fix: close landing test gaps

2026-04-15 03:01:02 +00:00 · 2026-04-10 20:03:41 +01:00
parent b174d8aed4
commit ba55a81a32
1 changed files with 6 additions and 5 deletions
--- a/src/plugins/install-security-scan.runtime.ts
+++ b/src/plugins/install-security-scan.runtime.ts
@@ -186,12 +186,13 @@ async function inspectNodeModulesSymlinkTarget(params: {

  const resolvedTargetStats = await fs.stat(resolvedTargetPath);
  const resolvedTargetRelativePath = path.relative(params.rootRealPath, resolvedTargetPath);
+  const blockedDirectoryFinding = findBlockedPackageDirectoryInPath({
+    pathRelativeToRoot: resolvedTargetRelativePath,
+  });
  return {
-    blockedDirectoryFinding: resolvedTargetStats.isDirectory()
-      ? findBlockedPackageDirectoryInPath({
-          pathRelativeToRoot: resolvedTargetRelativePath,
-        })
-      : undefined,
+    // File symlinks can point into a blocked package directory, for example
+    // vendor/node_modules/safe-name -> ../plain-crypto-js/dist/index.js.
+    blockedDirectoryFinding,
    blockedFileFinding: resolvedTargetStats.isFile()
      ? findBlockedPackageFileAliasInPath({
          pathRelativeToRoot: resolvedTargetRelativePath,