-
Notifications
You must be signed in to change notification settings - Fork 52
Implement loading of local flow-bin #37
base: master
Are you sure you want to change the base?
Conversation
Thank you for your pull request and welcome to our community. We require contributors to sign our Contributor License Agreement, and we don't seem to have you on file. In order for us to review and merge your code, please sign up at https://code.facebook.com/cla - and if you have received this in error or have any questions, please drop us a line at [email protected]. Thanks! |
Thank you for signing our Contributor License Agreement. We can now accept your code for this (and any) Facebook open source project. Thanks! |
This is useful, could this be merged? |
probably a minor concern, but this could be a security risk. if you clone a malicious repo or a malicious npm package installs a binary called I think it's useful though. could this be turned on by a setting, so users have to opt into it? |
One could use |
There are far better attack vectors for malicious NPM package. Most systems (including my own) could be owned using a
The solution in this PR does have one big advantage. Installing Flow (project-) locally is best practice (for good reasons). This plugin as it stands encourages users to install it globally, which in most cases is the wrong choice.
I think creating a setting sounds like a good idea. But in my opinion it should be opt out. Edit: |
Will this be merged? |
@Kriegslustig I've tried your solution and is not working. I'm using Bundle, and vim 7.4.576 on Debian. I'm not a vim expert (neither as user nor developer) but if found replacing let s:npm_local_flowpath = finddir("node_modules", ".;") . "/.bin/flow" with let s:npm_local_flowpath = "./node_modules/.bin/flow" gets the job done If there is something I could help with, please tell me. |
@tugorez The issue with that solution is, that it will only work, if you're opening vim from from the project's root directory. Could you run this command in vim and post the output here?
Edit: |
Oh I get it /.bin/flow Thank you @Kriegslustig. |
And running |
@Kriegslustig I see your point and you're right. |
There's windows case which would be great to be handled. |
Is there something needed for this to be merged? |
What is the problem w/ this PR? Let's merge. |
plugin/flow.vim
Outdated
@@ -24,7 +24,13 @@ if !exists("g:flow#qfsize") | |||
let g:flow#qfsize = 1 | |||
endif | |||
if !exists("g:flow#flowpath") | |||
let g:flow#flowpath = "flow" | |||
" Search for a local version of flow | |||
let s:npm_local_flowpath = finddir("node_modules", ".;") . "/.bin/flow" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think, we need to detect flowpath for every .js file, not only at startup.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah good point. Though it'll hurt performance. I implemented it as you suggested.
fb9778d
to
a487fa6
Compare
Good job, thanks! |
@Kriegslustig I understand, that this PR is ancient time-wise. But could you shortly elaborate on why the function is named "SaveGetFlowExecutable?" Is it, because it tries to find one in a specific manner and if it cannot find one, it returns with a warning? Shouldn't it then be "SafeGetFlowExecutable?" Also wouldn't make "s:local_flowpath" more sense, then "s:npm_local_flowpath," as the package manager has nothing to do with the path itself? I am not trying to diss your PR, I am trying to understand it, because I'd like to merge it into my own personal fork. Edit: I have some further amendmends if you're interested. If not, just let me know, then I'll take of it myself. 😄 ✌️ |
Fixes #24. This PR implements a check for a local version of
flow-bin
and uses that instead of the global one when found.More specifically, it plimbs up the directory tree from the current working directory, checking there's a
node_modules
directory. If one is found it checks if[...]/node_modules/.bin/flow
is a readable file. If that's the case, it setsg:flow#flowpath
to that path. Otherwise it will still be set toflow
.