this post was submitted on 16 Aug 2024
22 points (100.0% liked)

VS Code

802 readers
1 users here now

founded 1 year ago
MODERATORS
 

Do you know the .vscode/tasks.json file? You can add it to your project, and @vscode will run your configured commands automatically when you open the project ✨

I use this for the Inertia Table so it starts the web server and Vite without me having to open terminals for them 👌

#Laravel #PHP #JS #coding

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 13 points 3 months ago (6 children)

Hm, yeah ok, should really be careful with that "I trust the developers of this repo" button (or whatever it says)

[–] Lodra 5 points 3 months ago* (last edited 3 months ago) (5 children)

100%

I know a guy that considers git pre-commit hooks a form of code injection and thus a security risk. So he disables them on repos he works with. And to be fair, it’s absolutely a viable vector for attacking developer machines. I think a tasks.json fits into that exact same bucket.

These kinds of automations are suuuper useful and I do like to use them. But also review a code base before cloning!

[–] kogasa 1 points 3 months ago (2 children)

Pre-commit hooks aren't committed to the repo though. What's to disable? Unless it's something like python's precommit module I guess

[–] Lodra 1 points 3 months ago (1 children)

The configuration is often committed to the repo. And some repos heavily rely on the precommit actions running before you can push or have pipelines function correctly

[–] kogasa 1 points 3 months ago

You'd still need to manually install the git hooks though, the .git folder isn't part of the repo

load more comments (2 replies)
load more comments (2 replies)