Skip to content

Update-Install-WinUtilChoco.ps1 #3846

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
GabiNun wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Update-Install-WinUtilChoco.ps1 #3846

GabiNun wants to merge 5 commits into from
+5 −18

Conversation

@GabiNun
Copy link
Contributor

@GabiNun GabiNun commented Dec 23, 2025
edited
Loading

Using -UseBasicParsing makes it so it dosen't ask you to confirm execution, and you dont need the other things choco already dose them for you

Real-MullaC
Real-MullaC reviewed Jan 4, 2026
View reviewed changes
Copy link
Contributor

@Real-MullaC Real-MullaC left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should kept in a try catch just so if there is any issues with it installing it will say.

@GabiNun
Copy link
Contributor Author

GabiNun commented Jan 5, 2026

@Real-MullaC ye but the catch message dosen't do anything anyway

@ChrisTitusTech ChrisTitusTech requested a review from Copilot January 7, 2026 21:25
Copilot AI reviewed Jan 7, 2026
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR simplifies the Chocolatey installation function by using -UseBasicParsing with Invoke-WebRequest and removing manual setup steps that Chocolatey's installation script already handles.

Key Changes:

  • Removed try-catch error handling block
  • Removed manual execution policy and security protocol configuration
  • Simplified installation to a single Invoke-WebRequest command with -UseBasicParsing piped to Invoke-Expression

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

functions/private/Install-WinUtilChoco.ps1 Outdated


Write-Host "Chocolatey is not installed, installing now."
Invoke-WebRequest https://community.chocolatey.org/install.ps1 -UseBasicParsing | Invoke-Expression
Copy link

Copilot AI Jan 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The line Invoke-WebRequest https://community.chocolatey.org/install.ps1 -UseBasicParsing | Invoke-Expression downloads and immediately executes a remote PowerShell script without any integrity or authenticity verification beyond basic TLS, creating a supply-chain RCE risk if the Chocolatey host, DNS, or a trusted CA is compromised. An attacker who can tamper with responses from community.chocolatey.org could execute arbitrary code with the privileges of this script during installation. To mitigate, avoid the curl | IEX pattern by downloading the installer to disk, verifying a strong checksum/signature or pinning to a trusted hash/version, and only then executing the verified script.

Copilot uses AI. Check for mistakes.
@GabiNun
Update functions/private/Install-WinUtilChoco.ps1
dee891d 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ChrisTitusTech ChrisTitusTech Awaiting requested review from ChrisTitusTech ChrisTitusTech is a code owner

+1 more reviewer

@Real-MullaC Real-MullaC Real-MullaC left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@GabiNun @Real-MullaC