Warn of the dangers of using this package #4
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Correct me, if I'm wrong here, but it looks like this package modifies files in
PUB_CACHE, is that correct?Please advise users not to use this package.
Please consider flagging this package as discontinued on pub.dev.
Modifying
PUB_CACHEis bad, users who do this, might not realize that they've poisoned theirPUB_CACHE. They might have been usingpatch_packageon a toy project, and suddenly they'll be using their patches in other unrelated projects because they are stored inPUB_CACHE.They might get weird unexplained behavior months or years later in totally unrelated projects, because files in their
PUB_CACHEhave been modified in arbitrary ways. They'll report bugs that maintainers can't reproduce! They won't be able to reproduce their behavior in CI or on other machines. They might think their their personal computer has a very weird problem with Dart or Flutter, one that nobody else has. If you've forgotten that you've modified yourPUB_CACHE, it can be really hard to figure out why something is broken.To be fair: I've certainly used go-to-definition and inserted
printstatements during debugging, and I've also experienced these unexplained prints showing up in logs of another projects weeks later with no explanation -- So I'm by no means perfect 🤣🤣🤣But I'd still advice against this, and certainly warn people of the dangers!
You can also change how it works!
You could copy the package to be modified into
.dart_tool/patched-packages/<package>and then either:pubspec_overrides.yamlthat specifies adependencies_overrideswith a path-dependency on the package in.dart_tool/patched-packages/<package>.dependency_overridesinpubspec.yamlto create a path-dependency pointing at.dart_tool/patched-packages/<package>..dart_tool/package_config.jsonto point to.dart_tool/patched-packages/<package>Or do something like
package:vendor, though it's certainly not a perfect solution.