First, creating temporary files with predictable names is a bad
idea, because it opens the door for symlink attacks.
Unfortunately, I don't know of an alternative way to do this
safely using only the standard library; it seems, this crucial
functionality is missing. I've asked here:
TypeScript compiler doesn't accept stdin pipes, I tried using
Unix fifo but since I'm not an Unix expert, couldn't figure it
out. The last thing was using a temporary file -- which also
sounds not good to me :)
The second thing is that you're using `pipeShell()`, which
takes only the entire command as a parameter. Because this
command will be interpreted by the shell, you have to make sure
that all you're arguments are correctly escaped. However, in
your case you don't actually need a shell; `pipeProcess()` is a
better solution, because it takes the argument list as an array:
auto pipes = pipeProcess(
["tsc", inputFileName, "--out", outputFileName],
Redirect.stderrToStdout | Redirect.stdout
);
It really makes sense, I'm going to update -- you also can open a
PR.
I met the language yesterday, I wrote the package yesterday :) I
don't know internals, but when I learn them, (which is happening
by now) going to fix it,
Thanks for your detailed comments! :)
