#13254: fix: harden archive extraction and plugin update rollback
stale
## Summary
- harden archive extraction path handling for tar/zip plugin packages
- avoid throwing inside tar filters while still rejecting unsafe archive entries
- fix plugin update rollback so failed dependency installs (including thrown npm errors) restore the previous plugin state
- add regression coverage for update rollback after npm install throws
## Testing
- pnpm test src/infra/archive.test.ts
- pnpm test src/plugins/install.test.ts
Most Similar PRs
#13713: installers: clean temporary dirs after archive installs
by lawyered0 · 2026-02-10
64.3%
#7616: Harden zip extraction against path traversal
by lawyered0 · 2026-02-03
63.5%
#21039: Fix npm-spec plugin installs when npm pack output is empty
by graysurf · 2026-02-19
62.9%
#20424: Fix plugin extension path traversal in discovery/install
by markmusson · 2026-02-18
61.5%
#14112: test(security): harden plugin install against script execution
by davidahmann · 2026-02-11
61.5%
#8073: fix(plugins): add --ignore-scripts to npm install
by yubrew · 2026-02-03
61.4%
#7317: fix(security): harden zip extraction and hook token comparison
by daem0ndev · 2026-02-02
59.7%
#9529: security(archive): validate entries against path traversal (Zip Slip)
by leszekszpunar · 2026-02-05
59.4%
#11710: fix: security hardening — exec blocking, auth validation, timing-sa...
by zendizmo · 2026-02-08
58.8%
#12849: fix(plugins): fallback bundled channel specs when npm install retur...
by vincentkoc · 2026-02-09
58.4%