rbw VS homebrew-core

Yes, but it is quite uncomfortable to use, requiring you to get a session key and storing it somewhere. Instead, I've had good experiences with [rbw]. Maybe that would also be interesting for GP.

I've used to rbw for a rofi (and rofi-like frontend): https://github.com/fdw/rofi-rbw/

[rbw]: https://github.com/doy/rbw/

See https://github.com/doy/rbw for all the details

You can try using rbw to do that.

If you'd like a CLI client (also written in Rust), I'd recommend rbw, it's really simple but works a lot better for me than the official client.

If you know rust and C#, you can also look at bitwarden/server implementation (C#), or dani-garcia/vaultwarden (rust). Lastly, doy/rbw is a fully fledged CLI implementation of a client, and there is always looking at the official client implementation (bitwarden/browser and bitwarden/cli).

However, I've moved from that to rbw and I can honestly say it's much better. It handles locking/unlocking very well, and the interface actually makes sense.

I agree that the Bitwarden cli is awful. You have to log in, and store the token it gives you manually so that it knows you're logged in.

However, I found https://github.com/doy/rbw , and alternative OSS cli written in Rust, and it's exactly what I wanted. (Disclaimer: I liked it so much I wrote a rofi integration for it.)

$ brew info eza ==> eza: stable 0.18.13 (bottled) Modern, maintained replacement for ls https://github.com/eza-community/eza Not installed From: https://github.com/Homebrew/homebrew-core/blob/HEAD/Formula/e/eza.rb License: MIT ==> Dependencies Build: pandoc ✘, pkg-config ✔, rust ✘ Required: libgit2 ✘ ==> Analytics install: 12,792 (30 days), 38,295 (90 days), 68,375 (365 days) install-on-request: 12,790 (30 days), 38,293 (90 days), 68,375 (365 days) build-error: 0 (30 days)

Is disabling the compromised repo the typical GitHub policy? My concern is there are monorepos used by package managers, like brew, that are a collection of thousands of projects [1]. These monorepos seem like a prime target for attack and if GitHub disables one because a malicious commit was merged then you've taken down an entire ecosystem.

[1] https://github.com/Homebrew/homebrew-core

> Correct. Though we do not appear to be affected, this revert was done out of an abundance of caution.

[1] https://github.com/Homebrew/homebrew-core/pull/167512

> right, but now you know even less about your setup when you some roadblock

This is the same with a binary though. And with homebrew, you can't follow patches or flags used or if they change.

- https://github.com/Homebrew/homebrew-core/blob/c964ad7fa53ad...

definitely be careful about using fortune in a corporate environment or public space if you don't know what dat files you are using or you might just get an extremely unwelcome surprise.

I was practicing a presentation and used to use "fortune" all the time. I forget exactly what it output but I remember being absolutely mortified about what could have happened if that had popped up during an internal company tech talk.

Kudos to brew for keeping unsuspecting people safe

https://github.com/Homebrew/homebrew-core/commit/3fb3c4c3e55...

I'm sorry to be asking this as I find it a bit silly, but it's blocking my PR [3], so could a few of you star the project on Github [1] to get my PR to run?

[1] https://github.com/laktak/chkbit-py

[2] https://brew.sh

[3] https://github.com/Homebrew/homebrew-core/pull/160018