--verify to validate package.json against the blacklist #535
Comments
|
Oh, I could definitively use this! @contra @sindresorhus are you guys actively working on this one? If not I could help a bit. I guess the black-list (https://github.com/gulpjs/plugins/blob/master/src/blackList.json) should be published to a separate npm package (and moved to a separate repo), as to make it usable both from the web site and the CLI. |
|
I think baking the blackList into the cli would be a mistake as you'd only get the blackList as of the last time you updated gulp. I'd prefer it did a web request to grab the blacklist as the results would be fresher. |
|
@robrich I was more thinking of having the black-list as a separate npm module which gulp could depend on as a peer-dependency with * or something permissive like this. But yeh, with this you would get the black-list from the last time of running Shooting a request is another option, whatever you guys prefer. But yeh, would be cool to have some kind of more automated verification system as of today I'm checking the black-list "by hand" and instead of scripting this I would prefer to contribute here. |
|
this would be easy to implement, but i think we should add a mechanism for keeping the blacklist up to date where we don't need to bump package versions. maybe just a request for the file when it is run. |
|
@phated @robrich I'm totally fine with shooting a HTTP request when gulp is run with the --verify option. Can we assume that the http:https://gulpjs.com/plugins/blackList.json URL will be accessible / not-changed and that we can use it for the purpose of the --verify option? Or should we have another, dedicated URL? |
|
@pkozlowski-opensource I think that should be a fine url to use, if the location of the actual file changes, we can just redirect it from there. |
|
It would be handy to check the blacklist status directly without adding things to package.json: |
|
@phated Think you can work this into the new CLI module? |
|
This was already added in 4 by @pkozlowski-opensource and then I cleaned it up a bit. |
No description provided.
The text was updated successfully, but these errors were encountered: