(p: string)
| 60 | * Validate a relative file path (no traversal, no absolute). |
| 61 | */ |
| 62 | export function isValidPath(p: string): boolean { |
| 63 | const normalized = path.normalize(p); |
| 64 | return ( |
| 65 | !normalized.startsWith("..") && |
| 66 | !path.isAbsolute(normalized) && |
| 67 | !p.includes("\0") |
| 68 | ); |
| 69 | } |
| 70 | |
| 71 | /** |
| 72 | * Validate a project slug (e.g. "my-project" or "group/my-project"). |