modules: read cue.mod/module.cue in data-only mode #3138
Labels
FeatureRequest
New feature or request
modules
Issues related to CUE modules and the experimental implementation
Security
Currently module.cue files can contain arbitrary CUE, including references, stdlib imports, comprehensions etc.
As the module.cue file is necessary metadata required before doing any CUE work, this lays open the
tooling to potential DoS attacks and also makes the file less amenable to automatic edits, which is an
importand requirement of module tooling.
We should parse the module.cue file in data-only mode to avoid these potential pitfalls.
The text was updated successfully, but these errors were encountered: