ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity
BMAD-METHOD/src/core-skills/bmad-module/scripts
History
pbean 02806ba4cd fix(bmad-module): harden source/remove/update paths and channel input 
Address automated review findings on PR #2482:
- source.mjs: validate URL-derived subdir with safePathInsideRoot so a
  ../ subdir can't copy out of the shared clone cache; run cleanup() if
  the terminal copyDir throws so the temp working dir never leaks.
- install.mjs: reject unknown --channel values (e.g. a 'stabl' typo)
  instead of silently treating them as the 'next' default.
- remove.mjs / update.mjs: containment-check manifest/CLI-derived paths
  before destructive fs.rm / atomic swap, reusing safePathInsideRoot.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
 		2026-06-19 19:22:07 -07:00
..
lib fix(bmad-module): harden source/remove/update paths and channel input 2026-06-19 19:22:07 -07:00
bmad-module.mjs fix(bmad-module): make skill self-contained so it works after npx install 2026-05-23 17:29:46 -07:00
cli.mjs feat(bmad-module): install legacy marketplace.json modules in the skill 2026-06-06 11:49:31 -07:00
install.mjs fix(bmad-module): harden source/remove/update paths and channel input 2026-06-19 19:22:07 -07:00
list.mjs feat/bmad-module: community module manager skill created 2026-05-22 13:19:05 -07:00
remove.mjs fix(bmad-module): harden source/remove/update paths and channel input 2026-06-19 19:22:07 -07:00
update.mjs fix(bmad-module): harden source/remove/update paths and channel input 2026-06-19 19:22:07 -07:00