Two pre-existing hardening notes from the PR #48 review, neither blocking today:
1. getChangedAssets assumes posts/ is its own git root
scripts/upload-assets.js#getChangedAssets runs git ls-files with cwd: rootDir and compares against relative(rootDir, …). Works because this repo is its own git root, but would silently filter everything out if the repo ever became a subdir of a larger checkout (e.g. monorepo).
Fix: call git rev-parse --show-toplevel and use that as the base for path resolution instead of rootDir.
2. findAssetFiles follows symlinks
scripts/upload-assets.js#findAssetFiles uses stat (which follows symlinks) rather than lstat. Not a concern for current content but would silently traverse outside assets/ if a symlink ever appeared.
Fix: swap to lstat, skip symlinks (or refuse with a clear error if isSymbolicLink()).
Acceptance
- Both behaviours covered by tests in
scripts/__tests__/upload-assets.test.js
- No behavioural change for the current repo layout (assertion:
pnpm upload-assets:migrate still finds 141 files)
Two pre-existing hardening notes from the PR #48 review, neither blocking today:
1.
getChangedAssetsassumesposts/is its own git rootscripts/upload-assets.js#getChangedAssetsrunsgit ls-fileswithcwd: rootDirand compares againstrelative(rootDir, …). Works because this repo is its own git root, but would silently filter everything out if the repo ever became a subdir of a larger checkout (e.g. monorepo).Fix: call
git rev-parse --show-topleveland use that as the base for path resolution instead ofrootDir.2.
findAssetFilesfollows symlinksscripts/upload-assets.js#findAssetFilesusesstat(which follows symlinks) rather thanlstat. Not a concern for current content but would silently traverse outsideassets/if a symlink ever appeared.Fix: swap to
lstat, skip symlinks (or refuse with a clear error ifisSymbolicLink()).Acceptance
scripts/__tests__/upload-assets.test.jspnpm upload-assets:migratestill finds 141 files)