Code Monkey home page Code Monkey logo

Comments (5)

kevmo314 avatar kevmo314 commented on July 20, 2024 2

For anyone else who runs across this issue, there's an injection bug you can use to install your own plugins:

      - name: Prettify code
        uses: creyD/[email protected]
        with:
          prettier_version: latest prettier-plugin-organize-imports typescript
          prettier_options: --write **/*.{ts,tsx,js,jsx,md}
          commit_message: "style: format with prettier"

So I suppose this is also a minor bug report for an injection bug on this line: https://github.com/creyD/prettier_action/blob/master/entrypoint.sh#L35

from prettier_action.

creyD avatar creyD commented on July 20, 2024

@stemount @infotexture I think you have a deeper understanding, why we opted for the official plugins only in #22 ? Was this a security issue or could we just open this up?

from prettier_action.

infotexture avatar infotexture commented on July 20, 2024

@creyD IIRC, in #25 (comment) @stemount was concerned about the security implications of allowing unknown code to be run/installed in addition to the official plug-ins.

I get this restriction and am fine with the limitation, but I understand that others that rely on third-party plug-ins need a way to install them with an action.

Not sure how to best reconcile those concerns, but if nothing else, this may be a case for forking the action and dropping the restriction from the fork.

from prettier_action.

suda avatar suda commented on July 20, 2024

That's what I did for now.

It is indeed tricky to solve. What if you'd have to explicitly pass something like allow_insecure_install: true parameter to clearly indicate that whatever goes in prettier_plugins will be passed straight to npm?

from prettier_action.

creyD avatar creyD commented on July 20, 2024

That's what I did for now.

It is indeed tricky to solve. What if you'd have to explicitly pass something like allow_insecure_install: true parameter to clearly indicate that whatever goes in prettier_plugins will be passed straight to npm?

Pretty good idea for the future. The in official plugins option will go live with version 4.0 as soon as the issues with #37 are resolved. Thanks a lot for your help all of you!

from prettier_action.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.