ldy26098
/
BMAD-METHOD
mirror of https://github.com/bmad-code-org/BMAD-METHOD.git
1
0
Fork 0
Code Packages Projects Releases Wiki Activity
BMAD-METHOD/tools/installer/modules
History
Brian Madison 489067fdda fix(installer): address PR review findings for plugin resolver 
- Guard against path traversal in plugin-resolver.js: skill paths from
  unverified marketplace.json are now constrained to the repo root using
  path.resolve() + startsWith check
- Skip npm install during browsing phase: cloneRepo() accepts
  skipInstall option, used in ui.js before user confirms selection,
  preventing arbitrary lifecycle script execution from untrusted repos
- Add createModuleDirectories() call to installFromResolution() so
  modules with declarative directory config are fully set up
- Fix ESLint: use replaceAll instead of replace with global regex
 		2026-04-09 08:44:17 -05:00
..
community-manager.js feat(installer): community module browser and custom URL support (#2229) 2026-04-08 00:50:04 -05:00
custom-module-manager.js fix(installer): address PR review findings for plugin resolver 2026-04-09 08:44:17 -05:00
external-manager.js feat(installer): community module browser and custom URL support (#2229) 2026-04-08 00:50:04 -05:00
official-modules.js fix(installer): address PR review findings for plugin resolver 2026-04-09 08:44:17 -05:00
plugin-resolver.js fix(installer): address PR review findings for plugin resolver 2026-04-09 08:44:17 -05:00
registry-client.js feat(installer): community module browser and custom URL support (#2229) 2026-04-08 00:50:04 -05:00
registry-fallback.yaml feat(installer): remote registry + remove custom content (#2228) 2026-04-07 22:45:01 -05:00