lucaslarson / dotfiles Goto Github PK

e82bc58988/CodeSnippets.md § c

more specifically:
using

PS4_temporary=${PS4}
PS4=''
set -x; ! || done! >/dev/null 2>&1;set +x
PS4=${PS4_temporary}
unset PS4_temporary

note to self; context for consideration:

Having seen that I comprise half of zdharma-continuum/zsh-diff-so-fancy’s stargazers, I felt prompted to replace the plugin with the applicable npm package as was done with git-open (802072a92a)

On the other hand, if I move a package from $DOTFILES/.gitmodules (and $DOTFILES/custom/plugins into $(npm config get prefix --global)/bin, then Dependabot will no longer keep nudging me to update.

• Would it not be preferable to have Dependabot keep everything updated? (Noting that without symlinking and using npm in ways it’s not meant to be used, there’s no way to create a package.json and package-lock.json)

Proposal

undo

cb371c4

rationale α.

both

path=(addition "${path[@]}")

and

path=("${path[@]}" addition)

become possible

rationale ⅰ.

moreover, “In POSIX sh, += is undefined” (SC3024)

The scripts below appear shell-agnostic, but if running them using Bash on a system whose ${SHELL} is Zsh, they don’t work at all.

For example, instead of:

. "${HOME}/.${SHELL##*/}rc" && exec "${SHELL##*/}" --login

we should use:

. "${HOME}/.${0##*[-/]}rc" && exec "${0##*[-/]}" --login

Git v2.40.0 removed the Perl version of git add --interactive.

Moreover, git-add--interactive’s installation by way of Alpine Linux’s git-perl has been unnecessary since Git v2.25.0, released in January 2020.

The core of the brewfile function¹ is unreadable without comments; add them.

actions/setup-ruby is deprecated;¹ ruby/setup-ruby² is the recommended replacement.

1. actions/setup-ruby@e932e7a#diff-b335630551682c19a781afebcf4d07bf978fb1f8ac04c6bf87428ed5106870f5R9
2. https://github.com/ruby/setup-ruby

show unescaped pathnames where git is already serving human-friendly content

• add -c quotePath=false where git command to target audience-human output instead of git status where scripting is not possible or likely

Where git config allows for scope-wide preference for escaping “unusual[ly]”¹ named paths,² the same functionality is available on a per-invocation level,³ which allows for temporary syntactic sugar without blindingly blunted defaults (the default behavior is to escape and quote such content, which is the safest and most reasonable default, especially in situations where a machine or other third party might parse the output).

To that end, in the instances where this repository calls for a function-scope -c color.status=always, it should call also for unescaped pathnames -c core.quotePath=false.

An alias whose name begins with - or + is not entirely portable.

• Zsh ≤5.9.0.1-dev chokes¹ on aliases whose names begin with - or + unless the assignment includes an end-of-options delimiter:² alias -='cd -' fails but alias -- -='cd -'³ works as expected
• contrariwise, Busybox on Alpine Linux⁴ chokes on alias -- -='cd -', but alias -='cd -' works as expected

changing the default shell with sed -E -i is:

• not portable,
  and it is
• not POSIX-compliant

and the current replacement does:

• not account for distributions where the default shell is dash like Ubuntu and Debian, but that is fine, because while /bin/dash is run, it a symlink to /bin/dash, located at /bin/sh, which is called, and which this solution does replace

A variation of the formula appears in CodeSnippets.md:

The current solution to change /etc/passwd’s entries containing /bin/sh, /bin/bash, or /bin/ash, to wherever zsh is installed, is broken without proprietary extensions¹ – marked “❗️” – to POSIX sed:²

# https://github.com/LucasLarson/dotfiles/blob/cc50d8e6da/setup/init.sh#L346
#                     ╭──────────────────── ❗️ extended regex
#                     │  ╭───────────────── ❗️ modify files in-place
#                     │  │  ╭────────────── expression incoming
#                     │  │  │  ╭─────────── search for
#                     │  │  │  │       ╭─┬─ ❗️ using `?`, more properly `\?`, to
#                     │  │  │  │       │ │  mean “0 or 1” is a GNU extension
         command sed -E -i -e "s|/bin/b?a?sh$|$(command -v -- zsh)|" '/etc/passwd'
#                               │╰────────┬─╯│╰─┬────────────────╯│   ╰─┬───────╯
#    ╭──────────────────────────╯         ╰─╮╰╮ │ ╭───────────────╯     │
#    ╰─ search for what’s between here and  │ │ │ │ ╭───────────────────╯
#                             the next `|`  │ │ │ │ │
# any line ending (`$`) in any of`/bin/sh` ─╯ │ │ │ │
#      `/bin/bash`, `/bin/bsh`, `/bin/ash`    │ │ │ │
#    replace with everything from this `|` ───╯ │ │ │
#                          to the last `|`      │ │ │
#  the Z shell binary’s location, which is ─────╯ │ │
#    probably `/bin/zsh` or `/usr/bin/zsh`        │ │
#          replacement expression complete ───────╯ │
#             file with content to replace ─────────╯

serve better than @gggritso’s
git log --graph --branches --remotes --tags --format=format:'%Cgreen%h %Creset• %<(75,trunc)%s (%cN, %cr) %Cred%d' --date-order"²

1. https://github.com/ohmyzsh/ohmyzsh/blob/d853ec4b629f24c6622f414f312fbf83cec0990d/plugins/git/git.plugin.zsh#L157
2. https://github.com/gggritso/gggritso.com/blob/a07b620/_posts/2015-08-23-human-git-aliases.md#readme

[✖] https://stackoverrun.com/ja/q/12834672 → Status: 0 Error: ESOCKETTIMEDOUT
at ClientRequest. (/usr/local/lib/node_modules/markdown-link-check/node_modules/request/request.js:816:19)
“apk add composer'を試みているDockerfileが失敗していますか？”

stackoverrun.com › ... - Translate this page
作曲-1.5.2-R0：でマスク：（！恐ろしく時代遅れ）. を@​testingそれはDockerfile 固定テストリポジトリというの作者と思われるので、あなたが @​testing を追加 ...
1 answer

add something like “this may take a while”

[✖] https://stackoverrun.com/ja/q/12834672 → Status: 0 Error: ESOCKETTIMEDOUT
at ClientRequest. (/usr/local/lib/node_modules/markdown-link-check/node_modules/request/request.js:816:19)
“apk add composer'を試みているDockerfileが失敗していますか？”

stackoverrun.com › ... - Translate this page
作曲-1.5.2-R0：でマスク：（！恐ろしく時代遅れ）. を@​testingそれはDockerfile 固定テストリポジトリというの作者と思われるので、あなたが @​testing を追加 ...
1 answer

remove Zsh codex while there’s no obvious code-completion successor:

OpenAI has discontinued code-davinci models:

On March 23rd, we will discontinue support for the Codex API. All customers will have to transition to a different model. Codex was initially introduced as a free limited beta in 2021, and has maintained that status to date. Given the advancements of our newest GPT-3.5 models for coding tasks, we will no longer be supporting Codex and encourage all customers to transition to GPT-3.5-Turbo.

On March 23rd, we will discontinue support for the Codex API. All customers will have to transition to a different model. Codex was initially introduced as a free limited beta in 2021, and has maintained that status to date. Given the advancements of our newest GPT-3.5 models for coding tasks, we will no longer be supporting Codex and encourage all customers to transition to GPT-3.5-Turbo.

Models affected
The following models will be discontinued:

code-cushman:001
code-cushman:002
code-davinci:001
code-davinci:002

We understand this transition may be temporarily inconvenient, but we are confident it will allow us to increase our investment in our latest and most capable models.

Originally posted by @oyale in tom-doerr/zsh_codex#16 (comment)

@github ends 11 years of serving git.io redirections on 2022-04-29¹ after providing 3 days warning. This repository appears to contain affected content: search: git.io

/etc/motd, or message of the day, is generally not helpful

printf '' >/etc/motd

On Debian, the instruction will choke. command git should be git here:

Verifying git add -p’s installation¹ should allow looking in both /usr/lib/git-core as well as the current search in /usr/libexec/git-core²

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

This repository currently has no open or pending branches.

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

There is shell code in 2047a6b108/CodeSnippets.md § copy-paste-return that has not been validated — it doesn’t have to be this way: dylanaraps/pure-sh-bible@9d54e96011.

mathiasbynens/dotfiles@bb8de8b

builtin cd

— @ianmiell, Learn Bash the Hard Way: Master Bash Using The Only Method That Works

0efecd2a39/CodeSnippets.md § c (SC2044)

this part of the cleanup function should add a line

-name '.zcompdump-*' or \

to remove cruftily named .zcompdump files such as .zcompdump-oin-5.4.2 or .zcompdump-LPhoneXSMax-5.8.

A timeline-based software such as Git requires no previous versions of existing files, nor does it need example or sample files such as these:

• https://github.com/LucasLarson/dotfiles/blob/b81636d4ced1fb4c844a9d8ba8a489d4d979175c/.oh-my-zsh/custom/example.zsh
• https://github.com/LucasLarson/dotfiles/blob/b81636d4ced1fb4c844a9d8ba8a489d4d979175c/.oh-my-zsh/custom/plugins/example/example.plugin.zsh
• https://github.com/LucasLarson/dotfiles/blob/b81636d4ced1fb4c844a9d8ba8a489d4d979175c/.oh-my-zsh/custom/themes/example.zsh-theme
• https://github.com/LucasLarson/dotfiles/blob/b772f0dcc453409833549d3a589ae23ec5765e12/.zshrc.pre-oh-my-zsh

There’s no list of globally installed Node packages analogous to Homebrew’s, there is one being generated by LucasLarson/update@f651abb58a and saved to $DOTFILES/.package-list.json.

invoking Korn shell with ksh or ksh93 and granting Korn shell access to $SHELL’s $HISTFILE can corrupt or destroy $HISTFILE.

I’m unable to create a reproducible example.

# remove branches already merged into default branch
# https://github.com/mathiasbynens/dotfiles/commit/6c16e6b
alias gDM="!git branch --merged | grep -v '\\*' | xargs -n 1 git branch -d"

⚠️ gdm is set to git diff <default branch>

Merge the profiles of authors committing from multiple email addresses, prompted especially by @github’s @users.noreply.github.com

There is an error with this repository's Renovate configuration that needs to be fixed. As a precaution, Renovate will stop PRs until it is resolved.

Error type: undefined. Note: this is a nested preset so please contact the preset author if you are unable to fix it yourself.

Even empty directories keep a size (64 b in my testing), and I suspect that is what prevented find from seeing it.

• perform the search on a pristine clone

Add autosuggestions like fish provides which are sort of available for Z shell.

edit is not at all portable here:

A solution like ${EDITOR:-vi}¹ instead of edit² is portable and should replace it.

1. this may not be the correct if-not-𝑥-then-𝑦 syntax when calling a binary like /usr/bin/vi, but it’s close
2. edit is defined as:
   

   dotfiles/.zshenv

   Lines 8 to 20 in 9c37ff8

   	if command -v nvim > /dev/null 2>&1; then
   	EDITOR="nvim"
   	elif command -v vim > /dev/null 2>&1; then
   	EDITOR="vim"
   	elif command -v vi > /dev/null 2>&1; then
   	EDITOR="vi"
   	else
   	EDITOR="nano"
   	fi
   	export EDITOR
   	# https://github.com/koalaman/shellcheck/wiki/SC2139/db553bf16fcb86b2cdc77b835e75b9121eacc429#this-expands-when-defined-not-when-used-consider-escaping
   	alias editor='$EDITOR'
   	alias edit="editor"

WS-2019-0379 - Medium Severity Vulnerability

Vulnerable Library - commons-codec-1.10.jar

The Apache Commons Codec package contains simple encoder and decoders for various formats such as Base64 and Hexadecimal. In addition to these widely used encoders and decoders, the codec package also maintains a collection of phonetic encoding utilities.

Path to vulnerable library: /dotfiles/Library/Application Support/PyCharm2019.3/datalore-intellij-plugin/lib/commons-codec-1.10.jar

Dependency Hierarchy:

• ❌ commons-codec-1.10.jar (Vulnerable Library)

Found in HEAD commit: 6b2f9295e9052a76034fb8cf630271b237f4ac7c

Vulnerability Details

Apache commons-codec before version “commons-codec-1.13-RC1” is vulnerable to information disclosure due to Improper Input validation.

Publish Date: 2019-05-20

URL: WS-2019-0379

CVSS 3 Score Details (6.5)

Base Score Metrics:

• Exploitability Metrics:
  • Attack Vector: Network
  • Attack Complexity: Low
  • Privileges Required: None
  • User Interaction: None
  • Scope: Unchanged
• Impact Metrics:
  • Confidentiality Impact: Low
  • Integrity Impact: Low
  • Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: apache/commons-codec@48b6157

Release Date: 2019-05-12

Fix Resolution: 1.13-RC1

Step up your Open Source Security Game with WhiteSource here

Consider upgrading ${HOME-} references¹ to ${HOME%/}² to avoid $PATH pollution.³

Leah Neukirchen serves decimal time using Ruby;¹ this utility should be available here, too, but should use only POSIX-defined tools and options

1. from 0b2d044dd4, 2021-02-25:
   

   dotfiles/.zshrc

   Lines 20 to 24 in 913708d

   	# set PATH so it includes applicable private `bin`s
   	test -d "${HOME-}"'/bin' &&
   	PATH="${HOME-}"'/bin'"${PATH:+:${PATH-}}"
   	test -d "${HOME-}"'/.local/bin' &&
   	PATH="${HOME-}"'/.local/bin'"${PATH:+:${PATH-}}"

2. from c66f3bcefd, 2020-12-26:
   

   dotfiles/.zshrc

   Lines 346 to 348 in 913708d

   	# location of Python packages on Linux
   	test -d "${HOME-}"'/.local/bin' &&
   	PATH="${HOME-}"'/.local/bin'"${PATH:+:${PATH-}}"

It was a mistake to call cp instead of command cp in LucasLarson/dotfiles@ee3c5bfd59.

cp (and grep) are super likely to be in alias definitions which means their functionality loses idempotence in shell scripts.

Vim uses ~/.vimrc according to @HiPhish¹, whereas Neovim uses $XDG_CONFIG_HOME/init.vim

this repository:

• uses both, and
• contains almost-identical files²

1. reddit.com/comments/vp78ug
2. LucasLarson/dotfiles/search (language: vim-script) as of 2022-08-23

0812e27 replaced /usr/local with $BREW_PREFIX, generated here:

Meanwhile at @Homebrew, there is a strong preference for $HOMEBREW_PREFIX:

This repository should match theirs.

if not, then consider:¹

command -v brew >/dev/null 2>&1 &&
[ -d "$(brew --prefix coreutils)" ] &&
PATH="$(brew --prefix coreutils)/libexec/gnubin:${PATH}" &&
export PATH

1. driesvints/dotfiles@388baf1/path.zsh#L17
2. https://github.com/Homebrew/brew/blob/c65d461/docs/Manpage.md#--prefix-formula

This repository should use unset ‑v instead of unset when unsetting variables to ensure better compatibility, portability, and maintainability:

• unset ‑v has been part of the POSIX specification for at least a quarter century and
• more specificity is never the worst choice when intentionally destroying data.

the current version of GitHub’s Super-Linter is v4.10.1 but I just
learned that Super-Linter’s latest tag is not synonymous with its
newest tag or release: there are 50 files changed in
github/super-linter@latest...v4.10.1

while leaping to the bleeding edge of software is not appropriate for
every repository, it would probably be preferable here

Why, in bbcd76e, did the constant move to the left side of the comparison, when that doesn’t appear to match common scripting practice?

before:

after: