Skip to content

fix: #2360. Add validation for project name.#2385

Closed
sunkehappy wants to merge 4 commits intovitejs:mainfrom
sunkehappy:Calvin-fix-#2360
Closed

fix: #2360. Add validation for project name.#2385
sunkehappy wants to merge 4 commits intovitejs:mainfrom
sunkehappy:Calvin-fix-#2360

Conversation

@sunkehappy
Copy link

@sunkehappy sunkehappy commented Mar 5, 2021
edited
Loading

Project name should not contain special characters like space. So we can exit when no suitable name provided.

Matt-Deacalion
Matt-Deacalion reviewed Mar 5, 2021
View reviewed changes
rschristian
rschristian reviewed Mar 6, 2021
View reviewed changes
packages/create-app/index.js
const renameFiles = {
_gitignore: '.gitignore'
}
const projectNameRE = /^[A-Za-z0-9_-]*$/
Copy link
Contributor

@rschristian rschristian Mar 6, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is totally incorrect. Please use something like validate-npm-package-name

Vite depends on resolve.exports which wouldn't pass your regex, for example.

rschristian
rschristian reviewed Mar 6, 2021
View reviewed changes
rschristian
rschristian suggested changes Mar 7, 2021
View reviewed changes
packages/create-app/index.js
const renameFiles = {
_gitignore: '.gitignore'
}
const projectNameRE = /^[A-Za-z0-9_-]*$/
Copy link
Contributor

@rschristian rschristian Mar 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const projectNameRE = /^[A-Za-z0-9_-]*$/

This is no longer used.

packages/create-app/index.js Outdated
Comment on lines +49 to +56
const validateResult = validatePackageName(name)
if (!validateResult.validForNewPackages) {
console.error(
// Only one name to be validated, so there will be only one error
validateResult.errors.length && validateResult.errors[0]
)
process.exit(1)
}
Copy link
Contributor

@rschristian rschristian Mar 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const validateResult = validatePackageName(name)
if (!validateResult.validForNewPackages) {
console.error(
// Only one name to be validated, so there will be only one error
validateResult.errors.length && validateResult.errors[0]
)
process.exit(1)
}
const { errors } = validatePackageName(name);
if (errors) {
errors.unshift(`Invalid package name: ${name}`);
console.error(errors.join('\n - '));
process.exit(1);
}

While only one name will be validated, multiple errors can in fact be returned. For example, the name 'foobar ' will result in both name cannot contain leading or trailing spaces and name can only contain URL-friendly characters being returned. Multiple errors.

Copy link
Author

@sunkehappy sunkehappy Mar 7, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@rschristian Thank you. I correct it now.

@yyx990803
Copy link
Member

yyx990803 commented Mar 15, 2021

Thanks for the PR, but validate-npm-package-name pulls in a number of extra transitive dependencies which should ideally be avoided.

Also, we should allow user to create directories with any name, we just need to make sure the name used in package.json is valid so that npm/yarn doesn't complain. see 1dbf246

@yyx990803 yyx990803 closed this Mar 15, 2021
@rschristian
Copy link
Contributor

rschristian commented Mar 15, 2021
edited
Loading

@yyx990803 Apologies, validate... was my suggestion, but how exactly does it pull in a number of transitive deps? The only item in the dep stack is builtins. http://npm.anvaka.com/#/view/2d/validate-npm-package-name

Fair call on allowing any directory name, though 1dbf246 is not a valid solution as npm/yarn still won't appreciate users using fs as their package name. The regex also allows me to make my package name .example, yet this too is invalid. <-- Oops, bad copy/paste to repl

I'd say it's probably beneficial to allow the lib which covers all edge cases to do this. Simpler than refining that regex and offloads the responsibility.

@patak-cat patak-cat mentioned this pull request Apr 28, 2021
Merged
9 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@Matt-Deacalion Matt-Deacalion Matt-Deacalion left review comments

@rschristian rschristian rschristian requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@sunkehappy @yyx990803 @rschristian @Matt-Deacalion