Normally I think "CRC" when someone uses the word checksum, so my initial question was "why is this not calling sha256sum?". Lo and behold, it just calls GitHub to get the hash.
That's fine, I guess. Nothing wrong with utility scripts. But I feel like "old man yelling at cloud" when I see a codebase with 178 stars, 527 commits, discord channels, and dozens of indirect dependencies for it.
I thought this was gonna be some example or application of the fuzzy finder, or tell me some interesting revelation about fuzzy finding relating to checksums. Nah, different Frizbee.
It explains what it does, but not _why_, maybe I’m just not in the target audience.
Can anyone enlighten me? If GitHub actions are stored in the repo as yaml then they’re already tracked - what’s this thing for?
This seems to convert action tags like action/checkout@v3 to action/checkout@sha to avoid malicious retags.
That makes perfect sense! I knew I was missing something. Thanks.
Normally I think "CRC" when someone uses the word checksum, so my initial question was "why is this not calling sha256sum?". Lo and behold, it just calls GitHub to get the hash.
That's fine, I guess. Nothing wrong with utility scripts. But I feel like "old man yelling at cloud" when I see a codebase with 178 stars, 527 commits, discord channels, and dozens of indirect dependencies for it.
Wouldn’t boomerang have been a better name?
Or, since what it does is some checks for the checksum: `checksomechecksum`
There's the very popular and fast Friszbee fuzzy finding library too:
> Used by blink.cmp, skim, and fff.nvim.
> In the included benchmark, with typo resistance disabled, it outperforms nucleo by ~1.8x and fzf by ~2.3x and scales better with multithreading
https://github.com/saghen/frizbee
I thought this was gonna be some example or application of the fuzzy finder, or tell me some interesting revelation about fuzzy finding relating to checksums. Nah, different Frizbee.