[koolba]

There's a big difference between a precompiled app from a company you've possibly heard of (which exists as an entity and could be sued for creating something malicous) v.s. some random guy on the internet.

I personally would not run an arbitrary binary from somebody I've never heard of on my local machine. And definitely not give it database credentials or access. I also think anybody that is willing to do so is insane. There's so much garbage and malware on npm, that something that is installed via the @latest on npm is arguably even worse. Even if it's fine now, there's no telling when one of its deps could be compromised too.

[giancarlostoro]

Companies have to start somewhere though, lots of software exists that never was open source. I think he needs to get his tool in the hands of people who review dev tools.

[oleksandr_dem]

> Companies have to start somewhere though, lots of software exists that never was open source

I think koolba's point was not as much about the tool being open-source as it is for a tool that runs on your machine and accesses your database with write permission, not having any guarantees it does the job it promises.

I could not agree more with him. This tool was born as a side project for my personal need, so I obviously use it without hesitation. But obviously, there is nothing to ensure you the tool won't drop your DB out of nowhere, or dumps your data somewhere else.

I think going open source will allow me to build some credibility for now.

PS. I use this tool daily, but I have to admit, in prod env I have read only user.

[giancarlostoro]

I get what he meant, but tools like Navicat as far as I know were unknown DB client tools, someone had to trust that it wouldnt mess up their PROD db somehow.

Then again, never use a new DB tool on a PROD DB, always test in lower environments.

[oleksandr_dem]

Sure, if the product fits the market needs, some people will start using (and I can see there was an increase in CLI installations yesterday from NPM).

So hypothetically yes, you can build trust overtime (Navicat has over 20 years of development), for every N users who don't trust it now, there is 1 yolo guy who just said "Yeah, this might help me do my job".

I should've presented this post in a different way. A lot of people that came here expected production ready tool, while the reality is that I did this in my free time to help me do my job, I wrote landing page in 10 minutes, and I published this post to get some feedback to see if it is something that may be interesting.

And based on what I read, I think there is interest for this tool.

[oleksandr_dem]

I see your point. Since it's unlikely that I'll become a trusted entity anytime soon, open-sourcing it is probably the right thing to do to build some credibility.