Built-in lock file for subcommand std modules #3427
Assignees
Comments
|
@nayeemrmn I agree. I would actually prefer we were able to include that source code in the binary - but there's the problem that prettier is quite big and would increase the executable size. I think your solution of having checksums at compile time is a good intermediate step. |
|
Oooh... I like this idea! 👍 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We obviously need SRI for the std modules used for some subcommands.
It won't suffice to just re-enable the lock flags for these subcommands and push this responsibility to users. The URLs (and the assumption of what they contain) are fixed at build time and masked from users. It only makes sense that the checksums should be built-in beside them and checked implicitly, IMO.
Related: #200.
The text was updated successfully, but these errors were encountered: