Open voidlock opened 1 year ago
@voidlock Hi, it's been some time. I'm generally fine with this minor change, but I'm just slightly worried it might pose a risk or harm to users. Thoughts?
@jorgebucaran I understand your concern. What if I updated the PR to include a mechanism similar to how Golang handles private modules with the GOPRIVATE
environment variable?
Perhaps a FISHER_PRIVATE
environment variable that a user can customize.
set FISHER_PRIVATE github.com/your_github_username/mysecret github.com/your_github_username/myothersecret
When fetching plugins, Fisher would scan the list provided by FISHER_PRIVATE
. If it's found, it can update the curl command to include the --netrc
flag.
Context
I have a specific use case where a set of fish plugins are made available internally. They are not public Github repositories. The
curl
command used by fisher will only fetch plugins from public repositories.Proposed Changes
By changing the command to
curl -n
it can take advantage of any credentials stored in the~/.netrc
file. This may not be the best flag to have enabled by default, or perhaps goes against the spirit of sharing fish plugins publicly. An alternative could be to move this behind a variable or some other indicator to mark that a plugin is private.