-
Notifications
You must be signed in to change notification settings - Fork 234
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
#538 Automatically check if node_modules/typescript/lib exists #720
base: master
Are you sure you want to change the base?
Conversation
This would be a great improvement. |
Yeah, I agree - I'd like to get this in. I'm a tad apprehensive about it being prioritized over the bundled version. vscode, vs and flow-for-vscode for example all have an option which lets you choose to have this version be prioritized. Any chance we can have this as a setting somehow? The gaol being specifically to make people in to a project's arbitrary code being executed when they open the editor. |
Make this feasible please! |
almost forgot about this, problem is that I have little to no knowledge on how to do this, but just want to confirm, only issue atm is that it needs to be added as a configurable option and not as a default behavior right ? |
Yeah, allow this to be opt-in and it's reasonable to me 👍🏻 |
It juat works like that way, like simply cloning the way its mentioned in docs..., and no need to configure anything by hand.., if u want i can show my settings file like how its configured right now in my sublime.., should i ?. |
sorry now that I remember what was being achieved here, this doesn't need an opt-in configuration, as the current configuration only allow to pass an absolute path to
I think your concern is about group number 1, but I was one of those people and thought that this work like other editors it uses:
I am not saying your point is not valid but just that with how the users are currently using the plugin, and maybe there is something else I am missing but I think this is an improvement, as users would expect their project/local typescript to be used by the plugin, as they either specifically installed it for tooling or building the code, and I think in both cases the plugin should use that typescript version, and again maybe I am missing something or the whole point actually |
I don't disagree with the idea that someone could expect that, but I'm more worried from a security perspective. You could clone a repo with a poisoned version of the TypeScript dependency and simply opening that repo in Sublime would trigger the eval of whatever code they want. If a user intentionally decides they think this trade-off is worth it, that is OK. It's not really OK by default. I believe how this works in vscode is that if a downloaded project declares it wants to to use a local version of TypeScript in its settings, then you get a popup asking if you want to switch from the bundled version to the local copy. |
Amazing..!.
…On Thu 27 May, 2021, 3:51 PM lastthyme, ***@***.***> wrote:
***@***.**** approved this pull request.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#720 (review)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AHQAJY22LB2P5YAJLRXBE4DTPYMLJANCNFSM4HOEO7LQ>
.
|
Fixes #538
Inputs are welcome 😄