Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should Doulevo plugins execute code during commands like "doulevo create"? #19

Open
ashleydavis opened this issue May 24, 2021 · 1 comment
Open

Should Doulevo plugins execute code during commands like "doulevo create"? #19

ashleydavis opened this issue May 24, 2021 · 1 comment
Labels
Needs serious thought

Comments

@ashleydavis
Copy link
Member

It might possible to have richer plugin creation/configuration if we execute code from plugins. For example dynamically creating files a new project during the project creation process.

The problem is that executing code in a plugin presents a serious security problem!

We could possibly reduce the risk by only allowing code to be executed from official plugins.
@ashleydavis
Copy link
Member Author

I do think it's useful for plugins to run code.

For example the init command could make use of this to allow plugins to detect the project type.

However, only code from official plugins should be run automatically.

Code from non-official repos or local paths should check with the user first before running code. E.g. asking the user "do you trust this plugin?"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs serious thought
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ashleydavis