mirror of
https://github.com/pnpm/pnpm.git
synced 2026-03-27 03:21:55 -04:00
3a5bfaa94f
Update all packages from zkochan/packages to their latest major versions and exclude them from minimumReleaseAge requirement. This includes updating catalog entries, adapting to breaking API changes (default exports replaced with named exports, sync functions renamed with Sync suffix), and updating type declarations.
@pnpm/fetching.binary-fetcher
A fetcher for binary archives
Installation
pnpm add @pnpm/fetching.binary-fetcher
Testing
Test Fixtures
The test/fixtures/ directory contains malicious ZIP files for testing path traversal protection:
| File | Entry Path | Purpose |
|---|---|---|
path-traversal.zip |
../../../.npmrc |
Tests ../ escape sequences |
absolute-path.zip |
/etc/passwd |
Tests absolute path entries |
backslash-traversal.zip |
..\..\..\evil.txt |
Tests Windows backslash traversal (Windows-only) |
These fixtures are manually crafted because AdmZip's addFile() sanitizes paths automatically.
Note: The backslash test only runs on Windows because
\is a valid filename character on Unix.
Regenerating Fixtures
node --experimental-strip-types scripts/create-fixtures.ts
License
MIT