Skip to content

fix(files): prune dependency dirs in expandFileGlobs before fast-glob traversal#410

Draft
dcramer wants to merge 4 commits into
mainfrom
fix/prune-vendor-dirs-in-glob-expansion
Draft

fix(files): prune dependency dirs in expandFileGlobs before fast-glob traversal#410
dcramer wants to merge 4 commits into
mainfrom
fix/prune-vendor-dirs-in-glob-expansion

fix(files): prune dependency dirs in expandFileGlobs before fast-glob…

bddfaed
Select commit
Loading
Failed to load commit list.
@sentry/warden / warden: code-review completed Jun 16, 2026 in 0s

1 issue

code-review: Found 1 issue (1 medium)

Medium

`getEffectivePrunePatterns` drops prune entries on substring match, not whole-segment match - `packages/warden/src/cli/files.ts:55`

A user negation like !checkout/**, !rebuild/**, or !somevendor/** incorrectly removes the **/out/**, **/build/**, or **/vendor/** prune entry because neg.includes('out/'), neg.includes('build/'), and neg.includes('vendor/') match mid-word substrings — potentially re-exposing the crash-inducing traversal the PR is designed to prevent.

Also found at:

  • packages/warden/src/cli/files.test.ts:280

⏱ 7m 22s · 470.7k in / 44.1k out · $1.32

Annotations

Check warning on line 55 in packages/warden/src/cli/files.ts

See this annotation in the file changed.

@sentry-warden sentry-warden / warden: code-review

`getEffectivePrunePatterns` drops prune entries on substring match, not whole-segment match

A user negation like `!checkout/**`, `!rebuild/**`, or `!somevendor/**` incorrectly removes the `**/out/**`, `**/build/**`, or `**/vendor/**` prune entry because `neg.includes('out/')`, `neg.includes('build/')`, and `neg.includes('vendor/')` match mid-word substrings — potentially re-exposing the crash-inducing traversal the PR is designed to prevent.

Check warning on line 280 in packages/warden/src/cli/files.test.ts

See this annotation in the file changed.

@sentry-warden sentry-warden / warden: code-review

[STV-NU3] `getEffectivePrunePatterns` drops prune entries on substring match, not whole-segment match (additional location)

A user negation like `!checkout/**`, `!rebuild/**`, or `!somevendor/**` incorrectly removes the `**/out/**`, `**/build/**`, or `**/vendor/**` prune entry because `neg.includes('out/')`, `neg.includes('build/')`, and `neg.includes('vendor/')` match mid-word substrings — potentially re-exposing the crash-inducing traversal the PR is designed to prevent.