Skip to content

fix(node-client-sdk): better handling for bad filesystem states#1799

Open
joker23 wants to merge 1 commit into
mainfrom
skz/SDK-2661/electron-sdk-next-node-storage-self-heal
Open

fix(node-client-sdk): better handling for bad filesystem states#1799
joker23 wants to merge 1 commit into
mainfrom
skz/SDK-2661/electron-sdk-next-node-storage-self-heal

Conversation

@joker23

@joker23 joker23 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor
  • make sdk refuse to load persistent cache from symlinks (as a security measure)
  • fallsback to inmemory store if filesystem loading fails (instead of throwing)
  • additionally, exposing ConnectionMode type for downstream reference

Note

Medium Risk
Changes filesystem trust boundaries and persistence behavior for the local flag cache; misconfigured hosts may silently lose cross-restart persistence, but runtime flag access should remain available.

Overview
Hardens NodeStorage local flag cache initialization so unsafe or broken filesystem layouts no longer redirect reads/writes or leave the SDK unusable.

If the storage directory is a symlink, the cache file is not a regular file, or init otherwise fails (including when fixing a malformed cache cannot be written), persistence is disabled and the SDK warns once and keeps serving flags from an in-memory map. get/set/clear no longer log errors on init failure; disk flushes are skipped when persistence is off. Symlinked ldcache.json paths are treated as malformed and discarded without loading symlink targets.

Also re-exports ConnectionMode from LDCommon for downstream typing. Tests were expanded for symlink, file-at-path, and fallback scenarios; platform tests expect the init-fallback warn instead of storage errors.

Reviewed by Cursor Bugbot for commit ced01fd. Bugbot is set up for automated code reviews on this repo. Configure here.

- refuse to load from symlinks
- fallsback to inmemory store if filesystem loading fails
- additionally, exposing `ConnectionMode` type for downstream reference
@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@launchdarkly/js-sdk-common size report
This is the brotli compressed size of the ESM build.
Compressed size: 26365 bytes
Compressed size limit: 29000
Uncompressed size: 129044 bytes

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@launchdarkly/js-client-sdk size report
This is the brotli compressed size of the ESM build.
Compressed size: 32027 bytes
Compressed size limit: 34000
Uncompressed size: 114248 bytes

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@launchdarkly/js-client-sdk-common size report
This is the brotli compressed size of the ESM build.
Compressed size: 38747 bytes
Compressed size limit: 39000
Uncompressed size: 212249 bytes

@github-actions

github-actions Bot commented Jul 8, 2026

Copy link
Copy Markdown
Contributor

@launchdarkly/browser size report
This is the brotli compressed size of the ESM build.
Compressed size: 179504 bytes
Compressed size limit: 200000
Uncompressed size: 831427 bytes

@joker23

joker23 commented Jul 8, 2026

Copy link
Copy Markdown
Contributor Author

@cursor review

@cursor cursor Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Bugbot reviewed your changes and found no new issues!

Comment @cursor review or bugbot run to trigger another review on this PR

Reviewed by Cursor Bugbot for commit ced01fd. Configure here.

@joker23
joker23 marked this pull request as ready for review July 8, 2026 18:48
@joker23
joker23 requested a review from a team as a code owner July 8, 2026 18:48

@devin-ai-integration devin-ai-integration Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

✅ Devin Review: No Issues Found

Devin Review analyzed this PR and found no bugs or issues to report.

Open in Devin Review

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant