When a user is installing a package that may contain a concept of running arbitrary code on an event such as install, build, init, etc, they should be warned with a small security banner or affordance regarding the experience and when it will occur.
A banner might look like the following:
Automatic Scripts
init.ps1 scripts are run when the package is installed or when you open the PowerShell console.
Where the variable can be init.ps1, install.ps1, uninstall.ps1, MSBuild targets/task, etc and the respective behavior of when it happens (install, build, powershell init, etc)
This could be a helpful affordance for a user of unexpected behavior or potentially report a security issue to the NuGet team without having to install or inspect the package.
NuGet Product(s) Involved
Visual Studio Package Management UI
The Elevator Pitch
When a user is installing a package that may contain a concept of running arbitrary code on an event such as install, build, init, etc, they should be warned with a small security banner or affordance regarding the experience and when it will occur.
A banner might look like the following:
Where the variable can be init.ps1, install.ps1, uninstall.ps1, MSBuild targets/task, etc and the respective behavior of when it happens (install, build, powershell init, etc)
This could be a helpful affordance for a user of unexpected behavior or potentially report a security issue to the NuGet team without having to install or inspect the package.
Additional Context and Details
No response