“Should I pipe it?”

So, fellow developers, you know how we’re all told not to pipe installation scripts into our shells and yet we all do it anyway? I just rolled a little something that might help with that…

Here’s an example of the nvm install script, verified by yours truly:

should-i-pipe.it/https://raw.g

What do you think?

Anyone with a GitHub account can help verify installation scripts (would be good to have two more for nvm).

Instructions: github.com/small-tech/should-i

Thoughts? :)

Follow

@aral it’s reallly cool. I always thought something like a sandbox a script could run in, and report all the changes a script actually does. wouldn’t replace human verifiers, and a report would be just as easy to hide malicious trickery in as a script. something satisfying about the idea of a “dry run” though. maybe a script like nvm mucks up my path in ways i don’t want and i’d like to know about it.

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!