Command hook is downloading a binary from this repository every run... why?

[jmctune]

Hi there,

First off, thanks for this plugin. We use it and have been happy with its purpose for some time now.

I wanted to bring up a concerning section of code (to us) in hopes this can be addressed:

https://github.com/monebag/monorepo-diff-buildkite-plugin/blob/3f65d099261bf9680da137cc4cabc363bcabcb8d/hooks/command#L74-L103

In our organization, we cache all of our plugins into our build image so they can be used locally (without having to git clone a repository for each plugin). This saves on bandwidth and helps us ensure we know what we're running in our pipelines. I just submitted a PR (#139) and noticed that every invocation of this plugin is making a call to this repository to download a go binary, which puts a hole in our caching strategy, but also reads like a big security issue. I'm not sure I need to detail why this isn't a great idea, but are there plans to make this an offline plugin versus needing to download a binary to execute a command hook?

Thanks and looking forward to hearing back.