mirror/pnpm
1
0
Fork 0
mirror of https://github.com/pnpm/pnpm.git synced 2026-05-29 11:11:43 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
release/10-alias
pnpm/patching/apply-patch
History
Zoltan Kochan 6481f6c161 fix(patching/apply-patch): reject patch paths that escape the patched directory (#11952) 
* fix(patching/apply-patch): reject patch paths that escape the patched directory

A malicious .patch file with `diff --git a/../../X` headers could otherwise
write, delete, or rename files outside the patched package as the user
running `pnpm install`.

* refactor(patching/apply-patch): narrow caught errors via util.types.isNativeError

Drops the `any`-typed catch + eslint-disable in favor of the cross-realm-safe
narrowing pattern documented in CLAUDE.md.

* refactor(patching/apply-patch): replace error helper with PatchPathEscapesError class

* chore(patching/apply-patch): reword comment to satisfy cspell
2026-05-26 12:52:59 +02:00
..
__fixtures__
fix(patching/apply-patch): reject patch paths that escape the patched directory (#11952)
2026-05-26 12:52:59 +02:00
src
fix(patching/apply-patch): reject patch paths that escape the patched directory (#11952)
2026-05-26 12:52:59 +02:00
test
fix(patching/apply-patch): reject patch paths that escape the patched directory (#11952)
2026-05-26 12:52:59 +02:00
CHANGELOG.md
chore(release): 10.33.0
2026-03-24 17:15:56 +01:00
package.json
chore(release): 10.33.0
2026-03-24 17:15:56 +01:00
README.md
feat(plugin-commands-patching): apply existed patch file when re-patch (#5906)
2023-01-12 04:19:22 +02:00
tsconfig.json
refactor: move @pnpm/logger to the monorepo (#8385)
2024-08-07 18:02:08 +02:00
tsconfig.lint.json
feat(plugin-commands-patching): apply existed patch file when re-patch (#5906)
2023-01-12 04:19:22 +02:00

README.md

@pnpm/patching.apply-patch

Apply a patch to a directory

npm version

Installation

pnpm add @pnpm/patching.apply-patch

License

MIT

Reference in New Issue View Git Blame Copy Permalink