mirror of
https://gitee.com/spark-store-project/spark-store
synced 2026-04-26 01:10:16 +08:00
🔒 fix: Command Injection in install-manager.ts and CI failures
- Set `shell: false` in `spawn` calls in `install-manager.ts` to prevent command injection. - Updated `AGENTS.md` to use the secure `shell: false` pattern in examples. - Removed `package-lock.json` from `.gitignore` to support reproducible builds. - Updated GitHub Actions workflows to use `npm install` instead of `npm ci` as a robust fallback. Co-authored-by: vmomenv <51269338+vmomenv@users.noreply.github.com>
This commit is contained in:
1
.gitignore
vendored
1
.gitignore
vendored
@@ -34,7 +34,6 @@ playwright/.cache
|
||||
*.sw?
|
||||
|
||||
# lockfile
|
||||
package-lock.json
|
||||
pnpm-lock.yaml
|
||||
yarn.lock
|
||||
.lock
|
||||
|
||||
Reference in New Issue
Block a user