Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RRFC] expanding behavior of --before to support date adjustment and setting via config #559

Open
MylesBorins opened this issue Mar 22, 2022 · 3 comments
Open

[RRFC] expanding behavior of --before to support date adjustment and setting via config #559

MylesBorins opened this issue Mar 22, 2022 · 3 comments

Comments

@MylesBorins
Copy link

MylesBorins commented Mar 22, 2022
edited
Loading

Motivation ("The Why")

--before is an excellent feature for reliability as being able to run install in a project "as if it were in the past"... it has an additional benefit in that it can be used to create a temporary delay in what you are consuming from the registry which can offer a level of protection from a supply chain attack. Utilizing a bit of unix ingenuity we can do something fancy like the below to enforce all installs to have a 7 day delay, potentially protecting you from a supply chain attack (which are often dealt with relatively quickly) without having to pin dependencies in a way that may make you susceptible to unpatched known vulnerabilities.

npm install --before="$(date -v -7d)"

Date has pretty expansive syntax for setting date adjustment specifically

If val is numeric, one of either y, m, w, d, H, M or S must be used to specify which part of the
date is to be adjusted.

It would be great if we could pass this type of syntax directly to --before, or another similar flag, to allow support in a platform independent way (the above solution wouldn't work on windows).

Further it would be amazing if we could set this as a configuration in a global or local .npmrc allow developers to manage this at a project or system level.

Example

npm install --before-relative 7d
npm install --before-relative 30M
npm install --before-relative 1y

How

Current Behaviour

I believe this is covered above

Desired Behaviour

I believe this is covered above

References
@bnb
Copy link

bnb commented Mar 22, 2022

in your 30m example, is that months or minutes?

@MylesBorins
Copy link
Author

In the case of date m is month and M is minutes

@darcyclarke darcyclarke added the Agenda will be discussed at the Open RFC call label Mar 31, 2022
@darcyclarke darcyclarke mentioned this issue Apr 6, 2022
Closed
This was referenced Apr 13, 2022
Closed
Closed
This was referenced Apr 27, 2022
Closed
Closed
@darcyclarke darcyclarke removed the Agenda will be discussed at the Open RFC call label May 4, 2022
@ljharb
Copy link
Contributor

ljharb commented May 4, 2022

My suggestion is to use the ISO 8601 standard DSL for this, which Temporal.Duration will use: https://tc39.es/proposal-temporal/docs/duration.html

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ljharb @darcyclarke @MylesBorins @bnb