Open mattdodge opened 6 years ago
As mentioned in https://github.com/neomake/neomake/pull/2123#issuecomment-436828802 you should have a whitelist instead probably, i.e. only certain folders.
But maybe it's also not meant to e.g. have Neomake and other things in $ZSH
in the first place?
@blueyed makes a great point I think. Unless I've set up my dotfiles folder incorrectly, then a lot of plugin directories end up nested under the dotfiles folders (e.g. vim, tmux, zsh). Using the globstar **
means recursing all the way down and finding anything that ends with .zsh
and sourcing it. A malicious library could include a zsh file and run that code in every user's environment.
I've modified this PR to only look in the top-level topic directories for zsh files to source. I think that's a bit more in the spirit of what this features is trying to do anyways. In fact the description on the README already kind of indicates it's only going to look in that top level (although I added a clarification just in case).
Certain libraries and plugins (e.g. neomake) may have
.zsh
files in test folders. These are not intended to be sourced when starting up.