fix: sanitize dir names in the store (#4726)

close #4716
pnpm · May 17, 2022 · c225f1e · c225f1e
1 parent 9c8adb8
commit c225f1e
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 1 deletion.
diff --git a/.changeset/hot-hairs-thank.md b/.changeset/hot-hairs-thank.md
@@ -0,0 +1,6 @@
+---
+"dependency-path": patch
+"pnpm": patch
+---
+
+Sanitize the directory names created inside `node_modules/.pnpm` and inside the global store [#4716](https://github.com/pnpm/pnpm/issues/4716)
diff --git a/packages/dependency-path/src/index.ts b/packages/dependency-path/src/index.ts
@@ -131,7 +131,7 @@ export function parse (dependencyPath: string) {
 }
 
 export function depPathToFilename (depPath: string, lockfileDir: string) {
-  const filename = depPathToFilenameUnescaped(depPath, lockfileDir).replace(/\//g, '+')
+  const filename = depPathToFilenameUnescaped(depPath, lockfileDir).replace(/[\\/:*?"<>|]/g, '+')
   if (filename.length > 120 || filename !== filename.toLowerCase() && !filename.startsWith('local+')) {
     return `${filename.substring(0, 50)}_${crypto.createHash('md5').update(filename).digest('hex')}`
   }

diff --git a/packages/dependency-path/test/index.ts b/packages/dependency-path/test/index.ts
@@ -131,6 +131,8 @@ test('depPathToFilename()', () => {
   expect(depPathToFilename('/foo/1.0.0', process.cwd())).toBe('foo@1.0.0')
   expect(depPathToFilename('/@foo/bar/1.0.0', process.cwd())).toBe('@foo+bar@1.0.0')
   expect(depPathToFilename('github.com/something/foo/0000', process.cwd())).toBe('github.com+something+foo@0000')
+  expect(depPathToFilename('github.com/something/foo/0000?v=1', process.cwd())).toBe('github.com+something+foo@0000+v=1')
+  expect(depPathToFilename('\\//:*?"<>|', process.cwd())).toBe('++@+++++++')
 
   const filename = depPathToFilename('file:./test/foo-1.0.0.tgz_foo@2.0.0', process.cwd())
   expect(filename).toMatch(/^local\+.*\+foo-1\.0\.0\.tgz_foo@2\.0\.0$/)