Skip to content

[Code scan] Make the build hook fail when Yarn commands fail #558

Description

@njzjz

This issue was found during a Codex global code scan of the repository.

Baseline commit: e3c5b38

Problem

The custom Hatch build hook invokes Yarn through subprocess.call(), but it never checks the return code.

Code references:

dpgui/hatch_build.py

Lines 13 to 15 in e3c5b38

def node_call(args, **kwargs):
"""Call node with subprocess."""
return subprocess.call(["node", *args], **kwargs)

dpgui/hatch_build.py

Lines 30 to 48 in e3c5b38

node_call([yarn_path], cwd=project_dir)
node_call(
[yarn_path, "build"],
cwd=project_dir,
env={
**os.environ,
"BASE_URL": "/",
"VUE_APP_DPGUI_PYTHON": "1",
"UV_USE_IO_URING": "0",
},
)
bundle_html_path = project_dir / "dist"
if not bundle_html_path.exists():
raise RuntimeError("Failed to build the project with Yarn, please retry.")
rmtree(project_dir / "dpgui" / "dist", ignore_errors=True)
copytree(bundle_html_path, project_dir / "dpgui" / "dist")

Relevant snippet:

def node_call(args, **kwargs):
    """Call node with subprocess."""
    return subprocess.call(["node", *args], **kwargs)

Impact

A failed yarn install or yarn build can continue until only dist existence is checked. If dist already exists from a previous build, packaging can copy stale frontend assets into dpgui/dist.

Suggested fix

Use subprocess.check_call() or explicitly raise on nonzero return codes. It would also be safer to clean the root dist before running the frontend build.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    Status
    Todo

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions