Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Run scripts/transactions from url #1468

Open
janezpodhostnik opened this issue Mar 20, 2024 · 2 comments
Open

Run scripts/transactions from url #1468

janezpodhostnik opened this issue Mar 20, 2024 · 2 comments
Labels
Feature A new user feature or a new package API Feedback

Comments

@janezpodhostnik
Copy link
Contributor

janezpodhostnik commented Mar 20, 2024

Description

A lot times I find myself using commands like this:

flow scripts execute <(curl -s "https://raw.githubusercontent.com/onflow/flow-core-contracts/stable-cadence/transactions/flowToken/scripts/get_supply.cdc") -n some_network

It would be nice to support something like this:

flow scripts execute "https://raw.githubusercontent.com/onflow/flow-core-contracts/stable-cadence/transactions/flowToken/scripts/get_supply.cdc" -n some_network

Another potential option is that you would list "sources" in the flow.json:

"sources":{
	"core-contracts": "https://raw.githubusercontent.com/onflow/flow-core-contracts/stable-cadence/transactions"
}

and then you could use it like this:

flow scripts execute "core-contracts:transactions/flowToken/scripts/get_supply.cdc" -n some_network
@chasefleming
Copy link
Member

@janezpodhostnik This is a cool idea. But, one potential issue is that a seemingly harmless URL used by many could eventually be switched to something malicious after gaining trust.

One method we've been exploring to address this is through FLIX and the Dependency Manager. Currently, you can execute a script or transaction using a FLIX from the CLI. This means that these could be encapsulated within a FLIX for execution. We also plan to enable the Dependency Manager to import scripts and transactions from URLs directly into your project for local execution. This would also somewhat address what you're trying to do.

Although, we want to integrate commands for commonly used functions in the near future directly into the CLI, like querying supply, transferring flow, etc. Are there any interactions that you use often, which we should prioritize?

@janezpodhostnik
Copy link
Contributor Author

Using any CLI commands comes with a risk and a disclaimer "I know what the commands I am running do". Nothing is stopping you from running "rm -rf /".

While I think the CLI should take some effort to reduce footguns, I also think worrying about the url destination switching on the user over time is not the responsibility of the CLI, but the responsibility of the user.

@gregsantos gregsantos moved this to 🧊 Backlog in 🌊 Flow 4D Apr 16, 2024
@chasefleming chasefleming removed their assignment May 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Feature A new user feature or a new package API Feedback
Projects
Status: 🧊 Backlog
Development

No branches or pull requests

2 participants