tst-reflect icon indicating copy to clipboard operation
tst-reflect copied to clipboard
verified publisher icon Hookyns

New config option onlySafeImports

Open Hookyns opened this issue 4 years ago • 2 comments

Proposed Changes

  • Add option reflection.onlySafeImports: boolean,
  • in case the onlySafeImports is true, all Type descriptions of types from node_modules will have plain Object as ctor.

Notes

Type.getTypes().forEach(type => type.ctor) is dangerous action, because if some Type is from node_modules and it looks like:

export class Foo {}
deleteAllTheFilesOnYourPc()

it can do some damage.

New include/exclude config options can exclude all the node_modules types, so there is an option to ignore them all. But somebody would want to work with those types, but stay safe and tell: "No, don't import those modules in case I acidentaly do that."

Hookyns avatar Feb 05 '22 00:02 Hookyns

Another thing we can do is check if there is some CallExpression in SourceFile statements.. for modules inside node_modules.

But this will be still dangerous:

Type.getTypes().forEach(type => (new type.ctor())[type.getMethods()[0]])

I do the mistake that I'm calling unknown methods but still... onlySafeImports should care about that and ignoring whole import of node_modules in safe mode is much safer.

Hookyns avatar Feb 05 '22 00:02 Hookyns

Can be controlled by the include/exclude manually.

onlySafeImports needs more feedback.

Hookyns avatar Sep 16 '22 06:09 Hookyns