mde / filelist Goto Github PK
View Code? Open in Web Editor NEWLazy-evaluating list of files, based on globs or regex patterns
License: Apache License 2.0
Lazy-evaluating list of files, based on globs or regex patterns
License: Apache License 2.0
npm ERR! code E404
npm ERR! 404 Not Found - GET https://cdn.npmmirror.com/packages/filelist/1.0.2/filelist-1.0.2.tgz
npm ERR! 404
npm ERR! 404 'filelist@https://registry.nlark.com/filelist/download/filelist-1.0.2.tgz' is not in this registry.
NexusIQ reports a security vulnerability (sonatype-2021-0457) with v1.0.3... "The filelist and utilities packages are vulnerable to Prototype Pollution. The merge function in the respective index.js and object.js files allows for access to object prototype properties. An attacker can exploit this to override the behavior of object prototypes, resulting in a possible Denial of Service (DoS), Remote Code Execution (RCE), or other unexpected behavior." It has been blocked for use with our applications, which is unfortunate because it's necessary for react to work. Please take a look! (Thanks in advance)
Is it possible to add an option for insensitive case to include()
et exclude()
methods ?
Currently :
const FL = new FileList
FL.include('**/*.jpg', ) // Only accept .jpg
With insensitive case option :
const FL = new FileList
FL.include('**/*.jpg', { nocase: true }) // Accept .jpg, .JPG, .Jpg, etc...```
Quite simply, * and ** based matches fail to work on windows.
Ironically, this actually prevents the tests from running on windows, because the '*' character is used to find tests.
To reproduce the failure, simply modify the jake file to explicitly run the test file my name by editing this line:
Line 2 in 6cf28fa
and replace with this.testFiles.include('test/filelist.js');
Once the tests actually run on windows, the following test output will be displayed:
> yarn test
yarn run v1.22.17
$ jake test
Starting 'test'...
jake aborted.
AssertionError [ERR_ASSERTION]: 0 == 2
at Task.path separator can be used by exclude (C:\Users\markg\Software\filelist\test\filelist.js:32:12)
at Task.action (C:\Users\markg\Software\filelist\node_modules\jake\lib\test_task.js:173:22)
at Task.run (C:\Users\markg\Software\filelist\node_modules\jake\lib\task\task.js:325:29)
at processImmediate (internal/timers.js:464:21)
error Command failed with exit code 1.
info Visit https://yarnpkg.com/en/docs/cli/run for documentation about this command.
The root problem is the use of path.normalize
here, on the query, right before passing the pattern to minimatch:
Line 200 in 6cf28fa
A quick test shows removing this normalization causes tests to pass. However, I think normalization is still needed for handling other path fixups, and instead the same fixup used by globSync
should be used after normalization to switch back to Unix path separators.
I'll get a PR open shortly.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.