“Should I pipe it?”

So, fellow developers, you know how we’re all told not to pipe installation scripts into our shells and yet we all do it anyway? I just rolled a little something that might help with that…

Here’s an example of the nvm install script, verified by yours truly:

should-i-pipe.it/https://raw.g

What do you think?

Anyone with a GitHub account can help verify installation scripts (would be good to have two more for nvm).

Instructions: github.com/small-tech/should-i

Thoughts? :)

Follow

@aral Nice idea! IMHO the best answer is always a strict "no" (especially b/c bash doesn't exhaust input before executing: thomask.sdf.org/blog/2019/11/0) but the pattern is probably here to stay, so it's nice that we now have a tool to verify these scripts.

If it were me I'd make the banner yellow instead of green (which implies complete safety) and add sth to the effect of "Hey, whatever this page says, piping to shell is bad practice, so we suggest you download, read, and run the script manually."

@cadadr Yeah, I hear you on the yellow/green. Actually went back/forth on that and I’m not convinced either. Will consider it.

Sign in to participate in the conversation
Mastodon @ SDF

"I appreciate SDF but it's a general-purpose server and the name doesn't make it obvious that it's about art." - Eugen Rochko