Namespace conflict with MythX about truffle-plugin-verify HOT 14 CLOSED

A workaround that could be possible is that both the MythX guys and I define a second command in our truffle-plugin files. Then when both truffle-plugin-verify and truffle-security are installed together, a user could still use both of them by their "fallback" command. For me that would be truffle run etherscan and perhaps for truffle-security it could be truffle run mythx.

This would require no changes at Truffle's side, and could be a valid workaround while a true solution can be developed on the Truffle side. @gnidan would this work with the current Truffle plugin system?

from truffle-plugin-verify.

Perhaps specifying a list of objects with an optional override key, rather than strings could be done. eg:

plugins: [
  { name: 'truffle-plugin-verify', overrides: { 'verify': 'etherscan' } },
  { name: 'truffle-security' }
]

Could perhaps even be combined? eg:

plugins: [
  { name: 'truffle-plugin-verify', overrides: { 'verify': 'etherscan' } },
  'truffle-security'
]

from truffle-plugin-verify.

I run into the same issues...Is there any workaround to this problem yet? thanks

from truffle-plugin-verify.

@danielrea Awesome work!

So as a reference to anyone finding this down the line.

If you want to use both truffle-plugin-verify, and truffle-security in the same project:

1. Use truffle-plugin-verify version 0.3.5 or higher & truffle-security version 1.6.2 or higher.
2. Use the command truffle run etherscan for truffle-plugin-verify & truffle run mythx for truffle-security.

from truffle-plugin-verify.

Hey @SeanJCasey, this is something I noticed as well after publishing this plugin. Would have been very easy to avoid if I had looked into it before creating this plugin 😅.

Right now I'm a bit hesitant to change the command, especially since the plugin is called truffle-plugin-verify, it might be confusing if the command verify doesn't work.

Ideally, I would like to configure a fallback command, something like truffle run etherscan that can be used in case of naming conflicts, but this is not currently possible with Truffle plugins. Is this something that could be added to Truffle @gnidan @tcoulter? Any other thoughts on this?

from truffle-plugin-verify.

Ha! We just bumped into the exact same issue :/

from truffle-plugin-verify.

Oh hey you found the wart! We skimmed over this in our initial implementation. We'll get this sorted out. Thanks for letting us know it's causing issues.

from truffle-plugin-verify.

(Quick follow-up, but there's more detail I can go into once I'm on my computer)

Basically, there needs to be a way for users:

• to configure specific renames for plugins, and/or
• a way to disambiguate plugin commands by specifying the plugin name also

If anyone has implementation thoughts or feels like taking a stab at this, would definitely appreciate that!

from truffle-plugin-verify.

I think definitely we want the "combined" option!

Another syntax idea, just to brainstorm:

plugins: ["truffle-plugin-verify", "truffle-security"],
commands: {
  "verify": "truffle-plugin-verify:verify",
  "mythx": "truffle-security:verify"
}

I don't know, maybe there's something here.

I think the other front is probably easier, the "run command from specific plugin" side:

$ truffle run truffle-plugin-verify:verify

But then long package names start to get in the way. Maybe the plugin configuration needs some kind of rename system?

plugins: [{
  use: "truffle-plugin-verify",
  as: "rkalis-verify",
  commands: [{
    use: "verify",
    as: "etherscan"
  }]
]

This is kind of heavy-handed for example purposes. I'm thinking that you'd invoke with the syntax above:

$ truffle run rkalis-verify:etherscan

(or just truffle run etherscan, assuming it's now unique)

Thoughts?

(OH, edit: plugins config is eventually intended for use beyond "command plugins", to support additional compilers, etc., so overrides might not be explicit enough if we want that namespace to have future-compatibility)

from truffle-plugin-verify.

I think I like this one better, just because it's less clutter. I think this might be one of the least cluttered ways to achieve command reassignment.

plugins: ["truffle-plugin-verify", "truffle-security"],
commands: {
  "verify": "truffle-plugin-verify:verify",
  "mythx": "truffle-security:verify"
}

from truffle-plugin-verify.

Bernhard from MythX here, damn! I agree it would be more logical if you guys used "verify" and we switched to something else, but it's near-impossible for us to change this now because it would break truffle-security in tons of CI pipelines. Users would not be happy.

@gnidan how about the fallback command, can we get that added?

from truffle-plugin-verify.

Hey @b-mueller, thanks for the reply from your side. I just cloned truffle-security and truffle-plugin-verify and added a fallback command to the truffle-plugin.json files.

truffle-security:

{
  "commands": {
    "verify": "index.js",
    "mythx": "index.js"
  }
}

truffle-plugin-verify:

{
    "commands": {
        "verify": "verify.js",
        "etherscan": "verify.js"
    }
}

Then I installed these packages into a SimpleStorage project and did some tests, with the following findings:

1. When there are two plugins with conflicting commands, it depends on the order in which they are listed which plugin gets chosen. So in the following example truffle-security has precedence over truffle-plugin-verify.

     plugins: [
       'truffle-security',
       'truffle-plugin-verify',
     ],

2. My proposed stopgap solution works. So if we both add a "fallback" command to the truffle-plugin.json file like above, then the users will be able to use truffle run verify for the first listed plugin, and use the fallback command for the other one. In my example that is truffle run etherscan and truffle run mythx respectively.

I think this is the best solution we have right now while there is no native Truffle solution for users to customise commands.

from truffle-plugin-verify.

I just published [email protected]. This release includes the fallback command truffle run etherscan with the same usage as truffle run verify. This can be used as an alternative when using both truffle-security and truffle-plugin-verify together.

I'd still recommend @b-mueller to do the same so the plugin order doesn't matter, but at least it's now possible to use these plugins together.

from truffle-plugin-verify.

@rkalis truffle run mythx can now be used as an alternative to truffle run verify

from truffle-plugin-verify.