extract-zip
Advanced tools
Comparing version 1.6.4 to 1.6.5
34
index.js
@@ -60,3 +60,3 @@ var fs = require('fs') | ||
fs.realpath(destDir, function (err, canonicalDestDir) { | ||
mkdirp(destDir, function (err) { | ||
if (err) { | ||
@@ -68,12 +68,3 @@ cancelled = true | ||
var relativeDestDir = path.relative(opts.dir, canonicalDestDir) | ||
if (relativeDestDir.split(path.sep).indexOf('..') !== -1) { | ||
cancelled = true | ||
zipfile.close() | ||
return cb(new Error('Out of bound path "' + canonicalDestDir + '" found while processing file ' + entry.fileName)) | ||
} | ||
extractEntry(entry, function (err) { | ||
// if any extraction fails then abort everything | ||
fs.realpath(destDir, function (err, canonicalDestDir) { | ||
if (err) { | ||
@@ -84,4 +75,21 @@ cancelled = true | ||
} | ||
debug('finished processing', entry.fileName) | ||
zipfile.readEntry() | ||
var relativeDestDir = path.relative(opts.dir, canonicalDestDir) | ||
if (relativeDestDir.split(path.sep).indexOf('..') !== -1) { | ||
cancelled = true | ||
zipfile.close() | ||
return cb(new Error('Out of bound path "' + canonicalDestDir + '" found while processing file ' + entry.fileName)) | ||
} | ||
extractEntry(entry, function (err) { | ||
// if any extraction fails then abort everything | ||
if (err) { | ||
cancelled = true | ||
zipfile.close() | ||
return cb(err) | ||
} | ||
debug('finished processing', entry.fileName) | ||
zipfile.readEntry() | ||
}) | ||
}) | ||
@@ -88,0 +96,0 @@ }) |
{ | ||
"name": "extract-zip", | ||
"version": "1.6.4", | ||
"version": "1.6.5", | ||
"description": "unzip a zip file into a directory using 100% javascript", | ||
@@ -14,6 +14,3 @@ "main": "index.js", | ||
"license": "BSD-2-Clause", | ||
"repository": { | ||
"type": "git", | ||
"url": "git+ssh://git@github.com/erisds/extract-zip-fork.git" | ||
}, | ||
"repository": "maxogden/extract-zip", | ||
"keywords": [ | ||
@@ -24,6 +21,2 @@ "unzip", | ||
], | ||
"bugs": { | ||
"url": "https://github.com/maxogden/extract-zip/issues" | ||
}, | ||
"homepage": "https://github.com/maxogden/extract-zip", | ||
"dependencies": { | ||
@@ -38,3 +31,4 @@ "concat-stream": "1.6.0", | ||
"standard": "^5.2.2", | ||
"tape": "^4.2.0" | ||
"tape": "^4.2.0", | ||
"temp": "^0.8.3" | ||
}, | ||
@@ -41,0 +35,0 @@ "directories": { |
@@ -9,2 +9,3 @@ # extract-zip | ||
[![js-standard-style](https://cdn.rawgit.com/feross/standard/master/badge.svg)](https://github.com/feross/standard) | ||
[![Build Status](https://travis-ci.org/maxogden/extract-zip.svg?branch=master)](https://travis-ci.org/maxogden/extract-zip) | ||
@@ -11,0 +12,0 @@ ## Installation |
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
No bug tracker
MaintenancePackage does not have a linked bug tracker in package.json.
Found 1 instance in 1 package
No repository
Supply chain riskPackage does not have a linked source code repository. Without this field, a package will have no reference to the location of the source code use to generate the package.
Found 1 instance in 1 package
No website
QualityPackage does not have a website.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
9100
183
50
4
1
1
2
1