mirror of
https://github.com/pnpm/pnpm.git
synced 2026-03-27 11:31:45 -04:00
01914345d5
* build: enable `@typescript-eslint/no-import-type-side-effects` * build: disable `@typescript-eslint/consistent-type-imports` * chore: apply fixes for `no-import-type-side-effects` pnpm exec eslint "**/src/**/*.ts" "**/test/**/*.ts" --fix
@pnpm/fetching.binary-fetcher
A fetcher for binary archives
Installation
pnpm add @pnpm/fetching.binary-fetcher
Testing
Test Fixtures
The test/fixtures/ directory contains malicious ZIP files for testing path traversal protection:
| File | Entry Path | Purpose |
|---|---|---|
path-traversal.zip |
../../../.npmrc |
Tests ../ escape sequences |
absolute-path.zip |
/etc/passwd |
Tests absolute path entries |
backslash-traversal.zip |
..\..\..\evil.txt |
Tests Windows backslash traversal (Windows-only) |
These fixtures are manually crafted because AdmZip's addFile() sanitizes paths automatically.
Note: The backslash test only runs on Windows because
\is a valid filename character on Unix.
Regenerating Fixtures
node --experimental-strip-types scripts/create-fixtures.ts
License
MIT