Whats to stop malicious git repos changing an alias after you have already added it to your freshrc? I think locking to a specific git ref needs to be top priority.
Absolutely. This is on the road map (https://github.com/freshshell/fresh/issues/11). At the moment running `fresh update` is the only way to update the source repos. I realise this isn't ideal, but we never update repos without you knowing.
Locking to a specific git reference (https://github.com/freshshell/fresh/issues/11) has been implemented. You can now use `--ref` to lock to a particular git reference. `fresh update` will grab the new version.