you
know
behavior
anymore.
E
A
Yeah
I
feel,
like
there's,
been
obviously
like
historical
push
back
to
to
adding
things
like
this
to
core.
You
know,
I
feel
in
general.
This
is,
is
the
that
philosophy
is
a
good
thing,
but
I
feel
like
in
in
certain
cases
like
rim,
ref
and
maker,
where
it's
it's
just
it's
become
obvious
that
they
really
ought
to
be
in
there.
You
know,
but
so
I
mean
I.
Think
that
is
is
something
as
a
as
a
group.
We
should
probably
come
together
and
say
yeah.
E
Would
advocate
there
start
simple,
like
don't
bring
the
entire
FS
extras
back
as
the
beginning,
like
you
know,
go
we
are
working
group
mentally
and
then
you
know
help
core
team.
You
know
gain
understanding
and
into
this
you
know
in
particular,
and
you
know,
build
up.
You
know
one
or
two,
maybe
just
those
two
or
start
with
the
one
and
Michael.
D
Modules-
okay,
just
because
that's
often
another
good
argument
to
say
well
why
why
should
they
be
in
core?
Because
if
they
require
you
know
the
native
mod,
if
they
require
native
code,
it
is
like
the
other
Chris
was
mentioning
an
extra
burden
to
get
them
installed
and
running.
So
that's
why
I
was
asking
that.
E
You
wanted
lies
the
the
conversation,
but
I
did
have
a
comment
on
FS
graceful
of
s.
If
you
know
we'd
like
to
come
back
to
me,
oh
yeah
go
ahead
so
graceful.
An
ass
is
one
of
those
that
has
been
an
interesting
adventure.
It
does
not
use
native
code,
but
graceful
FS
used,
uses
I,
believe
it
still
uses
today.
Internals
and
it's
been
one
of
the
driving
factors
where
that've
taken
us
in
core
from
you
know,
just
letting
you
soul
and
do
whatever
to.
A
E
So
if
the
you
know,
because
a
graceful
of
s
was
accessing
internals,
if
previously
the
mindset
it
been,
you
know
usual
and
that's
what
it's
it
does.
But
you
know
graceful
FS
has
been
sort
of
the
the
spark
that
has
led
core
team
to
begin
to
protect
the
AP,
the
internal
api's
so
only
expose
you
know
explicitly
what
we
are
supporting
and
and
since
graceful
FS,
you
know
touches
on
AP
is
that
were
not
supported
externally
in
node.
You
know.
That
means
that
you
know.
A
A
Well,
no
I
mean
that's
good
I
think
you
know,
that's
they
think
we
need
to
research.
I'm
sure
somebody
knows,
but
like
graceful
OFS
also
cross
spawn
is
another
one
where
it's
like.
Well,
why
is
white?
Why
do
I
need
this
like?
Why
can't
I
use
child
press
a
spawn
on
Windows
and
have
it
worked
the
way
I
expect?
B
D
B
Sure
who
uses
make
derpy
under
the
hood
I'm
sorry
to
backpedal,
but
on
fsx.
Are
we
one
of
the
useful
things
that
we
use?
Is
there
json.parse
way
a
reader
dealy-bob?
We
can
reject
isles,
I'm
ripping
out
all
the
code
where
we
require
a
json
file
just
to
parse
it
just
because
I
don't
want
it
to
be
cached
FS
extra.
We
use
a
time.
We
don't
it's
gonna,
be
hard
to
say
what
we.
What
we
want
to
you
know
will
be
worth
keeping
it
and
whatnot
moving
files.
E
I
can't
tear
go
ahead.
I
can't
speak
to
the
API.
Is
that
graceful
at
best
implements,
but
I
can't
speak
to
you
know
the
the
reason
why
it
was
developed,
so
graceful
of
F's
you
came
about
is
because
the
core
maintainer
of
node
Isaac's
limiter,
also
building
NPM
and
graceful
FS,
was
one
of
those
components
inside
of
MPM
that
Isaac
created
to
sort
of
smooth
over
some
of
the
challenges
that
he
was
having
building
on
him.
A
D
A
Yeah
there's
like
it's
been
a
while
sorry,
there's:
oh
s,
module
there's
SH
util
module
that
has
other
stuff,
so
they
can,
it
seems
like
they
have
kind
of
a
a
lower
level
module
and
then
they
have
a
user
built
in,
but
but
then
they
have
like
a
higher
level
file
system
module
as
well.
Okay,.
D
All
right,
I
just
think
they're
like
that's
another
like
maybe
if
we
want
to
push
on
this,
you
know
maybe
pick
those
to
push
on
those
it'd
probably
be
useful
to
have
that
like
to
have
the
you
know.
The
arguments
were,
like
you
know,
lots
of
the
people
developing.
You
know
tooling,
use
them,
and
it's
just
like
you
know
the
belief
from
that
community,
as
they
should
just
be
part
of
core.
Oh
look
at
these
other
languages.
They
all
include
them.
D
A
V
M,
so
the
VM
I
think
Chris
was
the
one
who
mentioned
struggles
with
the
VM
module,
yeah
and
and
I've
had
those
as
well.
Where,
basically
the
deal
is,
we
want
to
create
a
a
sandbox
and
give
it
to
the
user
and
they
can
run
whatever
and
we
don't
want
them
to
escape
it,
and
that
is
exceedingly
difficult.
The
the
the
built-in
VM
module
does
not
support
that
behavior
and
so
a
user
land
module.
A
Vm
2
was
written
and
it
almost
does
that,
but
it
has
problems
and
so
it,
but
it
does
all
sorts
of
terrible
trickery
to
to
get
it
done
it
it.
It
relies
on
all
sorts
of
proxies
and
stuff
free
proxy
support.
It
was
doing
even
worse
things,
but
it
still
wasn't
that
secure
at
that
point,
so
it
was
possible
to
still
break
out
in
you
know,
as
somebody
who's
who's
working
in
a
test
framework
I
would
love
to
be
able
to
do
something
like.
A
Let's
just
will
spawn
or
will
create
I,
don't
know
a
pool
of
VMs
or
maybe
not
even
just
a
pool,
maybe
I
just
creating
them
and
and
I
want
to
run
a
test
in
isolation
in
that
VM
and
then,
when
I'm
done
just
close
it
down
and
then
I
don't
have
to
worry
about
cleaning
it
up.
I
would
love
to
be
able
to
do
that.
I'm,
not
sure
what
Chris.
What's
your?
A
B
There's
two
use
cases
that
come
to
mind:
one
is
configuration
files.
We
have
config
files
that
can
be
JSON
or
j/s
files,
where
module
dot
export
is
like
an
object
of
whatever
you
want,
so
you
can
a
config
file
if
the
Jas
file
could
like
require
in
things,
and
maybe
maybe
they
have
an
off
library
that
pulls
in
base
URLs.
B
We
want
to
lock
them
down
and
I'm,
not
I'm,
talking
about
like
I'm,
not
polluting
global
namespace,
I'm
talking
about
it,
but
also
I'm,
not
I'm,
not
quite
to
the
level
unity,
locking
down
file
system
access,
even
though
that
that
would
be
really
nice
to
lock
that
down
right
now,
I'm
fine,
which
is
not
even
declaring
that
best.
You
know-
oh
oh
whitelisted
or
whatever
past
that
and
I
need
to
the
other
news
case.
Is
both
the
titanium
CLI
and
the
ab
c--
daemon
support
plugins
that
can
run
anything
and
and
do
anything
and
I?
B
Don't
it's
very
important
in
that
case
of
the
daemon
that
a
plug-in
doesn't
do
a
process
exit?
Now,
that's
an
easy
one
to
to
block
right.
That's
just
a
single
function,
but
there's
other
things
there
too.
If
sometimes
you
pull
in
a
library
and
it
it
does
crazy
stuff.
It
redefines
console
that
log
or
recently
I
just
redefined
the
right
method
on
process
that
standard
out,
like
that's
kind
of
scary,
but
you
know
I,
there's,
there's
things
that
clobber
built-ins
and
I.
Don't
want
plugins
to
be
able
to
do
that.
B
B
D
Ideal,
you
might
want
to
look
at
the
worker
PR
that
landed
it's
it's
about
being
able
to
do
things
in
separates
fred's,
but
I
know
that
some
of
the
similar,
like
the
things
like
the
process,
not
exit.
I
know
that
that
PR
included
you
know
when
the
worker
does
exit
it
doesn't
exit
the
whole
runtime,
so
that
I
just
mean
I,
don't
think
it's
necessarily
a
total
solution
to
sandboxing,
but
I
think
it
has
some
elements.
B
I
think
the
VM
some
we
have
now
is
kind
of
cool,
because
you
can
create
a
VM
context
and
inject
a
global
object
right.
The
problem
is,
you
can
never
deallocate
it.
You
can
never
kill
it.
You
know
it
never
goes
away
until
you
end
the
process,
and
that
is
a
huge
problem.
If
you
want
to
you
know
like
in
the
case
of
running
a
test,
you
know
you
want
to
basically
destroy
it
and
recreate
a
new
one.
You
know
I
I,
don't
know
why
that
is
so
hard
to
do.
A
C
A
That's,
how
did
you
create
them?
The
VMS
just
using
the
vm,
I
don't
know,
create
context
right,
okay,
and
so
I'm
looking
here
at
the
the
docs
for
vm,
okay,
so
vm
module
provides
api's
for
compiling
and
running
code
within
a
v8,
we're
within
v8
virtual
machine
contexts,
blah
blah
blah
a
common
use
case
is
to
run
the
code
in
a
sandbox
environment.
A
A
When
I
think
and
and
I
and
when
I
think
a
lot
of
people
probably
run
into
this,
their
idea
of
sandbox
is
oh,
this
is
a
sandbox
and
the
user
can't
get
out
of
it.
But
that's
that's
just
not
the
case.
The
the
problem
is
when
you
pass
any
object
into
the
the
the
sandbox.
That's
context
defied
the
user
can
can,
by
way
of
JavaScript
use
that
object
to
break
out
of
the
sandbox
and
get
into
the
I.
A
Don't
know
the
the
host
scripts
context,
so
that
would
be
you
know
it
would
have
access
to
the
host
scripts,
Global's
and
what-have-you,
and
so
it
seems
that
this
is
intended
to
to
to
be
an
actual
sandbox,
but
but
it,
but
it's
just
it's
perhaps
simply
limited
by
what
JavaScript
can
do
I,
don't
know
I
mean
it
sounds
like
it
wants
to
be
something
like
a
shadow
DOM
or
you
can't.
You
can't
get
out
of
it,
but
it's.
B
Throw
an
exception:
you
can
throw
an
error
from
another
context
and
catch
it
in
the
parent
context,
even
if
they
have
different
global
objects,
but
that
in
there
becomes
the
problem,
because
you
can
never
do
instance
of
to
find
out
if
it
was
a
type
error,
arranger
or
whatever
I.
Try
to
explain
that
the
other.
A
D
A
A
D
Hi
I'd,
like
I,
would
suggest
if
this
is
something
you're
really
interested
in
isolation.
Taking
a
quick
look
at
the
the
thread
PR,
it
did
land
I,
just
I.
Have
this
gut
feeling
that
it's
and
I
could
be
wrong,
that
it's
got
more
isolation
by
default
because,
like
they're
not
sharing
heaps,
the
the
objects,
I
believe
are
pretty
much
serialized
as
they're
passed
to
the
thread.
It
certainly
wouldn't
giving
give
sandboxing
to
the
file
system
or
anything
like
that,
though,
right
right.
D
D
D
Think
the
one
thing
like
it
sounds
like
the
tangible
next
step
for
this
group
to
work
on
is
you
know,
maybe
the
the
rim
RAF
and
the
make
dere
P
putting
together
the
you
know,
whatever
evidence
we
have,
that
shows
lots
of
people
think
it
should
be
in
and
that
other
languages
support
it
and
then
it's
sort
of
like
raise
an
issue.
Saying
hey
you
know,
should
we
include
this
and
see
if
there's
opposition
right
and
then,
if
not
move
forward
to,
like
you
know,
try
and
put
together
PR
is
that
kind
of
stuff.
So.
A
Yeah
definitely
and
I
think
I
would
like
to
kind
of
I.
Don't
know,
maybe
do
do
a
little
bit
actually
looks
just
yeah.
Let's
focus
on
what
you
you
said
to
start
I
would
like
to
go
and
figure
out.
What's
the
what's
the
story
behind
graceful
FS,
what's
the
story
behind
cross
bond
and
another
thing
here
in
the
chat
that
that
gets
talked
about
is
you
know,
VM
the
VM
module
is
never
intended
to
be
a
security
mechanism
right,
but
per
the
language
of
the
documentation.
A
A
Okay,
so
as
far
as
next
steps,
I
think
that
the
the
the
very
first
thing
that
that
I'd
like
to
do
is
kind
of
you
know
formalize
what
we
intend
to
do
in
in
a
doc.
I
think
that
was
requested
at
some
point
kind
of
a
living
document
and
and
sent
a
PR
for
that,
and
it
will
exist
in
the
user
feedback
repo
as
a
markdown
file.
And
then
we
can
take
some
actions.
Start
the
discussion
in
the
in
core
about
make
derp
and
or
rim
raff
and
can
I
take
it
from
there
right.