Hi everyone of this amazing community!
I’m finding amazing widgets everyday, most of them are hosted on GitHub and they get updates very often.
Is there any way to load/import the code from a GitHub raw file?
This way I can have always the latest version with out having to copy/paste into the scriptable file.
I’m thinking of something similar of what “<script src/>” does on HTML.
Thanks a lot!
There have been scripts for a while to work with gists.
Note: export and import are both on that thread
You could probably modify them to work with repos if necessary, but I would imagine most people are still using gists for one off scripts.
@sylumer thanks a lot for the answer!
So I assume the only way to import/use a widget’s code from a .js file on GitHub/Gist would be downloading that file on iCloud/local and then import it on the script?
They was I was thinking of doing it was:
Let’s say I want to use this .js file: https://raw.githubusercontent.com/p0fi/skiable-for-scriptable/main/skiable.js
So in my script on Scriptable, instead of copy/pasting that code, I’m trying to do something like this:
const scriptUrl = "https://raw.githubusercontent.com/p0fi/skiable-for-scriptable/main/skiable.js";
let req = new Request(scriptUrl);
req.allowInsecureRequest = true;
let response = await req.loadString();
console.log(response);
Would it be possible to execute ‘response’ code? (the actual GitHub .js file)
I tried using eval(response); and also executing it using a function:
var F=new Function (response);
return(F());
But neither worked.
If any of you think this can be done, it would be amazing to know how! Thanks a lot!
In my opinion, you should always strive to have your own known safe copy of the code if it is something like this. Centrally maintained and trusted libraries, you have some mitigated community risk management and controls.
If you take the approach of having a local copy, then you know what you have and it is accessible should the other code become unavailable for any reason. You have your own protected copy if you like, but you do then have to update it if it becomes out of date.
As for evaluating arbitrary code from an online source, in particular one that you do not control and is not policed by a larger community or entity; well I would absolutely recommend not doing this for this sort of code base.
Just remember, even someone with the very best of intentions can make mistakes or be hacked. Trust of intent is not the same as trust of execution.
Yep! Totally, I agree with you. Thanks a lot @sylumer for taking the time to make such a great explanation.
My idea was doing this with my own gist/GitHub files.
This way I can commit to GitHub and it will always use the latest version with out doing any extra effort like running an action to download the file or having to copy/paste it every time I commit new changes.
This way I can also give my non-tech friends just 3-4 lines on scriptable that just require a one time setup and then they will always have the new updates of my commits.
On that basis how about this approach:
That way you can always run the script even if you couldn’t get the latest copy. Depending on the script size, you could also use a different URL to give a version number to check against and save you downloading everything every time it runs.
It also gets you past having to evaluate. You should just be able to code as normal. All you are doing is adding an update procedure to the start.
If you wanted to take it further, put that updater code in another script, and use it across your scripts with some appropriate parameters.
I had some thought about this too and wore a little proof-of-concept that worked similar to importModul but also takes care of caching urls.
You can find more information here: