lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

David Manura wrote:
> Matt Campbell writes:
>> Why does one have to pass package.seeall to module() to give a module
>> implicit access to the global table?
> package.seeall is not required to access the global table, nor even
> to access it implicitly, and I recommend not using package.seeall,
> but it is one way of doing so for reasons described in Chapter 15
> "Modules and Packages" in "Programming in Lua, 2nd Ed" (an except of
> Chapter 15 is online: ).   
>> Is use of package.seeall
>> discouraged?  Or was this done to simplify the implementation?
> Here's one opinion on the subject:

The 'module', 'package.seeall', and to some extent the 'require'
functions are not sandbox-ready in their default implementation. But the
default global table of the Lua interpreter is not sandbox-ready either.
You have to replace environments to make sandboxes, so you can also
replace module, package.seeall and require to suit your needs (these
functions are very simple, they can be implemented in pure Lua, and
there is little chance that they are a performance bottleneck of any

Why 'module' is important, is that if all your third-party modules are
calling the 'module' functions, you can easily replace the default
"unsafe" module system with a safer (less easy to use) one. On the other
hand if every module writer use its own protection mechanism (as good as
it is), the final application writer cannot automatically and globally
override inter-module cooperation behaviour.