extension_host: Add npm:install capability (#35144)

This PR adds a new `npm:install` capability for installing npm packges in extensions. Currently all npm packages are allowed. Release Notes: - N/A
2025-07-26 18:40:02 -04:00 · 2025-07-26 18:40:02 -04:00 · 89e88c245e
commit 89e88c245e
parent 2a0170dc3c
5 changed files with 69 additions and 2 deletions
--- a/crates/extension_host/src/capability_granter.rs
+++ b/crates/extension_host/src/capability_granter.rs
@ -63,6 +63,24 @@ impl CapabilityGranter {

        Ok(())
    }
+
+    pub fn grant_npm_install_package(&self, package_name: &str) -> Result<()> {
+        let is_allowed = self
+            .granted_capabilities
+            .iter()
+            .any(|capability| match capability {
+                ExtensionCapability::NpmInstallPackage(capability) => {
+                    capability.allows(package_name)
+                }
+                _ => false,
+            });
+
+        if !is_allowed {
+            bail!("capability for npm:install {package_name} is not granted by the extension host",);
+        }
+
+        Ok(())
+    }
 }

 #[cfg(test)]
--- a/crates/extension_host/src/wasm_host.rs
+++ b/crates/extension_host/src/wasm_host.rs
@ -8,8 +8,8 @@ use dap::{DebugRequest, StartDebuggingRequestArgumentsRequest};
 use extension::{
    CodeLabel, Command, Completion, ContextServerConfiguration, DebugAdapterBinary,
    DebugTaskDefinition, DownloadFileCapability, ExtensionCapability, ExtensionHostProxy,
-    KeyValueStoreDelegate, ProcessExecCapability, ProjectDelegate, SlashCommand,
-    SlashCommandArgumentCompletion, SlashCommandOutput, Symbol, WorktreeDelegate,
+    KeyValueStoreDelegate, NpmInstallPackageCapability, ProcessExecCapability, ProjectDelegate,
+    SlashCommand, SlashCommandArgumentCompletion, SlashCommandOutput, Symbol, WorktreeDelegate,
 };
 use fs::{Fs, normalize_path};
 use futures::future::LocalBoxFuture;
@ -585,6 +585,9 @@ impl WasmHost {
                    host: "*".to_string(),
                    path: vec!["**".to_string()],
                }),
+                ExtensionCapability::NpmInstallPackage(NpmInstallPackageCapability {
+                    package: "*".to_string(),
+                }),
            ],
            _main_thread_message_task: task,
            main_thread_message_tx: tx,
--- a/crates/extension_host/src/wasm_host/wit/since_v0_6_0.rs
+++ b/crates/extension_host/src/wasm_host/wit/since_v0_6_0.rs
@ -745,6 +745,9 @@ impl nodejs::Host for WasmState {
        package_name: String,
        version: String,
    ) -> wasmtime::Result<Result<(), String>> {
+        self.capability_granter
+            .grant_npm_install_package(&package_name)?;
+
        self.host
            .node_runtime
            .npm_install_packages(&self.work_dir(), &[(&package_name, &version)])