Skip to content

Fix/errors validations security#61

Merged
Sharmaz merged 5 commits into
mainfrom
fix/errors-validations-security
May 19, 2026
Merged

Fix/errors validations security#61
Sharmaz merged 5 commits into
mainfrom
fix/errors-validations-security

Conversation

@Sharmaz

@Sharmaz Sharmaz commented May 19, 2026

Copy link
Copy Markdown
Owner

Changes:

  • Prevent path traversal by sanitizing appName with path.basename() before joining with process.cwd()
  • Skip symlinks during recursive template copy to block symlink-based escape attacks
  • Throw errors in initialize and renamePackageJsonName instead of swallowing them; CLI catches and exits with code 1
  • Add .catch() on app() call to surface unhandled async errors
  • Validate app name length against npm's 214-character limit

@github-actions

github-actions Bot commented May 19, 2026

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@Sharmaz Sharmaz merged commit a7375ee into main May 19, 2026
4 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant