Hooks in composer.json

[JapSeyz]

I'll just repst my question from Voyager here:

Isn't it very dangerous to have the hooks stored in the composer.json?Imagine installing a hook from the UI on a production server, which then modifies the production composer.json without modifying the git version.That means during the next deployment, if the composer.json was changed in development, you have to manage the conflict on a production server. It seems very dangerous, or am I missing something?

They do have a GUI for adding hooks to a project, which seems dangerous if the user adds a hook in production, is this intended to be used only in development, or am I missing something?