vultr/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-04-10 08:41:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: repair bundled plugin dirs after npm install

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-11 23:53:43 +00:00
parent b6d83749c8
commit e11be576fb
2 changed files with 52 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
src/plugins/discovery.ts
View File

@@ -153,7 +153,7 @@ function checkPathStatAndPermissions(params: {
continue;
}
seen.add(normalized);
const stat = safeStatSync(targetPath);
let stat = safeStatSync(targetPath);
if (!stat) {
return {
reason: "path_stat_failed",
@@ -162,7 +162,28 @@ function checkPathStatAndPermissions(params: {
targetPath,
};
}
const modeBits = stat.mode & 0o777;
let modeBits = stat.mode & 0o777;
if ((modeBits & 0o002) !== 0 && params.origin === "bundled") {
// npm/global installs can create package-managed extension dirs without
// directory entries in the tarball, which may widen them to 0777.
// Tighten bundled dirs in place before applying the normal safety gate.
try {
fs.chmodSync(targetPath, modeBits & ~0o022);
const repairedStat = safeStatSync(targetPath);
if (!repairedStat) {
return {
reason: "path_stat_failed",
sourcePath: params.source,
rootPath: params.rootDir,
targetPath,
};
}
stat = repairedStat;
modeBits = repairedStat.mode & 0o777;
} catch {
// Fall through to the normal block path below when repair is not possible.
}
}
if ((modeBits & 0o002) !== 0) {
return {
reason: "path_world_writable",