Include code from a public github repo?

Question

Include code from a public github repo?

astridx opened this issue 4 years ago · 9 comments

Thank you for this tool.

Could I write a script that will load the source code from a public github repo? This would be great.

For example something like this:

```php
// https://raw.githubusercontent.com/astridx/boilerplate/bc1862aa67b46ec23830617137483903fa968d72/src/components/com_foos/tmpl/foo/default.php
```.

Answer 1 · 2020-09-26T13:32:52.000Z

I just tested how to do it. This could work with https://github.com/axios/axios.

      axios({
      method: 'get',
      responseType: 'blob', 
      url: filename
       })
      .then(function (response: { data: string; }) {
        log({ returnSnippet: substr }, chalk => chalk.blue(response.data));
      })
      .catch(function (error: {data: string;}) {
        log({ returnSnippet: substr }, chalk => chalk.red(error.data));
      });

Would you appreciate a PR and would you review and comment on it in short time?

Answer 2 · 2020-10-02T20:18:32.000Z

See #68
or
your repo forked at https://github.com/astridx/embedme

Answer 3 · 2020-10-24T19:11:04.000Z

@astridx why have you closed this issue while the PR is still open?

Answer 4 · 2020-10-24T19:55:12.000Z

@Edo78 I know it like this, that an issue is closed when a PR is opened. Here it is like this: https://github.com/joomla/joomla-cms/ for example.
Is this wrong?
But by the way: I don't have the feeling that PR is wanted either.

Answer 5 · 2020-10-25T13:20:37.000Z

I'm not sure. I always prefer to have a feedback on the issue from the maintainer.

I hope the PR is accepted because it can be really useful even on the very same repository. If I specify a line range and I change the source file the same range could point to a different code but pointing to a specific version can "solve" this issue.

Answer 6 · 2020-10-25T20:35:08.000Z

@Edo78 Edo78 I'm not sure. I always prefer to have a feedback on the issue from the maintainer.

Same with me. "I always prefer to have a feedback on the issue from the maintainer". But: Since I needed the function for myself and it was already ready, I created the PR. It is also easier for the maintainer to make a decision when he sees the implementation.

Answer 7 · 2020-10-25T20:45:22.000Z

Hi @astridx and @Edo78 , sorry for my silence on this issue, I've been busy with other stuff and forgot about this issue. Unfortunately I do not wish to extend the functionality of this iteration of the tool to include remote file management for a couple of reasons.

The main one being that I see this as both a security and consistency risk, if we had more fine grained permission controls with Node.js like we do with Deno, I'd be all for it, however I don't like the potential risks associated with basically uncontrolled fetching of remote data.

That said, I can certainly understand the desire for such a feature and would be happy to discuss alternative solutions such as a plugin-like architecture where a user needed to explicitly add separate (optional) dependency to allow for remote file resolution?

Answer 8 · 2020-10-26T11:47:42.000Z

@zakhenry Thank you for your answer. Is it correct that you see the security issue for the offer at https://www.npmjs.com/?

Answer 9 · 2021-06-05T14:15:56.000Z

What's the difference between:

wget
git submodule add
cd ../other/path; git clone foo/bar then add a relative ref?

And...
4. embedme fetching remote links
5. including a file from your repo that maybe was copy/pasta'd from a normally reputable source that happened to be compromised at the time I copy/pasta'd
6. generating an svg of an asciicast with a tool that one day becomes compromised 😜

All seems a matter of where the request happens? And is the responsibility leaked to users or encapsulated in one program that might have a better chance of applying some safety checks (not that it has to) 😃