-
Notifications
You must be signed in to change notification settings - Fork 30.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A more intuitive fs.mkdtemp() #6142
Comments
That's a limitation of libc's It's possible to implement it from scratch but then we miss out on platform-specific tweaks (which might be good for consistency but could be bad for security or interoperability.) |
ping @ralt |
I'm not sure if there's much more we should do other than improve the documentation to make this clearer. Providing a separate tmpdir argument would be inconsistent with the other @nodejs/documentation |
I am not aware of any other Better API ideas aside, I found the current behavior awkward as a library author. I am willing to put up with my paths being misunderstood by the |
Per: nodejs#6142 Clarify the prefix argument. Fixes: nodejs#6142
Per: #6142 Clarify the prefix argument. Fixes: #6142 PR-URL: #6800 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Roman Klauke <[email protected]>
Per: #6142 Clarify the prefix argument. Fixes: #6142 PR-URL: #6800 Reviewed-By: Ben Noordhuis <[email protected]> Reviewed-By: Roman Klauke <[email protected]>
5.10.1
Darwin 15.3.0
fs
I am happy that the Node team decided to implement
fs.mkdtemp()
- the security concerns around this behavior make me glad to see it in core.However, the API feels awkward to me because:
The randomness it provides is hard coded to 6 characters, which is just enough that it's probably fine, but not enough that I don't want to add more.
Using the
prefix
argument sounds like a good way to add random characters, but doing half the work is strange if you read code that actually does this. Additionally, if I'm going to implement my own name pattern, I don't really want to also have to keep in mind the one Node is using. For example, should I have to re-implement the entiremkdtemp
just to get valid UUIDv4 directory names? That is genuinely useful for unit tests and also for being able to easilymv
the temporary directory to a cache-proof URL on my server without "renaming" it ... lest I have to undo the suffix every time or teach my client code about it.Using
prefix
as a directory path is messy, What would you expect this code to do?If
os.tmpdir()
returns/tmp
for you, that will actually create a directory at the very root of your filesystem, rather than inside of/tmp
. And it will end up being named something liketmp-e0ew3m
. To "fix" this you have to usepath.join(os.tmpdir(), '/')
.I would like to propose making the API more intuitive and useful for its intended purpose: unique, convenient, secure creation of temporary directories.
cwd
argument, which is internallypath.join()
'd with the name. This is so that the name can be computed in isolation. And to prevent accidentally creating directories out in the open, where they won't actually be cleaned up.prefix
with (or just add) aname
option, which is used as-is when provided. Possibly increase the default randomness for the case where one is not provided. This makes it easy to opt-out of the pattern that Node happens to use currently, which is not exposed via any kind of constant (and I don't think that would provide much value, anyway).I think these changes are best done as a breaking change, mainly to make the API less surprising. But compatibility could probably be maintained by only enabling these semantics on the options object.
The text was updated successfully, but these errors were encountered: