git-watchtower 2.1.5 → 2.1.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/bin/git-watchtower.js +12 -1
  2. package/package.json +1 -1
package/bin/git-watchtower.js CHANGED
@@ -2282,7 +2282,18 @@ function createStaticServer() {
2282
2282
  // directory. Without this second realpath+check, a symlinked dir
2283
2283
  // whose target pointed outside would serve its attacker-controlled
2284
2284
  // index.html through our root check.
2285
- if (fs.statSync(initial.path).isDirectory()) {
2285
+ let isDir;
2286
+ try {
2287
+ isDir = fs.statSync(initial.path).isDirectory();
2288
+ } catch (e) {
2289
+ // File vanished (ENOENT), perms changed (EACCES), or symlink loop
2290
+ // (ELOOP) between resolveStaticPath's realpath and this stat.
2291
+ // Without this guard the throw bubbles to uncaughtException and
2292
+ // tears down the entire TUI for what should be a 404.
2293
+ send404();
2294
+ return;
2295
+ }
2296
+ if (isDir) {
2286
2297
  const indexResult = resolveStaticPath(
2287
2298
  path.join(initial.path, 'index.html'),
2288
2299
  realStaticDir,
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "git-watchtower",
3
- "version": "2.1.5",
3
+ "version": "2.1.6",
4
4
  "description": "Terminal-based Git branch monitor with activity sparklines and optional dev server with live reload",
5
5
  "main": "bin/git-watchtower.js",
6
6
  "bin": {