Conversation
🦋 Changeset detectedLatest commit: c9499a1 The changes in this PR will be included in the next version bump. Not sure what this means? Click here to learn what changesets are. Click here if you're a maintainer who wants to add another changeset to this PR |
github-actions
bot
added
the
pkg: create-astro
ematipico
force-pushed
the
fix/create-astro-add
branch
from
f1e6142 to
e502924
Compare
| ctx.add = ctx.add?.reduce<string[]>((acc, item) => acc.concat(item.split(',')), []); | ||
| if (ctx.add) { | ||
| for (const addValue of ctx.add) { | ||
| if (!KNOWN_LIBS.includes(addValue)) { |
There was a problem hiding this comment.
We don't want to break 3rd party integrations being added this way. I think what we want to do is run the string through some sort of bash sanitizer.
There was a problem hiding this comment.
Some pseudo-code of what I mean:
const parts = sanitize(ctx.add);
// [ 'db', '{ bash_stuff_here }' ]
then we can decide what we do in this situation, maybe it's erroring if its more than just a package name.
There was a problem hiding this comment.
We don't want to break 3rd party integrations being added this way.
Ok I didn't know that third party packages were supposed to be supported. Maybe a KISS heuristic is check for spaces. Packages don't have them, while bash commands must have them
There was a problem hiding this comment.
That sounds good to me, but I would check with other people on the team, they probably know usage of this feature more than me.
There was a problem hiding this comment.
We do support astro add <third party instegration> and create-astro --add <third party integration>.
Some integrations (mine, for example) even show those commands on their README/docs.
ematipico
force-pushed
the
fix/create-astro-add
branch
from
e502924 to
fff4113
Compare
|
I don't think this will work, I didn't realize it but we support passing multiple integrations: https://docs.astro.build/en/guides/integrations-guide/#automatic-integration-setup I think we'll need to do some sort of escaping. |
github-actions
bot
added
the
pkg: astro
| child = spawn(command, flags, { | ||
| cwd: opts.cwd, | ||
| shell: true, | ||
| shell: false, |
There was a problem hiding this comment.
Hmm, I'd check if there isn't a Windows nonsense that could happen here. I feel like I remember some Node update requiring shell true in some contexts on Windows.
4 participants
Changes
Closes #15420
I refactored the solution to make more generic and apply it to
--addandastro add. We have a generic regex that checks wether the name follows the npmjs naming convention. If not, we throw an error.I preferred to have this regex inside the internal helpers, so both
create-astroandastrocan use the same source of truth.Note
Solution designed by me. Code and tests generated via AI. I checked all the code
Testing
Added various tests.
Added new tests. Tested manually
Docs
N/A