fix: ban cjs and cts file extensions

api/src/analysis.rs

@@ -186,6 +186,7 @@ async fn analyze_package_inner(
       .analyzer
       .get_parsed_source(module.specifier())
     {
+      check_for_banned_extensions(&parsed_source)?;
       check_for_banned_syntax(&parsed_source)?;
       check_for_banned_triple_slash_directives(&parsed_source)?;
     }
@@ -802,6 +803,19 @@ fn collect_dependencies(
   Ok(dependencies)
 }
 
+fn check_for_banned_extensions(
+  parsed_source: &ParsedSource,
+) -> Result<(), PublishError> {
+  match parsed_source.media_type() {
+    deno_ast::MediaType::Cjs | deno_ast::MediaType::Cts => {
+      return Err(PublishError::BannedCommonJsExtension {
+        specifier: parsed_source.specifier().to_string(),
+      });
+    }
+    _ => Ok(()),
+  }
+}
+
 fn check_for_banned_syntax(
   parsed_source: &ParsedSource,
 ) -> Result<(), PublishError> {
@@ -957,8 +971,15 @@ fn check_for_banned_triple_slash_directives(
 #[cfg(test)]
 mod tests {
   fn parse(source: &str) -> deno_ast::ParsedSource {
-    let specifier = deno_ast::ModuleSpecifier::parse("file:///mod.ts").unwrap();
     let media_type = deno_ast::MediaType::TypeScript;
+    parse_with_media_type(source, media_type)
+  }
+
+  fn parse_with_media_type(
+    source: &str,
+    media_type: deno_ast::MediaType,
+  ) -> deno_ast::ParsedSource {
+    let specifier = deno_ast::ModuleSpecifier::parse("file:///mod.ts").unwrap();
     deno_ast::parse_module(deno_ast::ParseParams {
       specifier,
       text: source.into(),
@@ -970,6 +991,27 @@ mod tests {
     .unwrap()
   }
 
+  #[test]
+  fn banned_extensions() {
+    let x =
+      parse_with_media_type("let x = 1;", deno_ast::MediaType::TypeScript);
+    assert!(super::check_for_banned_extensions(&x).is_ok());
+
+    let x = parse_with_media_type("let x = 1;", deno_ast::MediaType::Cjs);
+    let err = super::check_for_banned_extensions(&x).unwrap_err();
+    assert!(
+      matches!(err, super::PublishError::BannedCommonJsExtension { .. }),
+      "{err:?}",
+    );
+
+    let x = parse_with_media_type("let x = 1;", deno_ast::MediaType::Cts);
+    let err = super::check_for_banned_extensions(&x).unwrap_err();
+    assert!(
+      matches!(err, super::PublishError::BannedCommonJsExtension { .. }),
+      "{err:?}",
+    );
+  }
+
   #[test]
   fn banned_triple_slash_directives() {
     let x = parse("let x = 1;");

api/src/gcp.rs

@@ -573,12 +573,18 @@ impl FakeGcsTester {
 
     assert!(self.proc.is_none());
 
-    #[cfg(target_os = "macos")]
+    #[cfg(all(target_os = "macos", target_arch = "aarch64"))]
     let p = concat!(
       env!("CARGO_MANIFEST_DIR"),
       "/../tools/bin/darwin-arm64/fake-gcs-server"
     );
 
+    #[cfg(all(target_os = "macos", target_arch = "x86_64"))]
+    let p = concat!(
+      env!("CARGO_MANIFEST_DIR"),
+      "/../tools/bin/darwin-amd64/fake-gcs-server"
+    );
+
     #[cfg(target_os = "linux")]
     let p = concat!(
       env!("CARGO_MANIFEST_DIR"),

api/src/publish.rs

@@ -1308,6 +1308,16 @@ pub mod tests {
     assert_eq!(task.status, PublishingTaskStatus::Success, "{task:#?}");
   }
 
+  #[tokio::test]
+  async fn cjs_import() {
+    let t = TestSetup::new().await;
+    let bytes = create_mock_tarball("cjs_import");
+    let task = process_tarball_setup(&t, bytes).await;
+    assert_eq!(task.status, PublishingTaskStatus::Failure, "{task:#?}");
+    let error = task.error.unwrap();
+    assert_eq!(error.code, "bannedCommonJsExtension");
+  }
+
   #[tokio::test]
   async fn npm_tarball() {
     let t = TestSetup::new().await;

api/src/tarball.rs

@@ -158,6 +158,12 @@ pub async fn process_tarball(
       });
     }
 
+    if path.ends_with(".cjs") | path.ends_with(".cts") {
+      return Err(PublishError::BannedCommonJsExtension {
+        specifier: path.to_string(),
+      });
+    }
+
     let size = header.size().map_err(PublishError::UntarError)?;
     if size > max_file_size {
       return Err(PublishError::FileTooLarge {
@@ -517,6 +523,9 @@ pub enum PublishError {
     column: usize,
   },
 
+  #[error("CommonJS is not allowed {specifier}")]
+  BannedCommonJsExtension { specifier: String },
+
   #[error("triple slash directives that modify globals (for example, '/// <reference no-default-lib=\"true\" />' or '/// <reference lib=\"dom\" />') are not allowed. Instead instruct the user of your package to specify these directives. {specifier}:{line}:{column}")]
   BannedTripleSlashDirectives {
     specifier: String,
@@ -636,6 +645,9 @@ impl PublishError {
         Some("globalTypeAugmentation")
       }
       PublishError::CommonJs { .. } => Some("commonJs"),
+      PublishError::BannedCommonJsExtension { .. } => {
+        Some("bannedCommonJsExtension")
+      }
       PublishError::BannedTripleSlashDirectives { .. } => {
         Some("bannedTripleSlashDirectives")
       }

api/testdata/tarballs/cjs_import/jsr.json

@@ -0,0 +1,5 @@
+{
+  "name": "@scope/foo",
+  "version": "1.2.3",
+  "exports": "./mod.ts"
+}

api/testdata/tarballs/cjs_import/mod.ts

@@ -0,0 +1,3 @@
+import { test } from "./other.cjs"; // bad
+
+export const hello = `Hello, ${test}!`;

api/testdata/tarballs/cjs_import/other.cjs

@@ -0,0 +1 @@
+exports.test = "test";