ci(scripts): safer package details retrieval

2024-04-25 10:50:41 -04:00
parent 4816a1638a
commit e9004a93a4
2 changed files with 8 additions and 3 deletions
--- a/scripts/lib/getPackageDetails.ts
+++ b/scripts/lib/getPackageDetails.ts
@@ -19,7 +19,11 @@ export type PackageDetails = {
  version: string
 }

+/**
+ * Accepts package whitelist (directory names inside packages dir) and returns details for each package
+ */
 export const getPackageDetails = async (packages: string[]): Promise<PackageDetails[]> => {
+  // Fetch all package.json files, filter out packages not in the whitelist
  const packageJsons = await globby('packages/*/package.json', {
    cwd: projectRoot,
    absolute: true,
@@ -31,6 +35,9 @@ export const getPackageDetails = async (packages: string[]): Promise<PackageDeta
      const isPublic = packageJson.private !== true
      if (!isPublic) return null

+      const isInWhitelist = packages.includes(path.basename(path.dirname(packageJsonPath)))
+      if (!isInWhitelist) return null
+
      return {
        name: packageJson.name as string,
        packagePath: path.relative(projectRoot, dirname(packageJsonPath)),