Sultan
/
Flowise
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update utils.ts

This commit is contained in:
Henry Heng 2025-11-15 13:12:44 +00:00 committed by GitHub
parent 73d9c3cc45
commit 8eea585e11
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
packages/components/src/utils.ts
View File

@ -1516,7 +1516,13 @@ export const executeJavaScriptCode = async (
// Install libraries
for (const library of librariesToInstall) {
await sbx.commands.run(`npm install ${library}`)
// Validate library name to prevent command injection.
const validPackageNameRegex = /^(@[a-z0-9-~][a-z0-9-._~]*\/)?[a-z0-9-~][a-z0-9-._~]*$/;
if (validPackageNameRegex.test(library)) {
await sbx.commands.run(`npm install ${library}`)
} else {
console.warn(`[Sandbox] Skipping installation of invalid module: ${library}`);
}
}
// Separate imports from the rest of the code for proper ES6 module structure