Do you know the .vscode/tasks.json file? You can add it to your project, and @vscode will run your configured commands automatically when you open the project ✨

I use this for the Inertia Table so it starts the web server and Vite without me having to open terminals for them 👌

#Laravel #PHP #JS #coding

  • LodraM
    link
    fedilink
    English
    arrow-up
    5
    ·
    edit-2
    2 months ago

    100%

    I know a guy that considers git pre-commit hooks a form of code injection and thus a security risk. So he disables them on repos he works with. And to be fair, it’s absolutely a viable vector for attacking developer machines. I think a tasks.json fits into that exact same bucket.

    These kinds of automations are suuuper useful and I do like to use them. But also review a code base before cloning!

    • expr
      link
      fedilink
      English
      arrow-up
      2
      ·
      2 months ago

      Yeah, it’s a little insane to me to automatically run code that exists in a file in the current directory, by default.

      Like there’s a reason that direnv requires you to execute direnv allow if you enter a directory with an .envrc that you hadn’t previously approved.

      I don’t know of any other editor that has this as standard behavior, and for good reason.

    • FizzyOrange
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      I mean… You’re probably going to run the code in the repo eventually anyway right? At least in the majority of cases. Tbh I don’t think it really changes the threat model significantly.

    • Kogasa
      link
      fedilink
      English
      arrow-up
      1
      ·
      2 months ago

      Pre-commit hooks aren’t committed to the repo though. What’s to disable? Unless it’s something like python’s precommit module I guess

      • LodraM
        link
        fedilink
        English
        arrow-up
        1
        ·
        2 months ago

        The configuration is often committed to the repo. And some repos heavily rely on the precommit actions running before you can push or have pipelines function correctly

        • Kogasa
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 months ago

          You’d still need to manually install the git hooks though, the .git folder isn’t part of the repo