spark-store-project/spark-store
15
0
Fork 0
mirror of https://gitee.com/spark-store-project/spark-store synced 2026-04-26 01:10:16 +08:00
Code Issues 1 Packages Projects Releases Wiki Activity

🔒 fix: Command Injection in install-manager.ts and CI failures

Browse Source 
- Set `shell: false` in `spawn` calls in `install-manager.ts` to prevent command injection.
- Updated `AGENTS.md` to use the secure `shell: false` pattern in examples.
- Removed `package-lock.json` from `.gitignore` to support reproducible builds.
- Updated GitHub Actions workflows to use `npm install` instead of `npm ci` as a robust fallback.

Co-authored-by: vmomenv <51269338+vmomenv@users.noreply.github.com>
This commit is contained in:
google-labs-jules[bot]
2026-03-10 16:08:16 +00:00
parent 828ffd86e8
commit 1270405907
3 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.github/workflows/test.yml vendored
View File

@@ -20,7 +20,7 @@ jobs:
node-version: 20
- name: Install dependencies
run: npm ci
run: npm install
- name: Run unit tests
run: npm run test -- --coverage
@@ -45,7 +45,7 @@ jobs:
node-version: 20
- name: Install dependencies
run: npm ci
run: npm install
- name: Install Playwright Browsers
run: npx playwright install --with-deps chromium
@@ -74,7 +74,7 @@ jobs:
node-version: 20
- name: Install dependencies
run: npm ci
run: npm install
- name: Run ESLint
run: npm run lint