pub-dev
pub-dev copied to clipboard
dart-lang
The pub.dev website
We should decode and re-encode all tarballs we serve. This would ensure that tweaks in tarball which are ignored by `tar` cannot be used to create a file that interpreted...
Check: https://csp-evaluator.withgoogle.com It seems it's not enough to trust specific domains. We should probably use: * `hash`, and, * `strict-dynamic` * `block-all-mixed-content`
I discussed this with @mit-mit today, once we have a history: https://github.com/dart-lang/pub-dev/issues/2687 it makes sense to allow users to removed themselves.
@mit-mit @isoos Dartdoc now supports linking directly to source code for generated API documentation. However, in order for this to work with the pub site, users have to [autogenerate dartdoc_options.yaml...
We could consider adding a scrolling bar such that the version does not wrap around.
We could consider making them black.
From: https://pub.dartlang.org/documentation/iconify_flutter/0.0.5/package.tar.gz Downloading the entire documentation fails for some packages. We could return 404 instead, if the object is too large.. We could also decide not to offer this file...
We could instead consider having an outlined icon like Youtube. Problem with having it filled with high contrast is that one might think that the package is already liked.