I just stumbled upon a collection of bash completions which can be quite handy: https://github.com/perlpunk/shell-completions
I tried mojo, cpan and pip completions in a sandbox and they worked like a charm!
The only question I've got is, has anyone ever done a security audit of the repository? Anyone has taken the time to look at the code? I could try auditing but I'm not even sure what to look for.
I feel quite wary of letting an unknown source access to my bash session and what I type.
The mojo, cpan and pip bash scripts don't fail my test of "skimming over the source and looking for dangerous external commands like curl or
rm
" (good syntax highlighting is helpful here). They look like typical completion scripts. However, if your Linux distribution has a pip completion script in their repos, prefer that one.Thanks. At least I've got a few clues to look for when auditing such code.