Closed oxinabox closed 4 years ago
While this is certainly doable, CSTParser is likely to go into Base/stdlib soon anyway, which might negate the benefit.
I know that has been proposed a few times. But I don't know that it is actually going to happen soon. And I am personally not sure it is a good idea.
MacroTools has a lot of packages that depend on it. it is comfortably in the top 10. It is a prime target for anyone wanting to inject malicious code. Luckily it is fairly simply and small so easy enough to detect.
The
sourcewalk
code brings in a number of dependencies (CSTParser
andTokenize
) Which increase the attack surface. Particularly as these are much less simple and small.We know noone is using that in production since it requires a deving a custom branch of CSTParser, so I am thinking before it is stablized,
sourcewalk
can move out to its own package.