Ayuriel/openclaw
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Validate and sanitize ACPX version retrieval

Browse Source 
Add validation for acpx version from package.json
This commit is contained in:
xingjie zhou 2026-03-18 10:02:57 +08:00 committed by GitHub
parent c431853096
commit aef2c45381
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
extensions/acpx/src/config.ts
View File

@ -33,7 +33,13 @@ export function resolveAcpxPluginRoot(moduleUrl: string = import.meta.url): stri
export const ACPX_PLUGIN_ROOT = resolveAcpxPluginRoot();
const pluginPkg = JSON.parse(fs.readFileSync(path.join(ACPX_PLUGIN_ROOT, "package.json"), "utf8"));
export const ACPX_PINNED_VERSION: string = pluginPkg.dependencies.acpx;
const acpxVersion: unknown = pluginPkg?.dependencies?.acpx;
if (typeof acpxVersion !== "string" || acpxVersion.trim() === "") {
throw new Error(
`Could not read acpx version from ${path.join(ACPX_PLUGIN_ROOT, "package.json")} — expected a non-empty string at dependencies.acpx`
);
}
export const ACPX_PINNED_VERSION: string = acpxVersion.replace(/^[^0-9]*/, "");
export const ACPX_BUNDLED_BIN = path.join(ACPX_PLUGIN_ROOT, "node_modules", ".bin", ACPX_BIN_NAME);
export function buildAcpxLocalInstallCommand(version: string = ACPX_PINNED_VERSION): string {
return `npm install --omit=dev --no-save acpx@${version}`;