support node --disable-proto #3501
Description
- Rollup Version: 2.4 - 2.6.1
- Operating System (or Browser): Linux 5.6
- Node Version (if applicable): 13.13
- Link to reproduction (IMPORTANT, read below): see below
- start a node repl with the
--disable-protoflag:node --disable-proto=throw - run the following:
require('rollup').rollup({ /* options... */ })
Expected Behavior
rollup runs correctly with no proto access error.
Actual Behavior
node crashes with the following error:
Error: Accessing Object.prototype.proto has been disallowed with --disable-proto=throw
Description
Hi, in rollup 2.4.0 acorn-private-class-elements was added as a transitive dependency: v2.3.5...v2.4.0. That package uses the proto property, but node recently added a --disable-proto option to disable its use due to security issues: nodejs/node#32279. Similarly, deno also recently removed support for proto: denoland/deno#4341.
I opened an issue with acorn-private-class-elements: acornjs/acorn-private-class-elements#13. I am opening an issue here as well because I saw that rollup is currently using forks of a couple acorn packages from @guybedford. Do you suggest waiting for the change to be made in acorn-private-class-elements or adding another fork?