21
Do you know the .vscode/tasks.json file? You can add it to your project, and will run your configured commands automatically when you open the project ✨ (files.mastodon.social)
submitted 2 months ago* (last edited 2 months ago) by pascalbaljet@mastodon.social to c/vscode@programming.dev
12 comments fedilink hide all child comments

Do you know the .vscode/tasks.json file? You can add it to your project, and @vscode will run your configured commands automatically when you open the project ✨

I use this for the Inertia Table so it starts the web server and Vite without me having to open terminals for them 👌

#Laravel #PHP #JS #coding

top 12 comments
sorted by: hot top controversial new old
[-] mumblerfish@lemmy.world 13 points 2 months ago

Hm, yeah ok, should really be careful with that "I trust the developers of this repo" button (or whatever it says)

[-] Lodra@programming.dev 5 points 2 months ago* (last edited 2 months ago)

100%

I know a guy that considers git pre-commit hooks a form of code injection and thus a security risk. So he disables them on repos he works with. And to be fair, it’s absolutely a viable vector for attacking developer machines. I think a tasks.json fits into that exact same bucket.

These kinds of automations are suuuper useful and I do like to use them. But also review a code base before cloning!

[-] expr@programming.dev 1 points 2 months ago

Yeah, it's a little insane to me to automatically run code that exists in a file in the current directory, by default.

Like there's a reason that direnv requires you to execute direnv allow if you enter a directory with an .envrc that you hadn't previously approved.

I don't know of any other editor that has this as standard behavior, and for good reason.

[-] kogasa@programming.dev 1 points 2 months ago

Pre-commit hooks aren't committed to the repo though. What's to disable? Unless it's something like python's precommit module I guess

[-] Lodra@programming.dev 1 points 2 months ago

The configuration is often committed to the repo. And some repos heavily rely on the precommit actions running before you can push or have pipelines function correctly

[-] kogasa@programming.dev 1 points 2 months ago

You'd still need to manually install the git hooks though, the .git folder isn't part of the repo

[-] FizzyOrange@programming.dev 1 points 2 months ago

I mean... You're probably going to run the code in the repo eventually anyway right? At least in the majority of cases. Tbh I don't think it really changes the threat model significantly.

[-] Miaou@jlai.lu 4 points 2 months ago

Can't wait to see CVEs popping up exploiting this feature

[-] emd@cosocial.ca 2 points 2 months ago

@pascalbaljet @vscode no I did not know, thanks!

[-] doefom@mastodon.social 1 points 2 months ago

@pascalbaljet @vscode nice! Do you know if there‘s anything similar for PhpStorm?

this post was submitted on 16 Aug 2024
21 points (100.0% liked)

VS Code

784 readers
10 users here now

founded 1 year ago
MODERATORS
Ategon@programming.dev
Lodra@programming.dev