mirror of
https://github.com/openclaw/openclaw.git
synced 2026-04-13 10:11:20 +00:00
9f97ad857a
* fix: address issue * fix: address review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * fix: address PR review feedback * Plugins: fix install security CI regressions * Plugins: make manifest traversal linear * Plugins: bound manifest security traversal * Plugins: block denied node_modules package dirs * Plugins: match node_modules case-insensitively * Plugins: block denied package symlink paths * Tests: normalize blocked symlink assertion * Plugins: fail closed on unreadable denied paths * Plugins: block denied node_modules file aliases * Plugins: inspect node_modules symlink targets * Plugins: preserve symlink target package paths * fix: address PR review feedback * chore(changelog): add axios pin and dependency denylist entry --------- Co-authored-by: Devin Robison <drobison@nvidia.com>
71 lines
2.2 KiB
TypeScript
71 lines
2.2 KiB
TypeScript
import { fileExists, readJsonFile, resolveArchiveKind } from "../infra/archive.js";
|
|
import { writeFileFromPathWithinRoot } from "../infra/fs-safe.js";
|
|
import { resolveExistingInstallPath, withExtractedArchiveRoot } from "../infra/install-flow.js";
|
|
import {
|
|
resolveInstallModeOptions,
|
|
resolveTimedInstallModeOptions,
|
|
} from "../infra/install-mode-options.js";
|
|
import { installPackageDir } from "../infra/install-package-dir.js";
|
|
import {
|
|
type NpmIntegrityDrift,
|
|
type NpmSpecResolution,
|
|
resolveArchiveSourcePath,
|
|
} from "../infra/install-source-utils.js";
|
|
import {
|
|
ensureInstallTargetAvailable,
|
|
resolveCanonicalInstallTarget,
|
|
} from "../infra/install-target.js";
|
|
import {
|
|
finalizeNpmSpecArchiveInstall,
|
|
installFromNpmSpecArchiveWithInstaller,
|
|
} from "../infra/npm-pack-install.js";
|
|
import { validateRegistryNpmSpec } from "../infra/npm-registry-spec.js";
|
|
import { resolveCompatibilityHostVersion, resolveRuntimeServiceVersion } from "../version.js";
|
|
import { detectBundleManifestFormat, loadBundleManifest } from "./bundle-manifest.js";
|
|
import {
|
|
scanInstalledPackageDependencyTree,
|
|
scanBundleInstallSource,
|
|
scanFileInstallSource,
|
|
scanPackageInstallSource,
|
|
} from "./install-security-scan.js";
|
|
import {
|
|
getPackageManifestMetadata,
|
|
loadPluginManifest,
|
|
resolvePackageExtensionEntries,
|
|
} from "./manifest.js";
|
|
import { checkMinHostVersion } from "./min-host-version.js";
|
|
import { isPathInside } from "./path-safety.js";
|
|
|
|
export type { NpmIntegrityDrift, NpmSpecResolution };
|
|
|
|
export {
|
|
checkMinHostVersion,
|
|
detectBundleManifestFormat,
|
|
ensureInstallTargetAvailable,
|
|
fileExists,
|
|
finalizeNpmSpecArchiveInstall,
|
|
getPackageManifestMetadata,
|
|
installFromNpmSpecArchiveWithInstaller,
|
|
installPackageDir,
|
|
isPathInside,
|
|
loadBundleManifest,
|
|
loadPluginManifest,
|
|
readJsonFile,
|
|
resolveArchiveKind,
|
|
resolveArchiveSourcePath,
|
|
resolveCanonicalInstallTarget,
|
|
resolveExistingInstallPath,
|
|
resolveInstallModeOptions,
|
|
resolvePackageExtensionEntries,
|
|
resolveCompatibilityHostVersion,
|
|
resolveRuntimeServiceVersion,
|
|
resolveTimedInstallModeOptions,
|
|
scanInstalledPackageDependencyTree,
|
|
scanBundleInstallSource,
|
|
scanFileInstallSource,
|
|
scanPackageInstallSource,
|
|
validateRegistryNpmSpec,
|
|
withExtractedArchiveRoot,
|
|
writeFileFromPathWithinRoot,
|
|
};
|