In my opinion, you should always strive to have your own known safe copy of the code if it is something like this. Centrally maintained and trusted libraries, you have some mitigated community risk management and controls.
If you take the approach of having a local copy, then you know what you have and it is accessible should the other code become unavailable for any reason. You have your own protected copy if you like, but you do then have to update it if it becomes out of date.
As for evaluating arbitrary code from an online source, in particular one that you do not control and is not policed by a larger community or entity; well I would absolutely recommend not doing this for this sort of code base.
Just remember, even someone with the very best of intentions can make mistakes or be hacked. Trust of intent is not the same as trust of execution.
Yep! Totally, I agree with you. Thanks a lot @sylumer for taking the time to make such a great explanation.
My idea was doing this with my own gist/GitHub files.
This way I can commit to GitHub and it will always use the latest version with out doing any extra effort like running an action to download the file or having to copy/paste it every time I commit new changes.
This way I can also give my non-tech friends just 3-4 lines on scriptable that just require a one time setup and then they will always have the new updates of my commits.
Save the script to a known file in the Scriptable directory.
After that, attempt to import the script as usual.
Carry on with further processing as usual.
That way you can always run the script even if you couldn’t get the latest copy. Depending on the script size, you could also use a different URL to give a version number to check against and save you downloading everything every time it runs.
It also gets you past having to evaluate. You should just be able to code as normal. All you are doing is adding an update procedure to the start.
If you wanted to take it further, put that updater code in another script, and use it across your scripts with some appropriate parameters.