You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
[allow-insecure] Allow insecure packages with --allow-insecure flag (#1265)
## Summary
This allows installing insecure packages using the `--allow-insecure`
flag:
`devbox add nodejs@16 --allow-insecure`
This saves the allow insecure state to lock file.
If user tries to do add/shell/run/install and there are insecure
pacakges that are not in marked in lock file, they will see an error
indicating they should use flag.
I used flag (instead of prompt) to limit the size of this already
massive PR. TODO (in follow up):
* When installing an insecure package, ask the user if they want to
allow it, update the devbox.json, and install it.
## How was it tested?
```bash
devbox add nodejs@16
devbox add nodejs@16 --allow-insecure
devbox run run_test
# edited lockfile to remove allow_insecure
devbox run run_test # error
devbox install # error
devbox shell # error
```
See examples/insecure
0 commit comments