spark-store-project/spark-store
15
0
Fork 0
mirror of https://gitee.com/spark-store-project/spark-store synced 2026-04-26 01:10:16 +08:00
Code Issues 1 Packages Projects Releases Wiki Activity

🔒 fix: Command Injection in install-manager.ts and CI failures

Browse Source 
- Set `shell: false` in `spawn` calls in `install-manager.ts` to prevent command injection.
- Updated `AGENTS.md` to use the secure `shell: false` pattern in examples.
- Removed `package-lock.json` from `.gitignore` to support reproducible builds.
- Updated GitHub Actions workflows to use `npm install` instead of `npm ci` as a robust fallback.

Co-authored-by: vmomenv <51269338+vmomenv@users.noreply.github.com>
This commit is contained in:
google-labs-jules[bot]
2026-03-10 16:08:16 +00:00
parent 828ffd86e8
commit 1270405907
3 changed files with 4 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@@ -34,7 +34,6 @@ playwright/.cache
*.sw?
# lockfile
package-lock.json
pnpm-lock.yaml
yarn.lock
.lock