Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚀 Feature: Require user confirmation or a --yes flag to run npx #100

Open
2 tasks done
JoshuaKGoldberg opened this issue Jan 1, 2025 · 0 comments
Open
2 tasks done

🚀 Feature: Require user confirmation or a --yes flag to run npx #100

JoshuaKGoldberg opened this issue Jan 1, 2025 · 0 comments
Assignees
@JoshuaKGoldberg
Labels
status: accepting prs Please, send a pull request to resolve this! 🙏 type: feature New enhancement or request
Milestone
Blocks Launch

Comments

@JoshuaKGoldberg
Copy link
Owner

JoshuaKGoldberg commented Jan 1, 2025
edited
Loading

Bug Report Checklist

Overview

The create CLI allows installing and running arbitrary packages: npx create some-arbitrary-package. Similar to npx itself, users should be asked to confirm -either explicitly or with a --yes flag- that they want to install something if it's a new package for them.

Additional Info

I keep forgetting to file this, but it's an important security concern.

💖
@JoshuaKGoldberg JoshuaKGoldberg added type: feature New enhancement or request status: accepting prs Please, send a pull request to resolve this! 🙏 labels Jan 1, 2025
@JoshuaKGoldberg JoshuaKGoldberg added this to the Blocks Launch milestone Jan 1, 2025
@JoshuaKGoldberg JoshuaKGoldberg self-assigned this Jan 1, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JoshuaKGoldberg JoshuaKGoldberg

Labels
status: accepting prs Please, send a pull request to resolve this! 🙏 type: feature New enhancement or request
Projects
None yet
Milestone
Blocks Launch
Development

No branches or pull requests
1 participant
@JoshuaKGoldberg