extract-base-iterator/dist/esm/shared/safeJoinPath.js

Base iterator for extract iterators like tar-iterator and zip-iterator

import path from 'path';
import { stringStartsWith } from './compat.js';
export default function safeJoinPath(dest, relPath) {
    const resolvedDest = path.resolve(dest);
    const resolvedFull = path.resolve(dest, relPath);
    if (resolvedFull !== resolvedDest && !stringStartsWith(resolvedFull, resolvedDest + path.sep)) {
        const err = new Error(`Path traversal detected: '${relPath}' escapes destination '${dest}'`);
        err.code = 'ETRAVERSAL';
        throw err;
    }
    return resolvedFull;
}