Describe the solution you'd like
Right now, the default in boilerplate is to allow boilerplate templates to run arbitrary scripts via the hooks and shell feature. This was fine where all the templates were things we created internally, but if we open source boilerplate, and there are public templates, these features should be disabled by default to create a better security posture.
Additional context
This would be a breaking change. We'd need to switch the --disable-hooks and --disable-shell flags to --enable-hooks and --enable-shell.
Describe the solution you'd like Right now, the default in
boilerplate
is to allow boilerplate templates to run arbitrary scripts via the hooks and shell feature. This was fine where all the templates were things we created internally, but if we open source boilerplate, and there are public templates, these features should be disabled by default to create a better security posture.Additional context This would be a breaking change. We'd need to switch the
--disable-hooks
and--disable-shell
flags to--enable-hooks
and--enable-shell
.