Comments (2)
Hmm, I'm not sure I'd feel very comfortable with an approach that requires looking up the directory hierarchy past the package root. That feels like a prime recipe for vulnerabilities. Dropping a config file in any parent directory that would be parsed and read by a library that is explicitly meant to execute scripts? 😬
A few other problems:
- How would scripty reference a script outside of its own package tree when that package is installed as a dep? (ie for postinstall scripts). The referenced relative directory wouldn't exist.
- How would scripty detect a config file that isn't even in the repo? There are VCS's other than git. There's also no way to know where the repo root is without invoking git itself. (consider git-worktree or customized working directory paths)
- What about packages that are themselves submodules of another repo? Would scripty respect the scripty config of the parent repo? If so, then how would the child repo work when cloned in isolation? If not, how would scripty distinguish an "intentional" ancestor config file from an accidental one?
What seems to be the core issue is an attempt to have multiple packages share a common set of scripty scripts. I believe that feature is already covered with scripty's support for sharing scripts via npm package.
Slightly tangential (and perhaps not justification in its own right, but when taken together with the above concerns...): The fact that these multiple packages just happen to all be in the same git repository is rather incidental. That is, this configuration duplication is structural, not semantic, which does not lend itself to tight coupling.
Other maintainers may feel differently, but I'm not sure I'm convinced this feature would be a net benefit.
from scripty.
Dropping a config file in any parent directory that would be parsed and read by a library that is explicitly meant to execute scripts? 😬
That is a very good point, indeed :)
A few other problems: ...
I think these issues already exist when the scripts to be executed are located in parent folder - configure e.g. as ../scripts
Well, let me just wait if any other maintainer has some thoughts. If not, feel free to close this issue. I understand that the proposed feature might bring more problems when people start experimenting too much 😬
from scripty.
Related Issues (20)
- The scripty.path config is not work. HOT 2
- Bug while sharing scripts via node modules HOT 3
- Update dependency to remove vulnerability. HOT 2
- Scripts Path Not Read With Yarn 3
- PNPM Support HOT 3
- In MAC, may be unenforceable directory, how can do before running scripts, automatically run chmod + x scripts/path/to/my/script HOT 7
- scripty ERR! It seems you may be running scripty from the command-line directly HOT 1
- pnpm build error, unknown options: 'commitizen_path', 'scripty_path', 'scripty_windowsPath' #
- Scripts fail with Node.js v >=18 HOT 3
- Revive builtIn scripts resolver HOT 2
- Batch scripts skip directories HOT 1
- Sharable scripts via a npm package HOT 3
- Default to silent mode; allow verbose option HOT 1
- multiple script locations HOT 6
- Allow directly running using "scripty <target>" HOT 8
- npm proposal for proxying "npm run"
- Script name and content is always printed HOT 3
- Issue while running scripty on windows10 HOT 7
- Options won't work with npm >= 7 HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scripty.