You're Invited:Meet the Socket Team at RSAC and BSidesSF 2026, March 23–26.RSVP
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@backstage/cli-common

Package Overview
Dependencies
Maintainers
3
Versions
244
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@backstage/cli-common - npm Package Compare versions

Comparing version
0.1.16
 to
0.1.17
+6
-0
CHANGELOG.md
# @backstage/cli-common
## 0.1.17
### Patch Changes
- ae4dd5d: Move some of the symlink resolution to `isChildPath`
## 0.1.16

@@ -4,0 +10,0 @@ 

+28
-1
dist/isChildPath.cjs.js
'use strict';
var path = require('path');
var fs = require('fs');
function resolveRealPath(path$1) {
try {
return fs.realpathSync(path$1);
} catch (ex) {
if (ex.code !== "ENOENT") {
throw ex;
}
}
try {
if (fs.lstatSync(path$1).isSymbolicLink()) {
const target = path.resolve(path.dirname(path$1), fs.readlinkSync(path$1));
return resolveRealPath(target);
}
} catch (ex) {
if (ex.code !== "ENOENT") {
throw ex;
}
}
const parent = path.dirname(path$1);
if (parent === path$1) {
return path$1;
}
return path.resolve(resolveRealPath(parent), path.basename(path$1));
}
function isChildPath(base, path$1) {
const relativePath = path.relative(base, path$1);
const resolvedBase = resolveRealPath(base);
const resolvedPath = resolveRealPath(path$1);
const relativePath = path.relative(resolvedBase, resolvedPath);
if (relativePath === "") {

@@ -8,0 +35,0 @@ return true;

+1
-1
dist/isChildPath.cjs.js.map

@@ -1,1 +0,1 @@

{"version":3,"file":"isChildPath.cjs.js","sources":["../src/isChildPath.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport { relative, isAbsolute } from 'path';\n\n/**\n * Checks if path is the same as or a child path of base.\n *\n * @public\n */\nexport function isChildPath(base: string, path: string): boolean {\n const relativePath = relative(base, path);\n if (relativePath === '') {\n // The same directory\n return true;\n }\n\n const outsideBase = relativePath.startsWith('..'); // not outside base\n const differentDrive = isAbsolute(relativePath); // on Windows, this means dir is on a different drive from base.\n\n return !outsideBase && !differentDrive;\n}\n"],"names":["path","relative","isAbsolute"],"mappings":";;;;AAuBO,SAAS,WAAA,CAAY,MAAcA,MAAA,EAAuB;AAC/D,EAAA,MAAM,YAAA,GAAeC,aAAA,CAAS,IAAA,EAAMD,MAAI,CAAA;AACxC,EAAA,IAAI,iBAAiB,EAAA,EAAI;AAEvB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,WAAA,GAAc,YAAA,CAAa,UAAA,CAAW,IAAI,CAAA;AAChD,EAAA,MAAM,cAAA,GAAiBE,gBAAW,YAAY,CAAA;AAE9C,EAAA,OAAO,CAAC,eAAe,CAAC,cAAA;AAC1B;;;;"}
{"version":3,"file":"isChildPath.cjs.js","sources":["../src/isChildPath.ts"],"sourcesContent":["/*\n * Copyright 2021 The Backstage Authors\n *\n * Licensed under the Apache License, Version 2.0 (the \"License\");\n * you may not use this file except in compliance with the License.\n * You may obtain a copy of the License at\n *\n * http://www.apache.org/licenses/LICENSE-2.0\n *\n * Unless required by applicable law or agreed to in writing, software\n * distributed under the License is distributed on an \"AS IS\" BASIS,\n * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.\n * See the License for the specific language governing permissions and\n * limitations under the License.\n */\n\nimport {\n relative,\n isAbsolute,\n resolve as resolvePath,\n dirname,\n basename,\n} from 'path';\nimport { realpathSync, lstatSync, readlinkSync } from 'fs';\n\n// Resolves a path to its real location, following symlinks.\n// Handles cases where the final target doesn't exist by recursively\n// resolving parent directories.\nfunction resolveRealPath(path: string): string {\n try {\n return realpathSync(path);\n } catch (ex) {\n if (ex.code !== 'ENOENT') {\n throw ex;\n }\n }\n\n // Check if path itself is a dangling symlink - recursively resolve the target\n // to handle symlink chains (e.g., link1 -> link2 -> /outside)\n try {\n if (lstatSync(path).isSymbolicLink()) {\n const target = resolvePath(dirname(path), readlinkSync(path));\n return resolveRealPath(target);\n }\n } catch (ex) {\n if (ex.code !== 'ENOENT') {\n throw ex;\n }\n }\n\n // Path doesn't exist - walk up the tree until we find an existing path,\n // resolve it, then rebuild the non-existent portion on top\n const parent = dirname(path);\n if (parent === path) {\n return path; // Hit filesystem root\n }\n\n return resolvePath(resolveRealPath(parent), basename(path));\n}\n\n/**\n * Checks if path is the same as or a child path of base.\n *\n * @public\n */\nexport function isChildPath(base: string, path: string): boolean {\n const resolvedBase = resolveRealPath(base);\n const resolvedPath = resolveRealPath(path);\n\n const relativePath = relative(resolvedBase, resolvedPath);\n if (relativePath === '') {\n // The same directory\n return true;\n }\n\n const outsideBase = relativePath.startsWith('..'); // not outside base\n const differentDrive = isAbsolute(relativePath); // on Windows, this means dir is on a different drive from base.\n\n return !outsideBase && !differentDrive;\n}\n"],"names":["path","realpathSync","lstatSync","resolvePath","dirname","readlinkSync","basename","relative","isAbsolute"],"mappings":";;;;;AA4BA,SAAS,gBAAgBA,MAAA,EAAsB;AAC7C,EAAA,IAAI;AACF,IAAA,OAAOC,gBAAaD,MAAI,CAAA;AAAA,EAC1B,SAAS,EAAA,EAAI;AACX,IAAA,IAAI,EAAA,CAAG,SAAS,QAAA,EAAU;AACxB,MAAA,MAAM,EAAA;AAAA,IACR;AAAA,EACF;AAIA,EAAA,IAAI;AACF,IAAA,IAAIE,YAAA,CAAUF,MAAI,CAAA,CAAE,cAAA,EAAe,EAAG;AACpC,MAAA,MAAM,SAASG,YAAA,CAAYC,YAAA,CAAQJ,MAAI,CAAA,EAAGK,eAAA,CAAaL,MAAI,CAAC,CAAA;AAC5D,MAAA,OAAO,gBAAgB,MAAM,CAAA;AAAA,IAC/B;AAAA,EACF,SAAS,EAAA,EAAI;AACX,IAAA,IAAI,EAAA,CAAG,SAAS,QAAA,EAAU;AACxB,MAAA,MAAM,EAAA;AAAA,IACR;AAAA,EACF;AAIA,EAAA,MAAM,MAAA,GAASI,aAAQJ,MAAI,CAAA;AAC3B,EAAA,IAAI,WAAWA,MAAA,EAAM;AACnB,IAAA,OAAOA,MAAA;AAAA,EACT;AAEA,EAAA,OAAOG,aAAY,eAAA,CAAgB,MAAM,CAAA,EAAGG,aAAA,CAASN,MAAI,CAAC,CAAA;AAC5D;AAOO,SAAS,WAAA,CAAY,MAAcA,MAAA,EAAuB;AAC/D,EAAA,MAAM,YAAA,GAAe,gBAAgB,IAAI,CAAA;AACzC,EAAA,MAAM,YAAA,GAAe,gBAAgBA,MAAI,CAAA;AAEzC,EAAA,MAAM,YAAA,GAAeO,aAAA,CAAS,YAAA,EAAc,YAAY,CAAA;AACxD,EAAA,IAAI,iBAAiB,EAAA,EAAI;AAEvB,IAAA,OAAO,IAAA;AAAA,EACT;AAEA,EAAA,MAAM,WAAA,GAAc,YAAA,CAAa,UAAA,CAAW,IAAI,CAAA;AAChD,EAAA,MAAM,cAAA,GAAiBC,gBAAW,YAAY,CAAA;AAE9C,EAAA,OAAO,CAAC,eAAe,CAAC,cAAA;AAC1B;;;;"}
+2
-2
package.json
{
"name": "@backstage/cli-common",
"version": "0.1.16",
"version": "0.1.17",
"description": "Common functionality used by cli, backend, and create-app",

@@ -44,3 +44,3 @@ "backstage": {

"devDependencies": {
"@backstage/cli": "^0.35.0",
"@backstage/cli": "^0.35.2",
"@types/cross-spawn": "^6.0.2",

@@ -47,0 +47,0 @@ "@types/node": "^22.13.14"