Skip to content
/ nvim-config-local Public
forked from klen/nvim-config-local

Secure load local config files for neovim

License

MIT license
0 stars 9 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

loqusion/nvim-config-local

BranchesTags
 
 

Repository files navigation

nvim-config-local 1.3.1

Secure load local config files.

tests Awesome Neovim

Vim provides a feature called exrc, which allows to use config files that are local to the current working directory. However, unconditionally sourcing whatever files we might have in our current working directory can be potentially dangerous. Because of that, neovim has disabled the feature. The plugin tries to solve this issue by keeping track of file hashes and allowing only trusted files to be sourced.

Usage

When the plugin detects a new config file, it will ask what do you want to do with it:

[config-local]: Unknown config file found: ".vimrc"
[s]kip, (o)pen, (i)gnore, (t)rust:

You can either skip this file for now, open it to see if it doesn't contain anything malicious, iignore the file so config-local won't ask you about it again, or trust (mark it trusted) and source it right away.

To manually mark file as trusted, open the config file with :edit .vimrc or :ConfigEdit and save it. You will be asked to trust the current config file.

File has to be marked as trusted each time its contents or path changes.

Install

with packer:

use {
  "klen/nvim-config-local",
  config = function()
    require('config-local').setup {
      -- Default configuration (optional)
      config_files = { ".vimrc.lua", ".vimrc" },  -- Config file patterns to load (lua supported)
      hashfile = vim.fn.stdpath("data") .. "/config-local", -- Where the plugin keeps files data
      autocommands_create = true,                 -- Create autocommands (VimEnter, DirectoryChanged)
      commands_create = true,                     -- Create commands (ConfigSource, ConfigEdit, ConfigTrust, ConfigIgnore)
      silent = false,                             -- Disable plugin messages (Config loaded/ignored)
      lookup_parents = false,                     -- Lookup config files in parent directories
    }
  end
}

Commands

The plugin defines the commands:

  • ConfigSource - Source config file from the current working directory
  • ConfigEdit - Edit (create) config file for the current working directory
  • ConfigTrust - Add config file for the current working directory to trusted files.
  • ConfigIgnore - Add config file for the current working directory to ignore files.

Events

The plugin sends event User ConfigLoaded after loading configuration. So users may bind autocmd to the event:

autocmd User ConfigFinished lua my_custom_function()

About

Secure load local config files for neovim

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

6 tags

Packages

No packages published

Languages

  • Lua 97.8%
  • Makefile 2.2%