scratch almost never gets new features. yeah, i know, "development is hard, “that isn't high on our priority list”, and so on. but the fact is, scratch-gui alone currently has 30 vulnerabilites. they aren't just low severity either. 2 are critical severity, and the other 28 are high severity. features that should take about 20 minutes for 1 dude to implement, were suggested 10 years ago and have support from multiple ST members like the exponent block still haven't been added.
to fix this, i suggest that ST allow people to PR in new features and bugfixes into a new branch that gets hosted as a beta version of the scratch editor. if they work fine, then they get added.
yeah thats my suggestion, im crap at ending suggestions

EngineerRunner wrote:

scratch-gui alone currently has 30 vulnerabilites. they aren't just low severity either. 2 are critical severity, and the other 28 are high severity.

npm moment xD

I agree, the current contribution policy Scratch has looks like a pretty giant excuse for a variety of things: not wanting to review user code, not wanting to be fully open source, etc.. I haven't seen any other open-sourced org be so closed about new contributions than Scratch. If a PR doesn't align with their design goals, they can simply reject the PR lol

what is “PR”?

unmissable wrote:

what is “PR”?

pull request

bump so people could potentially help fix these outages

EngineerRunner wrote:

but the fact is, scratch-gui alone currently has 30 vulnerabilites. they aren't just low severity either. 2 are critical severity, and the other 28 are high severity.

Note that most of them are from packages and the standalone code doesn't have any vulnerabilities . But yeah, they're using outdated packages that are deprecated, outdated, slow, and insecure, as shown when you npm run build.

https://dpaste.org/3RxDL

bump

this would be an interesting experiment, i support

Update on this:

Codubee wrote:

No, I'm going to respond that there's a lot of reasons why stick with “out of date packages”. Mainly because it takes a lot of time (engineering oversight and QA work) to make sure changes to underlying packages don't introduce instability/bugs.

source

Anyways. This would be really interesting, so support.

josueart wrote:

Update on this:

Codubee wrote:

No, I'm going to respond that there's a lot of reasons why stick with “out of date packages”. Mainly because it takes a lot of time (engineering oversight and QA work) to make sure changes to underlying packages don't introduce instability/bugs.

source

Anyways. This would be really interesting, so support.

Yeah, I suspected that. It's very common to stick to specific versions of packages to prevent any breaking changes introduced by newer versions. Not going to pretend I know everything though, since it could be for other reasons. Although, there are still areas outside of package management that can be improved

bump

Support! It would be awesome if other devs could help with the development of Scratch! It would take some load off the ST, especially with the recent layoffs. There would definitely need to be a bug-reporting system like there is with Scratch Labs.

ToastRoastBoast wrote:

(#13)
dupe

No, this is about PRs for the scratch editor itself; not projects that people make…
Edit: 600th post woooooo

bump

EngineerRunner wrote:

features that should take about 20 minutes for 1 dude to implement, were suggested 10 years ago and have support from multiple ST members like the exponent block still haven't been added.

An exponent block would be convenient for some people, and I'd be fine if they brought the servers down for only 20 minutes to add the block.

completeness wrote:

(#17)
(snip)

Also, somewhat related is capitalizing Account settings. This is a trivial single-letter string fix (or two since there's 2.0 and 3.0 pages), which the developers don't seem to want to do, due to being minor. Someone else submitted a pull request to fix it in scratch-www, and it got closed because… the developers don't want to do it? Don't contributions exist so anyone can submit fixes/changes that the main developers haven't found/can't/don't want to do?


And about the suggestion itself, not even features just bugfixes please. Scratch has so, so many bugs that still haven't been fixed since 3.0's release in 2019, that have been fixed by mods like TurboWarp or browser extensions (capitalizing Account settings being one of them) or existing user contributions.

This is true as,

rdococ wrote:

Let's look at the two largest features added to Scratch since 1.4: clones and custom blocks.

they said 1.4! That's a long-ish time ago (I think) The suggestions forums is just a place where people argue over if an idea is good or not even though it may never be added.

Support!

First post on new page! :D

RobotChickens wrote:

ToastRoastBoast wrote:

(#13)
dupe

No, this is about PRs for the scratch editor itself; not projects that people make…
Edit: 600th post woooooo

600th POST!!!! (Kinda off topic, and not mine, theirs)

What does this mean, I’m confused