search

google / zx

A tool for writing better scripts
https://google.github.io/zx/
Apache License 2.0
42.92k stars 1.09k forks source link

Understanding `zx` roadmap and idea 🙏 #860

Closed Avivbens closed 3 months ago

Avivbens commented 3 months ago

Hi 👋

Really liked the repo and the idea behind it! 🥷

A Quick Question

Just want to make sure I'm getting you right - the $ executor would be extracted from this library, so developers would be able to use its powers for production code too, besides scripts (?)

I'm asking because I'm looking for something addressing a lot of the issues it would solve, see this thread

antongolub commented 3 months ago

zurk just builds a flexible abstraction on top of the process spawner. zx has a broader scope. It is a toolchain that comprehensively improves devx in the tasks of writing scripts for various purposes.

Avivbens commented 3 months ago

zurk just builds a flexible abstraction on top of the process spawner. zx has a broader scope. It is a toolchain that comprehensively improves devx in the tasks of writing scripts for various purposes.

Thanks for the explanation 🙏

So, zurk should handle command injection issues?

antongolub commented 3 months ago

So, zurk should handle command injection issues?

Partially. zurk provides basic script syntax and cmd build logic. Meanwhile zx has built-in setups and rich bundle of utilities for seamless adaptation to different environments, corner cases, etc. These are different levels of instrumentation.

Avivbens commented 3 months ago

So, zurk should handle command injection issues?

Partially. zurk provides basic script syntax and cmd build logic. Meanwhile zx has built-in setups and rich bundle of utilities for seamless adaptation to different environments, corner cases, etc. These are different levels of instrumentation.

But using zurk alone would provide me a safe command execution, without worrying about arbitrary command injection?

antongolub commented 3 months ago

It depends. Both zurk and zx use internal qoute function to format cmds for bash. Another shells may (theoretically) handle input differently.

https://google.github.io/zx/quotes https://github.com/google/zx/blob/main/src/util.ts#L89

Avivbens commented 3 months ago

It depends. Both zurk and zx use internal qoute function to format cmds for bash. Another shells may (theoretically) handle input differently.

https://google.github.io/zx/quotes

https://github.com/google/zx/blob/main/src/util.ts#L89

Awesome ✨🎉

Would definitely use both, for command execution & build robust scripts 🥷

I'll suggest some ideas when I'll have something in mind 🙏