negodiy/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

fix(security): stage installs before publish

Browse Source
This commit is contained in:
Peter Steinberger
2026-03-07 19:10:59 +00:00
parent 70be8ce15c
commit 6aa80844b8
6 changed files with 209 additions and 40 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/test-utils/exec-assertions.ts
View File

@@ -1,8 +1,15 @@
import path from "node:path";
import { expect } from "vitest";
function normalizeDarwinTmpPath(filePath: string): string {
return process.platform === "darwin" && filePath.startsWith("/private/var/")
? filePath.slice("/private".length)
: filePath;
}
export function expectSingleNpmInstallIgnoreScriptsCall(params: {
calls: Array<[unknown, { cwd?: string } | undefined]>;
expectedCwd: string;
expectedTargetDir: string;
}) {
const npmCalls = params.calls.filter((call) => Array.isArray(call[0]) && call[0][0] === "npm");
expect(npmCalls.length).toBe(1);
@@ -19,7 +26,11 @@ export function expectSingleNpmInstallIgnoreScriptsCall(params: {
"--silent",
"--ignore-scripts",
]);
expect(opts?.cwd).toBe(params.expectedCwd);
expect(opts?.cwd).toBeTruthy();
const cwd = normalizeDarwinTmpPath(String(opts?.cwd));
const expectedTargetDir = normalizeDarwinTmpPath(params.expectedTargetDir);
expect(path.dirname(cwd)).toBe(path.dirname(expectedTargetDir));
expect(path.basename(cwd)).toMatch(/^\.openclaw-install-stage-/);
}
export function expectSingleNpmPackIgnoreScriptsCall(params: {