Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🚀 Feature: Require user confirmation or a --yes flag to run npx #100

Closed
2 tasks done
JoshuaKGoldberg opened this issue Jan 1, 2025 · 0 comments · Fixed by #157
Closed
2 tasks done

🚀 Feature: Require user confirmation or a --yes flag to run npx #100

JoshuaKGoldberg opened this issue Jan 1, 2025 · 0 comments · Fixed by #157
Assignees
@JoshuaKGoldberg
Labels
status: accepting prs Please, send a pull request to resolve this! 🙏 type: feature New enhancement or request
Milestone
Blocks Launch

Comments

@JoshuaKGoldberg
Copy link
Owner

JoshuaKGoldberg commented Jan 1, 2025
edited
Loading

Bug Report Checklist

Overview

The create CLI allows installing and running arbitrary packages: npx create some-arbitrary-package. Similar to npx itself, users should be asked to confirm -either explicitly or with a --yes flag- that they want to install something if it's a new package for them.

Additional Info

I keep forgetting to file this, but it's an important security concern.

💖
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@JoshuaKGoldberg JoshuaKGoldberg

Labels
status: accepting prs Please, send a pull request to resolve this! 🙏 type: feature New enhancement or request
Projects
None yet
Milestone
Blocks Launch
Development

Successfully merging a pull request may close this issue.

feat: require user confirmation or --yes to install package with npx JoshuaKGoldberg/create
1 participant
@JoshuaKGoldberg