Add Hacked! check

Way cool!

I won't get a chance to test it this week, but will definitely exercise it next week.

I don't like automatically downloading and enabling hacked, that won't work on Pantheon (site_audit is installed in the system-wide drush installation and does not require enabling on site). Is there a way to run hacked without enabling it on a site?

Brainstorming - drush has an internal file-based cache... that could be used instead of the database.

I would add a separate check before the actual hacked run to see if hacked is enabled and abort with an info message if it isn't (similar to views).

While it's using the hacked module, I think it'd be better for the user facing message to be less... scary.

The following extension(s) have been modified:
Audit the codebase to check for modified extensions

will have a much different impact than the implication that someone has broken into the system and changed code.

Again, way cool, I'd like to get this running - especially if we can do it without having to enable hacked.

I feel strongly about not automatically installing a module, Pantheon or no. So far, every check makes no modifications to the Drupal installation, and to keep user trust, it should stay that way. Additionally, it's going to be very disconcerting and that downloads and enables a module.

Honestly have no idea how to do this without the hacked module available.

Doesn't hacked have drush support? Does that require the module to be installed, or can hacked be placed with other drush commands like /opt/drush/commands/ or ~/.drush/commands? If it requires that the module be installed, what would it take to remove that requirement?

If it is a current requirement of Hacked that the module is enabled, I'm not beyond... hacking hacked, I guess, and putting a patch that allows the checks to be run without the module being enabled in their issue queue so it goes through their channels. That's why I mentioned using drush's cache instead of the database.

To be clear - this will be a great addition. However, this check should also depend on the hacked module... but shouldn't require that hacked be installed. If it's not available to drush, it should just gracefully abort, not make modifications to the site structure, code and database.

Posted #2066371: Integrate hacked with site_audit & allow hacked to be installed globally in collaboration with seanr.

Waiting on #2066371: Integrate hacked with site_audit & allow hacked to be installed globally as I'd rather not deploy with a patched version of Hacked! as a dependency. I might bug them about taking over maintenance, like I don't have enough going on.

I've updated the patch a bit with things that seem to work better for us. Hiding the unchanged's and adding a deleted column alongside the changed column. Also updated the patch in #2066371: Integrate hacked with site_audit & allow hacked to be installed globally as it wasn't working for me. Also got a co-worker applying for maintainer of the hacked module so hopefully we can see a resolution to both of these.

That last patch is 0 bytes. I'm going to review the hacked changes and see if we can poke it along. The maintainer is there and listening...

Treating this as a meta issue now, #2066371: Integrate hacked with site_audit & allow hacked to be installed globally now that site_audit can be extended. Once that patch is included and the issue is closed, this one can be too!

Coordinating in other issue.