You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
-**`strictPaths` now defaults to `true`** - Path traversal protection is enabled by default for security. To restore v10 behavior, explicitly set `strictPaths: false`
122
+
123
+
-**`create()` and `createFromFile()` now use `CreateOptions` object** - The function signatures have changed to accept an options object instead of individual parameters for better extensibility and clarity.
-**Renamed `strictPaths` to `restrictAccessToCwd`** - For better clarity and self-documentation, the option that restricts file access to the current working directory has been renamed.
-**Added `cwd` option** - You can now specify a custom current working directory for resolving relative paths
101
-
-**Added `strictPaths` option** - Provides protection against path traversal attacks (enabled by default)
176
+
-**Added `restrictAccessToCwd` option** - Provides protection against path traversal attacks (disabled by default for backwards compatibility)
177
+
-**Added `useAbsolutePathAsKey` option** - When `true`, cache keys use absolute paths instead of the provided paths. Default is `false` for better cache portability with relative paths
178
+
-**Added `logger` option** - Support for Pino-compatible logger instances to enable debugging and monitoring of cache operations. See [Logger Support](#logger-support) section for details
102
179
-**Improved cache portability** - When using relative paths with the same `cwd`, cache files are portable across different environments
103
180
104
181
# Changes from v9 to v10
@@ -114,15 +191,24 @@ There have been many features added and changes made to the `file-entry-cache` c
114
191
- On `FileEntryDescriptor.meta` if using typescript you need to use the `meta.data` to set additional information. This is to allow for better type checking and to avoid conflicts with the `meta` object which was `any`.
115
192
116
193
# Global Default Functions
117
-
-`create(cacheId: string, cacheDirectory?: string, useCheckSum?: boolean, cwd?: string)` - Creates a new instance of the `FileEntryCache` class
118
-
-`createFromFile(cachePath: string, useCheckSum?: boolean, cwd?: string)` - Creates a new instance of the `FileEntryCache` class and loads the cache from a file.
194
+
-`create(cacheId: string, cacheDirectory?: string, options?: CreateOptions)` - Creates a new instance of the `FileEntryCache` class
195
+
-`createFromFile(filePath: string, options?: CreateOptions)` - Creates a new instance of the `FileEntryCache` class and loads the cache from a file.
196
+
197
+
## CreateOptions Type
198
+
All options from `FileEntryCacheOptions` except `cache`:
199
+
-`useCheckSum?` - If `true` it will use a checksum to determine if the file has changed. Default is `false`
200
+
-`hashAlgorithm?` - The algorithm to use for the checksum. Default is `md5`
201
+
-`cwd?` - The current working directory for resolving relative paths. Default is `process.cwd()`
202
+
-`restrictAccessToCwd?` - If `true` restricts file access to within `cwd` boundaries. Default is `false`
203
+
-`useAbsolutePathAsKey?` - If `true` uses absolute paths as cache keys. Default is `false`
204
+
-`logger?` - A logger instance for debugging. Default is `undefined`
119
205
120
206
# FileEntryCache Options (FileEntryCacheOptions)
121
207
-`useModifiedTime?` - If `true` it will use the modified time to determine if the file has changed. Default is `true`
122
208
-`useCheckSum?` - If `true` it will use a checksum to determine if the file has changed. Default is `false`
123
209
-`hashAlgorithm?` - The algorithm to use for the checksum. Default is `md5` but can be any algorithm supported by `crypto.createHash`
124
210
-`cwd?` - The current working directory for resolving relative paths. Default is `process.cwd()`
125
-
-`strictPaths?` - If `true` restricts file access to within `cwd` boundaries, preventing path traversal attacks. Default is `true`
211
+
-`restrictAccessToCwd?` - If `true` restricts file access to within `cwd` boundaries, preventing path traversal attacks. Default is `true`
126
212
-`logger?` - A logger instance compatible with Pino logger interface for debugging and monitoring. Default is `undefined`
127
213
-`cache.ttl?` - The time to live for the cache in milliseconds. Default is `0` which means no expiration
128
214
-`cache.lruSize?` - The number of items to keep in the cache. Default is `0` which means no limit
@@ -141,9 +227,10 @@ There have been many features added and changes made to the `file-entry-cache` c
141
227
-`hashAlgorithm: string` - The algorithm to use for the checksum. Default is `md5` but can be any algorithm supported by `crypto.createHash`
142
228
-`getHash(buffer: Buffer): string` - Gets the hash of a buffer used for checksums
143
229
-`cwd: string` - The current working directory for resolving relative paths. Default is `process.cwd()`
144
-
-`strictPaths: boolean` - If `true` restricts file access to within `cwd` boundaries. Default is `true`
230
+
-`restrictAccessToCwd: boolean` - If `true` restricts file access to within `cwd` boundaries. Default is `true`
231
+
-`useAbsolutePathAsKey: boolean` - If `true` uses absolute paths as cache keys. Default is `false` to maintain better cache portability
145
232
-`logger: ILogger | undefined` - A logger instance for debugging and monitoring cache operations
146
-
-`createFileKey(filePath: string): string` - Returns the cache key for the file path (returns the path exactly as provided).
233
+
-`createFileKey(filePath: string): string` - Returns the cache key for the file path (returns the path exactly as provided when `useAbsolutePathAsKey` is `false`, otherwise returns the absolute path).
147
234
-`deleteCacheFile(): boolean` - Deletes the cache file from disk
148
235
-`destroy(): void` - Destroys the cache. This will clear the cache in memory. If using cache persistence it will stop the interval.
149
236
-`removeEntry(filePath: string): void` - Removes an entry from the cache.
@@ -154,8 +241,8 @@ There have been many features added and changes made to the `file-entry-cache` c
154
241
-`analyzeFiles(files: string[])` will return `AnalyzedFiles` object with `changedFiles`, `notFoundFiles`, and `notChangedFiles` as FileDescriptor arrays.
155
242
-`getUpdatedFiles(files: string[])` will return an array of `FileEntryDescriptor` objects that have changed.
156
243
-`getFileDescriptorsByPath(filePath: string): FileEntryDescriptor[]` will return an array of `FileEntryDescriptor` objects that starts with the path prefix specified.
157
-
-`getAbsolutePath(filePath: string): string` - Resolves a relative path to absolute using the configured `cwd`. Returns absolute paths unchanged. When `strictPaths` is enabled, throws an error if the path resolves outside `cwd`.
158
-
-`getAbsolutePathWithCwd(filePath: string, cwd: string): string` - Resolves a relative path to absolute using a custom working directory. When `strictPaths` is enabled, throws an error if the path resolves outside the provided `cwd`.
244
+
-`getAbsolutePath(filePath: string): string` - Resolves a relative path to absolute using the configured `cwd`. Returns absolute paths unchanged. When `restrictAccessToCwd` is enabled, throws an error if the path resolves outside `cwd`.
245
+
-`getAbsolutePathWithCwd(filePath: string, cwd: string): string` - Resolves a relative path to absolute using a custom working directory. When `restrictAccessToCwd` is enabled, throws an error if the path resolves outside the provided `cwd`.
159
246
160
247
# Get File Descriptor
161
248
@@ -175,9 +262,12 @@ The cache stores paths exactly as they are provided (relative or absolute). When
cache2.getFileDescriptor('./src/app.js'); // Still finds cached entry!
254
350
// Cache valid as long as relative structure unchanged
255
351
```
@@ -270,12 +366,12 @@ if (fileDescriptor.notFound) {
270
366
271
367
# Path Security and Traversal Prevention
272
368
273
-
The `strictPaths` option provides security against path traversal attacks by restricting file access to within the configured `cwd` boundaries. **This is enabled by default (since v11)** to ensure secure defaults when processing untrusted input or when running in security-sensitive environments.
369
+
The `restrictAccessToCwd` option provides security against path traversal attacks by restricting file access to within the configured `cwd` boundaries. **This is enabled by default (since v11)** to ensure secure defaults when processing untrusted input or when running in security-sensitive environments.
274
370
275
371
## Basic Usage
276
372
277
373
```javascript
278
-
//strictPaths is enabled by default for security
374
+
//restrictAccessToCwd is enabled by default for security
279
375
constcache=newFileEntryCache({
280
376
cwd:'/project/root'
281
377
});
@@ -293,13 +389,13 @@ try {
293
389
// To allow parent directory access (not recommended for untrusted input)
**As of v11, `strictPaths` is enabled by default** to provide secure defaults. This means:
463
+
**As of v11, `restrictAccessToCwd` is enabled by default** to provide secure defaults. This means:
372
464
- Path traversal attempts using `../` are blocked
373
465
- File access is restricted to within the configured `cwd`
374
466
- Null bytes in paths are automatically sanitized
@@ -380,11 +472,11 @@ If you're upgrading from v10 or earlier and need to maintain the previous behavi
380
472
```javascript
381
473
constcache=newFileEntryCache({
382
474
cwd:process.cwd(),
383
-
strictPaths:false// Restore v10 behavior
475
+
restrictAccessToCwd:false// Restore v10 behavior
384
476
});
385
477
```
386
478
387
-
However, we strongly recommend keeping `strictPaths: true` and adjusting your code to work within the security boundaries, especially when processing any untrusted input.
479
+
However, we strongly recommend keeping `restrictAccessToCwd: true` and adjusting your code to work within the security boundaries, especially when processing any untrusted input.
388
480
389
481
# Using Checksums to Determine if a File has Changed (useCheckSum)
0 commit comments