tree-fs 0.1.1 → 0.1.2

package/README.md

@@ -6,12 +6,15 @@ It is designed to be the **standard "Paste & Go" receiver for AI-generated code*
 
   <a href="https://www.npmjs.com/package/tree-fs"><img src="https://img.shields.io/npm/v/tree-fs.svg?style=flat-square&color=007acc" alt="npm version"></a>
   <a href="https://www.npmjs.com/package/tree-fs"><img src="https://img.shields.io/npm/dt/tree-fs.svg?style=flat-square&color=success" alt="npm downloads"></a>
-  <a href="https://github.com/tree-fs/blob/main/LICENSE"><img src="https://img.shields.io/github/license/tree-fs.svg?style=flat-square&color=blue" alt="license"></a>
-  <a href="https://github.com/tree-fs/stargazers"><img src="https://img.shields.io/github/stars/tree-fs?style=flat-square&logo=github" alt="stars"></a>
-
+  <a href="https://github.com/mgks/tree-fs/blob/main/LICENSE"><img src="https://img.shields.io/github/license/mgks/tree-fs.svg?style=flat-square&color=blue" alt="license"></a>
+  <a href="https://github.com/mgks/tree-fs/stargazers"><img src="https://img.shields.io/github/stars/mgks/tree-fs?style=flat-square&logo=github" alt="stars"></a>
 
 ## ⚡ Why tree-fs?
 
+<p align="">
+  <img src="https://github.com/mgks/tree-fs/blob/main/preview.gif?raw=true" width="720">
+</p>
+
 LLMs (ChatGPT, Claude, DeepSeek) are great at planning architectures but bad at executing them.
 They often output this:
 
@@ -144,4 +147,4 @@ tree-fs structure.txt --dry-run
 
 ## License
 
-MIT
+MIT

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "tree-fs",
-  "version": "0.1.1",
+  "version": "0.1.2",
   "description": "Generate file system structures from text-based directory trees. The standard receiver for AI-generated project scaffolding.",
   "bin": {
     "tree-fs": "bin/tree-fs.js"

package/src/generator.js

@@ -14,12 +14,11 @@ function generateFS(tree, baseDir = process.cwd(), options = {}) {
   let rootPath = baseDir
 
   // Intelligent Root Detection:
-  // If there is exactly one top-level folder, we treat it as the project root.
+  // If there is exactly one top-level folder, treat it as the project root.
   if (nodes.length === 1 && nodes[0].type === "folder") {
     rootPath = path.join(baseDir, nodes[0].name)
     nodes = nodes[0].children
     
-    // Create the root directory physically
     if (!dryRun && !fs.existsSync(rootPath)) {
       fs.mkdirSync(rootPath, { recursive: true })
     }
@@ -27,9 +26,16 @@ function generateFS(tree, baseDir = process.cwd(), options = {}) {
 
   function walk(nodes, currentPath) {
     for (const node of nodes) {
-      // Robustness: normalize path separators for cross-platform safety
       const target = path.join(currentPath, node.name)
 
+      // SECURITY CHECK: Prevent directory traversal
+      // If the relative path starts with '..', it's trying to escape the root
+      const relative = path.relative(rootPath, target)
+      if (relative.startsWith("..") && !path.isAbsolute(relative)) {
+        console.warn(`⚠️  Skipping unsafe path: ${node.name}`)
+        continue
+      }
+
       if (node.type === "folder") {
         if (!fs.existsSync(target)) {
           if (!dryRun) fs.mkdirSync(target, { recursive: true })
@@ -43,7 +49,7 @@ function generateFS(tree, baseDir = process.cwd(), options = {}) {
           continue
         }
         
-        // Ensure parent directory exists (handles cases like "src/utils/helpers.js" as a single line)
+        // Ensure parent directory exists (Safety for weird edge cases)
         const parentDir = path.dirname(target)
         if (!dryRun && !fs.existsSync(parentDir)) {
           fs.mkdirSync(parentDir, { recursive: true })

package/src/normaliser.js

@@ -1,36 +1,39 @@
 // src/normaliser.js
 
-// 1. Expanded Regex to catch +, >, and markdown bullets
+// Catch standard tree characters, markdown bullets, and ASCII symbols (+, >, -)
 const STRIP_REGEX = /^[\s│├└─•*|\-+>]+/
 
 function normaliseLines(input) {
   return input
     .split("\n")
-    .map(line => line.replace(/\r/g, ""))
+    .map(line => line.replace(/\r/g, "")) // Handle Windows CRLF
     .filter(Boolean)
     .map(raw => {
-      // 2. Detect indentation based on prefix length
-      const match = raw.match(STRIP_REGEX)
+      // 1. Windows Fix: Normalize backslashes to forward slashes immediately
+      const normalizedRaw = raw.replace(/\\/g, "/")
+
+      // 2. Calculate indent based on the full prefix (spaces + tree chars)
+      const match = normalizedRaw.match(STRIP_REGEX)
       const prefixLength = match ? match[0].length : 0
-      
+
       // 3. Strip comments (anything after ' #')
-      // We explicitly look for " #" so we don't break "page#1.js"
-      const commentIndex = raw.indexOf(" #")
-      let cleaned = commentIndex !== -1 ? raw.substring(0, commentIndex) : raw
+      const commentIndex = normalizedRaw.indexOf(" #")
+      let cleaned = commentIndex !== -1 ? normalizedRaw.substring(0, commentIndex) : normalizedRaw
 
-      // 4. Check for explicit trailing slash (User saying "This is a folder/")
+      // 4. Check for explicit trailing slash
       const endsWithSlash = cleaned.trim().endsWith("/")
 
+      // 5. Clean up the name
       cleaned = cleaned
         .replace(STRIP_REGEX, "") // Remove tree characters
-        .replace(/\/$/, "")       // Remove that trailing slash for the name
+        .replace(/\/$/, "")       // Remove trailing slash for name storage
         .trim()
 
       return {
-        raw,
+        raw: normalizedRaw,
         indent: prefixLength,
         name: cleaned,
-        explicitFolder: endsWithSlash // Pass this signal to the parser
+        explicitFolder: endsWithSlash
       }
     })
     .filter(line => line.name.length > 0)