Add sponsor command
#1258
Add sponsor command
#1258
Conversation
src/nimblepkg/packageinfo.nim
Outdated
| case meth | ||
| of DonationMethod.GitHub: "GitHub" | ||
| of DonationMethod.OpenCollective: "OpenCollective" | ||
| of DonationMethod.Patreon: "Patreon" |
There was a problem hiding this comment.
I think this should be just a string metadata instead of just 3 hardcoded "provider companies",
some people prefer to use USDT/BTC/ETH/crypto/other services etc,
and in some places of the world the hardcoded services are not available (as donations collector).
There was a problem hiding this comment.
Sounds alright, but we'd also need to properly audit any new packages that are added in. We need to ensure that none of them end up linking to a phishing site, albeit the odds are very low.
There was a problem hiding this comment.
@juancarlospaco Is this better? (I have no clue about how Coinbase works, that's just a stub link)
There was a problem hiding this comment.
Thats what I tried to do at
https://github.com/juancarlospaco/nim_packages_security_audit?tab=readme-ov-file#fully-automated-nim-packages-security-audit
Feel free to contribute/revive, maybe it needs like a "cool web visualization" (?).
Also the package scanner can be improved too:
https://github.com/nim-lang/packages/blob/master/package_scanner.nim
I think the efforts there are so much better spent.
There was a problem hiding this comment.
This might sound stupid - but what about using something like URL Haus, VirusTotal or Google Safebrowsing to the package scanner?
There was a problem hiding this comment.
Nevermind, URL Haus does not keep track of phishing URLs (my main concern).
There was a problem hiding this comment.
@juancarlospaco I'd say we should leave the URL auditing to the person who's going to merge the package into the index. Most browsers have SafeBrowsing built in either ways. Do you have any other suggestions?
There was a problem hiding this comment.
Enforce a common-sense standard max len for the string ? 256 char or something here or in the package scanner. IMHO 🤔
Prelude
See this issue
This PR exists as a base for what can be the final implementation for this. Do NOT merge this yet!
This PR adds a new command:
nimble sponsorThe sponsor command
The sponsor command optionally takes in a package as an argument. If one is not provided, it shows all packages that are accepting donations (the package below does not actually take donations, it's just been modified to show how this command works in my packages_official.json)
If a package is provided, the links for sending donations to the library maintainer are opened in the user's browser and also outputted to their terminal if they don't have a web browser installed. (Again, the package below does not actually take donations.)
