Open zetxek opened 3 years ago
Fair point. It doesn't really need to be executed over the network. composer require bla/bla
and running the install script from the vendor folder should work as well.. Might that be a better alternative?
I think that should be already better, as the user can go and check the script themselves, and there's no risk of DNS hijacking or something like that :-)
If you've got the time to restructure the README to make this clear, that would be appreciated.
In the README it's suggested to execute:
There is no validation of the remove script. It's a best practice to avoid somebody from impersonating/replacing the script that will do crucial system tasks.
References: