Ability to allow any application to be easily extensible by installing and running any node package at runtime #57074
Comments
Ingenu1ty
added
the
feature request
github-project-automation
bot
moved this to Awaiting Triage
in Node.js feature requests
|
IMO: this function will never appear, as it requires node to be a package manager, which it is not at all. I think this is a very bad idea |
Ok. Thanks for your honest opinion. Would this FR have any chance if I posted it in the npm github? Or do you think it's a bad idea anyway? |
|
npx already exists. |
But npx can't run packages in runtime... import {PluginManager} from "live-plugin-manager";
const manager = new PluginManager();
async function run() {
await manager.install("express");
const express = manager.require("express");
const app = express();
app.get("/", function(req: any, res: any) {
res.send("Hello World!");
});
const server = app.listen(3000, function() {
});
}
run();Where each package can run in an semi isolated environment (VM sandbox) and ability to set different environment variables for each package... |
|
ah, i wasn’t familiar with live-plugin-manager. I don’t think modifying an application while it’s running is a safe or wise idea, and I don’t think it should be endorsed by adding native functionality for it anywhere. |
You're right, it's definitely not safe and probably not very wise(in general) either :) But imagine the following scenario: You are building a CMS and want to give your users the ability to install plugins(from the CMS UI). I assume that the CMS admin will understand the potential risks of running plugins. But regular users just won't have such rights. So, safety risks can be reduced... If still think it's bad to run packages in runtime, then... Can you suggest a saner approach for this scenario? |
|
In the absence of a good sandboxing mechanism, and using Wordpress as a pretty clear example, I would question that desire itself. |
What is the problem this feature will solve?
Ability to make any application to be easily extensible by installing and running any node package at runtime, without deployments or server customization and allow app users to decide what plugin/extension to install.
What is the feature you are proposing to solve the problem?
Basically, I propose to implement natively the functionality that is provided by the live-plugin-manager. The problem here is that this has certain limitations and not enough support. So I think it would be great to implement this functionality natively in nodejs.
What alternatives have you considered?
live-plugin-manager
The text was updated successfully, but these errors were encountered: