Skip to content

[bug] moon plugin download uses invalid tests to decide if plugin can be downloaded #2257

New issue
New issue
Open
Open
[bug] moon plugin download uses invalid tests to decide if plugin can be downloaded#2257
Assignees
milesj
Labels
bugSomething isn't working
@jacques-n

Description

@jacques-n
jacques-n
opened on Dec 13, 2025

Describe the bug

We run moon inside a sandbox container that has limited access to the outside world. It can access GitHub, where plugins are hosted. However, moon decides that it can't get to these URLs because it thinks it is offline. It looks like the reason is it tries to hit (or DNS resolve) hardcoded DNS server locations.

We have a limited allowlist of IPs and hosts that can be hit for security reasons. Moon is wrongly concluding it is offline because it can't interact with some arbitrary locations it shouldn't need to access.

Log snippet:

warpgate::loader  Loading plugin typescript  id="typescript" locator="https://github.com/moonrepo/plugins/releases/download/typescript_toolchain-v0.3.0/typescript_toolchain.wasm"
warpgate::protocols::http  Downloading plugin from URL  id="typescript" from="https://github.com/moonrepo/plugins/releases/download/typescript_toolchain-v0.3.0/typescript_toolchain.wasm"
warpgate::loader  Plugin not cached, acquiring  id="typescript"
starbase_utils::net  Checking for an internet connection  timeout=750
starbase_utils::net::offline  Resolving 1.1.1.1:53
starbase_utils::net::offline  Resolving 1.0.0.1:53
starbase_utils::net::offline  Resolving 8.8.8.8:53
starbase_utils::net::offline  Resolving 8.8.4.4:53
starbase_utils::net::offline  Resolving [a2e:125c:125c::457]:53
starbase_utils::net::offline  Resolving [a2e:125c:125c::3e9]:53
starbase_utils::net::offline  Resolving [7d1:12fc:12fc::22b8]:53
starbase_utils::net::offline  Resolving [7d1:12fc:12fc::228c]:53
starbase_utils::net  Offline!!!
  ...
  Error: plugin::offline

    × Unable to download plugin. An internet connection is required to request
    │ https://github.com/moonrepo/plugins/releases/download/
    │ typescript_toolchain-v0.3.0/typescript_toolchain.wasm.

Steps to reproduce

  1. Run moon on a host that only allows DNS resolution and IP access to Github
  2. Try to have moon download a plugin
  3. See download failure.

Expected behavior

If moon can access the GitHub URL, plugin download should succeed.

Environment

moon 1.41.7

Additional context

We sandbox to keep ai coding agents from doing things they shouldn't. We can't open access to arbitrary DNS locations or IPs.

Metadata

Metadata

Assignees

Labels

bugSomething isn't working

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions