Doug Parker 🕸️ on Nostr: Your regular reminder to please please please define your configuration files as ...
Your regular reminder to please please please define your configuration files as *data* (#JSON, #YAML, #TOML, etc.), not *executables* (#JavaScript).
* It's so much harder to reason about executable configurations.
* It gives significantly more device access than is needed, plugins cannot be sandboxed effectively.
* It becomes much harder for other tools to use your config file (not everyone wants a dependency on a JS engine to execute your config file and read a single property).
* It becomes much harder to migrate that config in the future because static analysis becomes significantly more difficult/impossible in many cases.
I really hate this trend in the JS ecosystem and wish we would stop designing our tools like this.
* It's so much harder to reason about executable configurations.
* It gives significantly more device access than is needed, plugins cannot be sandboxed effectively.
* It becomes much harder for other tools to use your config file (not everyone wants a dependency on a JS engine to execute your config file and read a single property).
* It becomes much harder to migrate that config in the future because static analysis becomes significantly more difficult/impossible in many cases.
I really hate this trend in the JS ecosystem and wish we would stop designing our tools like this.