Important: This documentation covers Yarn 1 (Classic).
For Yarn 2+ docs and migration guide, see yarnpkg.com.

Package detail

path-join-safer

softwarecreations579MIT0.1.2TypeScript support: included

An alternative to path.join() that prevents unanticipated .. directory access due to user-input but allows .. access done programmatically and intentionally.

path, join, safe, safer, subdirectory, security

readme

path-join-safer

An alternative to path.join() that prevents .. directory traversal caused by external or user input. When you (the programmer) use path-join-safer, you alone can do .. directory traversal that is expected and intended by your code. Externally provided path fragments/strings are unable to do any .. (parent) directory access.

Installation

npm install path-join-safer

Use it

import { pathJoinSafer, dotDot } from 'path-join-safer';

console.log(pathJoinSafer('/foo','bar'));            //  /foo/bar
console.log(pathJoinSafer('..', '/foo','bar'));      //  Error: Path fragment at index 0 is .. (double dot). Pass in dotDot function instead.
console.log(pathJoinSafer(dotDot(), '/foo','bar'));  //  ../foo/bar
console.log(pathJoinSafer(dotDot(2), '/foo','bar')); //  ../../foo/bar
console.log(pathJoinSafer(dotDot(1), '/', 'foo'));   //  ../foo

Project goals

  • Lightweight
  • No dependencies
  • Terse simple code that is easy to audit, yourself
  • No nonsense, reliable, no radical changes

Notes

Have fun!

Say thanks

Star the repo https://github.com/softwarecreations/path-join-safer

PR's or issues

Welcome

License

MIT