skill-organizer 1.0.2-beta.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/package.json +1 -1
  2. package/scripts/postinstall.js +2 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "skill-organizer",
3
- "version": "1.0.2-beta.1",
3
+ "version": "1.0.2",
4
4
  "description": "Install the skill-organizer CLI from GitHub Releases",
5
5
  "license": "UNLICENSED",
6
6
  "homepage": "https://github.com/sergiocarracedo/skill-organizer",
package/scripts/postinstall.js CHANGED
@@ -14,6 +14,7 @@ const owner = "sergiocarracedo";
14
14
  const repo = "skill-organizer";
15
15
  const version = pkg.version;
16
16
  const tag = `v${version}`;
17
+ const allowedRedirectHosts = new Set(["github.com", "release-assets.githubusercontent.com"]);
17
18
  const osMap = {
18
19
  linux: "Linux",
19
20
  darwin: "Darwin",
@@ -103,7 +104,7 @@ function download(url, destination) {
103
104
  https.get(url, (response) => {
104
105
  if (response.statusCode >= 300 && response.statusCode < 400 && response.headers.location) {
105
106
  const redirect = new URL(response.headers.location, url);
106
- if (redirect.protocol !== "https:" || redirect.hostname !== "github.com") {
107
+ if (redirect.protocol !== "https:" || !allowedRedirectHosts.has(redirect.hostname)) {
107
108
  reject(new Error(`refusing redirect to unexpected host: ${redirect.origin}`));
108
109
  response.resume();
109
110
  return;