You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Using standard packaging and installation approaches helps foster external collaboration and reduces issues/errors, especially when robust tools with their own checks are leveraged (e.g., npm, yarn, make, pip)
This is especially important for security and SecOps, which is very strict in clinical/medical environments
The current installation approach has the user running untrusted scripts, downloading artifacts from external servers, modifying files/folders/paths, unzipping archives, and running powershell subprocesses
Many of the above steps would be flagged in a (properly) secure IT environment (e.g., powershell is often blocked on most PCs in well-maintained IT environments)
Moverover, there is code duplication between windows vs linux installation scripts (e.g., forward vs backslashes)
If standard installation or packaging tools were used, duplications and security issues would be resolved, as these tools are platform agnostic
Given that downloadDeps.sh appears to focus on js installation, I'd recommend a js-based package manager (e.g., npm or yarn)
downloadDeps.shappears to focus on js installation, I'd recommend a js-based package manager (e.g., npm or yarn)The text was updated successfully, but these errors were encountered: