npm-pkg-lint 5.1.1 → 5.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.js +13 -5
- package/dist/index.js.map +2 -2
- package/package.json +1 -1
package/dist/index.js
CHANGED
|
@@ -3452,13 +3452,20 @@ var require_tmp = __commonJS({
|
|
|
3452
3452
|
].join("");
|
|
3453
3453
|
return path8.join(tmpDir, opts.dir, name);
|
|
3454
3454
|
}
|
|
3455
|
+
function _assertPath(path9) {
|
|
3456
|
+
if (path9.includes("..")) {
|
|
3457
|
+
throw new Error("Relative value not allowed");
|
|
3458
|
+
}
|
|
3459
|
+
return path9;
|
|
3460
|
+
}
|
|
3455
3461
|
function _assertOptionsBase(options) {
|
|
3456
3462
|
if (!_isUndefined(options.name)) {
|
|
3457
3463
|
const name = options.name;
|
|
3458
3464
|
if (path8.isAbsolute(name)) throw new Error(`name option must not contain an absolute path, found "${name}".`);
|
|
3459
3465
|
const basename = path8.basename(name);
|
|
3460
|
-
if (basename === ".." || basename === "." || basename !== name)
|
|
3466
|
+
if (basename === ".." || basename === "." || basename !== name) {
|
|
3461
3467
|
throw new Error(`name option must not contain a path, found "${name}".`);
|
|
3468
|
+
}
|
|
3462
3469
|
}
|
|
3463
3470
|
if (!_isUndefined(options.template) && !options.template.match(TEMPLATE_PATTERN)) {
|
|
3464
3471
|
throw new Error(`Invalid template, found "${options.template}".`);
|
|
@@ -3471,15 +3478,16 @@ var require_tmp = __commonJS({
|
|
|
3471
3478
|
options.detachDescriptor = !!options.detachDescriptor;
|
|
3472
3479
|
options.discardDescriptor = !!options.discardDescriptor;
|
|
3473
3480
|
options.unsafeCleanup = !!options.unsafeCleanup;
|
|
3474
|
-
options.prefix = _isUndefined(options.prefix) ? "" : options.prefix;
|
|
3475
|
-
options.postfix = _isUndefined(options.postfix) ? "" : options.postfix;
|
|
3481
|
+
options.prefix = _isUndefined(options.prefix) ? "" : _assertPath(options.prefix);
|
|
3482
|
+
options.postfix = _isUndefined(options.postfix) ? "" : _assertPath(options.postfix);
|
|
3483
|
+
options.template = _isUndefined(options.template) ? void 0 : _assertPath(options.template);
|
|
3476
3484
|
}
|
|
3477
3485
|
function _getRelativePath(option, name, tmpDir, cb) {
|
|
3478
3486
|
if (_isUndefined(name)) return cb(null);
|
|
3479
3487
|
_resolvePath(name, tmpDir, function(err, resolvedPath) {
|
|
3480
3488
|
if (err) return cb(err);
|
|
3481
3489
|
const relativePath = path8.relative(tmpDir, resolvedPath);
|
|
3482
|
-
if (
|
|
3490
|
+
if (relativePath.startsWith("..") || path8.isAbsolute(relativePath)) {
|
|
3483
3491
|
return cb(new Error(`${option} option must be relative to "${tmpDir}", found "${relativePath}".`));
|
|
3484
3492
|
}
|
|
3485
3493
|
cb(null, relativePath);
|
|
@@ -3489,7 +3497,7 @@ var require_tmp = __commonJS({
|
|
|
3489
3497
|
if (_isUndefined(name)) return;
|
|
3490
3498
|
const resolvedPath = _resolvePathSync(name, tmpDir);
|
|
3491
3499
|
const relativePath = path8.relative(tmpDir, resolvedPath);
|
|
3492
|
-
if (
|
|
3500
|
+
if (relativePath.startsWith("..") || path8.isAbsolute(relativePath)) {
|
|
3493
3501
|
throw new Error(`${option} option must be relative to "${tmpDir}", found "${relativePath}".`);
|
|
3494
3502
|
}
|
|
3495
3503
|
return relativePath;
|