Over the past couple of weeks, I came across multiple blogs and YouTube videos about the v2.0 release of Deno - a JavaScript, TypeScript, and WebAssembly runtime built with Rust and designed to offer secure defaults for developers. Since I was searching for an issue to create my second PR in Hacktoberfest, I decided contributed to this trending repository. My pull request focused on the compatibility layer of Deno, which was enhanced with the recent release to better support Node.js and npm. The specific task in my PR involved replacing built-in global proxy functions with primordials in the Node compatibility layer.
Deno
(/ˈdiːnoʊ/, pronounced
dee-no) is a JavaScript, TypeScript, and WebAssembly runtime with secure
defaults and a great developer experience. It's built on V8Rust, and Tokio.
Install the Deno runtime on your system using one of the commands below. Note
that there are a number of ways to install Deno - a comprehensive list of
installation options can be found
here.
Given that Deno is a large and complex project with multiple languages and layers of functionality, setting up the environment was a critical first step. The setup process required installing Rust and configuring Cargo, along with other necessary dependencies for local development. Following the contribution guidelines, I reviewed both the project documentation and setup instructions. This part took some time but was essential for navigating the project’s structure and development process smoothly.
Working on the Issue
The issue I tackled was part of a larger effort to increase code reliability and security in Deno’s Node compatibility layer - Issue #24236. As per the documentation, Primordials are frozen intrinsic objects in Deno, used to safeguard against prototype pollution by replacing direct references to global objects with safe alternatives. In my case, I worked on updating randomInt.ts - a file responsible for the randomInt function’s implementation in the core.
My task was to replace certain global methods, like Number.isSafeInteger, with their primordial equivalents e.g., NumberIsSafeInteger. To ensure accuracy, I first researched the correct primordials for each global method. This led me to explore both the Node and Deno documentation to confirm the use of primordials and understand their role in reducing security risks in Deno’s core.
As always I created a new branch for this pull request and made the necessary changes to the randomInt.ts file, while reviewing similar accepted pull requests to align with best practices. I followed Deno’s style guidelines for linting and formatting, but I was not able to run the lint script due to some issue with cargo. I decided to push the code changes after testing locally and to review the linting errors(if any) generated by the CI workflow on GitHub. I submitted my PR, following the guidelines for new pull requests and eventually got a lint error. After changing the PR to draft and resolving the error locally, I pushed the new changes which passed all the tests and it was ready for review.
While waiting for review on my PR I noticed new commits were merged into main and my branch was out of sync. Out of boredom, I decided to merge the new main branch into my branch which interestingly made my PR fail most of the cases. After investigating the cause for a while I concluded it was because of the new changes still under CI/CD workflows runs. Since I had the previous branch locally I forced pushed to origin in order to revert the merge and decided to leave merging for reviewers. The PR was reviewed and accepted after several hours and this time it did not fail any tests during merge.
Conclusion
This PR allowed me to explore Rust alongside JavaScript in a large, open-source project being used by numerous users. Though it involved minimal code changes, contributing to a project as substantial as Deno was a valuable experience, helping me understand how small adjustments can enhance overall system stability and security.
Mayank Kumar
