Skip to content

feat: add stable --unsafe-proto flag#34738

Open
bartlomieju wants to merge 6 commits into
mainfrom
feat/unsafe-proto-flag
Open

feat: add stable --unsafe-proto flag#34738
bartlomieju wants to merge 6 commits into
mainfrom
feat/unsafe-proto-flag

Conversation

@bartlomieju

@bartlomieju bartlomieju commented Jun 2, 2026
edited
Loading

Copy link
Copy Markdown
Member

Adds a --unsafe-proto flag as a stable shorthand for
--unstable-unsafe-proto. Both restore the native
Object.prototype.__proto__ accessor (which Deno otherwise disables),
but --unsafe-proto is spelled as an ordinary flag rather than an
unstable one.

@bartlomieju
fix(runtime): throw a descriptive error for disabled __proto__ accessor
21576dc 
Deno disables the Object.prototype.__proto__ accessor by default for
security reasons. Previously this was done by deleting the property,
which made __proto__ reads silently return undefined and writes silently
create a useless own property. These silent failures are hard to debug.

Instead, replace the accessor with one that throws a descriptive
TypeError (similar to Node's --disable-proto=throw). The security
property is preserved and the __proto__ object-literal syntax keeps
working. --unstable-unsafe-proto still restores the native accessor.
@bartlomieju
use ObjectPrototype primordial instead of Object.prototype
3d7e33a
@bartlomieju
detect disabled __proto__ via throw in unsafe-proto-bin fixture
c2b6dd3 
Object.hasOwn no longer distinguishes the disabled state now that the
accessor is replaced (and throws) rather than deleted.
@bartlomieju
feat(cli): add stable --unsafe-proto flag
7ffdf1d 
Adds --unsafe-proto as a stable alias for --unstable-unsafe-proto,
mirroring how --sloppy-imports aliases --unstable-sloppy-imports. It
enables the same behavior (restoring the native Object.prototype.__proto__
accessor) without being spelled as an unstable flag.
Base automatically changed from fix/disable-proto-throw to main June 2, 2026 19:05
@bartlomieju bartlomieju changed the title feat(cli): add stable --unsafe-proto flag feat: add stable --unsafe-proto flag Jun 2, 2026
@Hajime-san

Hajime-san commented Jun 3, 2026

Copy link
Copy Markdown
Contributor

deno/runtime/js/99_main.js

Lines 734 to 737 in 7aceb22

throw new TypeError(
'The "Object.prototype.__proto__" accessor is disabled. Use ' +
"Object.getPrototypeOf()/Object.setPrototypeOf() instead, or run with " +
"--unstable-unsafe-proto to restore it.",

I think it's one of their best decisions that Deno disables accessor to __proto__. It might be better to advise against using it in long-running production while the error message suggests it's a valid temporary solution.

@bartlomieju

bartlomieju commented Jun 3, 2026

Copy link
Copy Markdown
Member Author

I think it's one of their best decisions that Deno disables accessor to proto

And I don't agree. The amount of stupid bugs this causes in many popular npm packages just doesn't justify disabling it.

@bartlomieju bartlomieju added this to the 2.9.0 milestone Jun 3, 2026
@bartlomieju

bartlomieju commented Jun 13, 2026

Copy link
Copy Markdown
Member Author

Opened #35192 that will complement this PR and should make it more obvious for consumers of packages that need __proto__.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

2.9.0

Development

Successfully merging this pull request may close these issues.

2 participants

@bartlomieju @Hajime-san