You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Referencing this package will implicitly bring in YoLo.fs ( https://github.com/haf/YoLo ), which uses an AutoOpen attribute inside an empty namespace, automatically bringing all its definitions into scope, with no way to prevent it, even in code files that do not open the HttpFs namespace or any of its modules.
These definitions will then show up via autocomplete on standard type and module names like Result, Option, String, Array, Regex, List, and Seq, tricking you into using them while thinking you're only using FSharp.Core or the builtin dotnet libraries.
Since there is currently no good standard way to disable transitive NuGet package references, this will also infect projects that depend on projects or packages that in turn depend on this package.
And since YoLo is included as a copied code dependency in Http.Fs:
Referencing this package will implicitly bring in YoLo.fs ( https://github.com/haf/YoLo ), which uses an
AutoOpenattribute inside an empty namespace, automatically bringing all its definitions into scope, with no way to prevent it, even in code files that do not open theHttpFsnamespace or any of its modules.These definitions will then show up via autocomplete on standard type and module names like
Result,Option,String,Array,Regex,List, andSeq, tricking you into using them while thinking you're only using FSharp.Core or the builtin dotnet libraries.Since there is currently no good standard way to disable transitive NuGet package references, this will also infect projects that depend on projects or packages that in turn depend on this package.
And since YoLo is included as a copied code dependency in Http.Fs:
Http.fs/HttpFs/HttpFs.fsproj
Lines 10 to 13 in b1bd152
rather than a NuGet dependency, this situation is greatly obscured when analyzing your own package dependencies.
This obstructs you from removing Http.Fs as a dependency even in projects that do not use it.
The text was updated successfully, but these errors were encountered: