is-safe-filename
Check if a filename is safe to use in a path join operation
Last updated 3 months ago by sindresorhus .
MIT · Repository · Bugs · Original npm · Tarball · package.json 
$ cnpm install is-safe-filename
SYNC missed versions from official npm registry.

is-safe-filename

Check if a filename is safe to use in a path join operation

A safe filename is one that won't escape the intended directory via path traversal.

This is a purely lexical check. It does not account for symlinks that may exist on the filesystem.

Install

npm install is-safe-filename

Usage

import isSafeFilename from 'is-safe-filename';

isSafeFilename('foo');
//=> true

isSafeFilename('../foo');
//=> false

isSafeFilename('foo/bar');
//=> false

API

isSafeFilename(filename)

Returns true if the filename is safe.

assertSafeFilename(filename)

Throws an error if the filename is not safe.

import {assertSafeFilename} from 'is-safe-filename';

assertSafeFilename('foo');
// No error

assertSafeFilename('../foo');
//=> Error: Unsafe filename: "../foo"

unsafeFilenameFixtures

A list of common unsafe filename fixtures for testing path traversal vulnerabilities.

Useful for testing that your code properly rejects unsafe filenames.

import {unsafeFilenameFixtures} from 'is-safe-filename';

for (const filename of unsafeFilenameFixtures) {
	assert.throws(() => myFunction(filename));
}

Current Tags

  • 0.1.1                                ...           latest (3 months ago)

2 Versions

  • 0.1.1                                ...           3 months ago
  • 0.1.0                                ...           3 months ago
Maintainers (1)
sindresorhus
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 1
Dependencies (0)
None
Dev Dependencies (3)
Dependents (3)

Copyright 2013 - present © cnpmjs.org | Home |