path-join-safer

An alternative to path.join() that prevents .. directory traversal caused by external or user input. When you (the programmer) use path-join-safer, you alone can do .. directory traversal that is expected and intended by your code. Externally provided path fragments/strings are unable to do any .. (parent) directory access.

Installation

npm install path-join-safer

Use it

``JavaScript
import { pathJoinSafer, dotDot } from 'path-join-safer';

console.log(pathJoinSafer('/foo','bar')); // /foo/bar
console.log(pathJoinSafer('..', '/foo','bar')); // Error: Path fragment at index 0 is .. (double dot). Pass in dotDot function instead.
console.log(pathJoinSafer(dotDot(), '/foo','bar')); // ../foo/bar
console.log(pathJoinSafer(dotDot(2), '/foo','bar')); // ../../foo/bar
console.log(pathJoinSafer(dotDot(1), '/', 'foo')); // ../foo
``

Project goals

* Lightweight
* No dependencies
* Terse simple code that is easy to audit, yourself
* No nonsense, reliable, no radical changes

Notes

Have fun!

$3

Star the repo
https://github.com/softwarecreations/path-join-safer

$3

Welcome

$3

MIT