Closed Yugal41735 closed 1 month ago
I appreciate the effort you put into this, but after spending a half hour or so looking at Codemod I don't think I'm comfortable recommending it to Jasmine users. I see three major problems:
The first issue is fatal all by itself. But taken together, they present a real risk that someone might compromise your Codemod registry account and use it to publish a new version containing malware, with no way for Jasmine users to detect the problem before the malware runs on their machines.
As I said, I appreciate the effort. But operating a public package repository comes with serious security challenges, and it looks like the Codemod team has work to do on that front.
Ok, got it. But, to publish our codemods to the codemod registry we have to sign in. And there's only one way to sign in, and that is using the github account, and that in itself has 2 factor authentication. So i think, this may solve the account takeover issue. Also I have already published codemod with a name, it does not allow anyone to publish any other codemod with the same name.
@mohab-sameh
Hi @sgravrock 👋 Mohab from the Codemod team here :)
Thanks for bringing up these points. We're always working on improving the platform. Here are some answers to your concerns:
Please let me know if you have any more concerns. Our community is really keen on bringing an awesome migration experience just like we do with React, MSW, Nuxt, pnpm, and more.
Making sure this is an improvement over the previous manual upgrade experience is our community's top priority, so your feedback really helps.
Hey, I am adding codemods to upgradation guide for upgrading to Jasmine 5.0 from 4.x.
What is codemod? Codemod is a open source tool, which helps in migration from one version to another. This pr is made to help in migration of some breaking changes as mentioned here and here
You can test the below codemods by running the below commands to test the above mentioned changes:
Or if you have any repo in mind, you could share its link with me, I could test on it, and would update you on the results. I think it would be a great addition to community, as it will help users saving lot of their time while migrating.