Software: Apache/2.4.41 (Ubuntu). PHP/8.0.30 

uname -a: Linux apirnd 5.4.0-204-generic #224-Ubuntu SMP Thu Dec 5 13:38:28 UTC 2024 x86_64 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/usr/local/lib/node_modules/npm/node_modules/npm-normalize-package-bin/test/   drwxr-xr-x
Free 13.34 GB of 57.97 GB (23.01%)
                            Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Self remove    Logout    

Viewing file:     array.js (1.32 KB)      -rw-r--r--

const normalize = require('../')
const t = require('tap')

t.test('benign array', async t => {
  const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'y/z', './a'] }
  const expect = { name: 'hello', version: 'world', bin: {
    y: 'x/y',
    z: 'y/z',
    a: 'a',
  } }
  t.strictSame(normalize(pkg), expect)
  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
})

t.test('conflicting array', async t => {
  const pkg = { name: 'hello', version: 'world', bin: ['./x/y', 'z/y', './a'] }
  const expect = { name: 'hello', version: 'world', bin: {
    y: 'z/y',
    a: 'a',
  } }
  t.strictSame(normalize(pkg), expect)
  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
})

t.test('slashy array', async t => {
  const pkg = { name: 'hello', version: 'world', bin: [ '/etc/passwd' ] }
  const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } }
  t.strictSame(normalize(pkg), expect)
  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
})

t.test('dotty array', async t => {
  const pkg = { name: 'hello', version: 'world', bin: ['../../../../etc/passwd'] }
  const expect = { name: 'hello', version: 'world', bin: { passwd: 'etc/passwd' } }
  t.strictSame(normalize(pkg), expect)
  t.strictSame(normalize(normalize(pkg)), expect, 'double sanitize ok')
})