This issue was found during a Codex global code scan of the repository.
Baseline commit: e3c5b38
Problem
The custom Hatch build hook invokes Yarn through subprocess.call(), but it never checks the return code.
Code references:
|
def node_call(args, **kwargs): |
|
"""Call node with subprocess.""" |
|
return subprocess.call(["node", *args], **kwargs) |
|
node_call([yarn_path], cwd=project_dir) |
|
node_call( |
|
[yarn_path, "build"], |
|
cwd=project_dir, |
|
env={ |
|
**os.environ, |
|
"BASE_URL": "/", |
|
"VUE_APP_DPGUI_PYTHON": "1", |
|
"UV_USE_IO_URING": "0", |
|
}, |
|
) |
|
|
|
bundle_html_path = project_dir / "dist" |
|
|
|
if not bundle_html_path.exists(): |
|
raise RuntimeError("Failed to build the project with Yarn, please retry.") |
|
|
|
rmtree(project_dir / "dpgui" / "dist", ignore_errors=True) |
|
copytree(bundle_html_path, project_dir / "dpgui" / "dist") |
Relevant snippet:
def node_call(args, **kwargs):
"""Call node with subprocess."""
return subprocess.call(["node", *args], **kwargs)
Impact
A failed yarn install or yarn build can continue until only dist existence is checked. If dist already exists from a previous build, packaging can copy stale frontend assets into dpgui/dist.
Suggested fix
Use subprocess.check_call() or explicitly raise on nonzero return codes. It would also be safer to clean the root dist before running the frontend build.
This issue was found during a Codex global code scan of the repository.
Baseline commit: e3c5b38
Problem
The custom Hatch build hook invokes Yarn through
subprocess.call(), but it never checks the return code.Code references:
dpgui/hatch_build.py
Lines 13 to 15 in e3c5b38
dpgui/hatch_build.py
Lines 30 to 48 in e3c5b38
Relevant snippet:
Impact
A failed
yarn installoryarn buildcan continue until onlydistexistence is checked. Ifdistalready exists from a previous build, packaging can copy stale frontend assets intodpgui/dist.Suggested fix
Use
subprocess.check_call()or explicitly raise on nonzero return codes. It would also be safer to clean the rootdistbefore running the frontend build.