Ian Denhardt

Yeah, I'm thinking in terms of automatic scanning tools. We could do some of that against the repos too, to some extend. But this is somewhat still in the brainstorming...

We certainly can't trust it's accurate in the face of a developer actively messing with it. We could query the package manager to work out which package each file we...

I think it would make things more readable to strip it down to just package name and version, but wrt to the size constraint: by comparison, the sandstorm-http-bridge executable is...

Where do we want to collect these? I'd like to not just have half a dozen repos in random people's accounts that we have to separately keep track of, do...

Maybe we could tweak the node stack to try to dodge this somehow, but I don't see a great way out of this in general. Note that there are also...

Can you provide some more context? Did this happen after upgrading an app from an older version, or...?

> Is there any halfway decent way to tell it to abandon whatever changes it was trying to make prior to the crash or something like that instead? This is...

Yeah, that should work. (Side note, it might be nice to have a nix stack).

Quoting Jacob Weisz (2022-09-05 23:56:14) > However, I am not sure there's a good case/reason for the env folder to > be inside /opt/app in the first place: If we...

Your understanding is correct; any command involving `vagrant-spk` should be run on the host machine, not the guest.