Closed mbolli closed 10 months ago
xtaran
commented
2 years ago Although I might have to produce my own fork of the project, as there have been some fixes which are not in the original repo.
Any thoughts for/against this?
Vendoring is considered to be a bad idea security-wise.
mbolli
commented
2 years ago That's true and why I'm opening this issue as well. In this case though, the original repo hasn't received any changes since 9 years. So it just is not according to best practices, but security-wise does not matter.
xtaran
commented
2 years ago Ok, yeah, 9 years is a long time indeed.
mbolli
commented
10 months ago Composer autoloading is introduced in #90
Thinking about adding some dev tools to ensure code quality, and maybe add some tests. This would also enable the project to fetch the only 3rd party dependency there is (the CLI progress bar) via composer. Although I might have to produce my own fork of the project, as there have been some fixes which are not in the original repo.
Any thoughts for/against this?