hjdave/everything-claude-code-zh
1
0
Fork 0
mirror of https://github.com/sweetwisdom/everything-claude-code-zh.git synced 2026-03-22 06:20:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: security and documentation fixes

Browse Source 
- fix(utils.js): prevent command injection in commandExists() by using
  spawnSync instead of execSync with string interpolation, and validate
  input to only allow alphanumeric chars, dash, underscore, dot (#42)

- fix(utils.js): add security documentation to runCommand() warning
  against passing user-controlled input

- fix(setup-package-manager.js): replace <script> and <binary> with
  [script-name] and [binary-name] to avoid XSS scanner false positives (#43)

- fix(doc-updater.md): replace invalid 'npx ts-morph' with correct
  'npx tsx scripts/codemaps/generate.ts' since ts-morph is a library,
  not a CLI tool (#51)

Fixes #42, #43, #51
This commit is contained in:
Affaan Mustafa
2026-01-24 01:36:02 -08:00
parent a7bc5f2a90
commit 660e0d3bad
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
agents/doc-updater.md
View File

@@ -27,8 +27,8 @@ You are a documentation specialist focused on keeping codemaps and documentation
### Analysis Commands
```bash
# Analyze TypeScript project structure
npx ts-morph
# Analyze TypeScript project structure (run custom script using ts-morph library)
npx tsx scripts/codemaps/generate.ts
# Generate dependency graph
npx madge --image graph.svg src/