search

resolve-path

NPM Versionarrow-up-right NPM Downloadsarrow-up-right Node.js Versionarrow-up-right Linux Buildarrow-up-right Windows Buildarrow-up-right Test Coveragearrow-up-right

Resolve a relative path against a root path with validation.

This module would protect against commons attacks like GET /../file.js which reaches outside the root folder.

hashtag
Installation

This is a Node.jsarrow-up-right module available through the npm registryarrow-up-right. Installation is done using the npm install commandarrow-up-right:

$ npm install resolve-path

hashtag
API

var resolvePath = require('resolve-path')

hashtag
resolvePath(relativePath)

Resolve a relative path against process.cwd() (the process's current working directory) and return an absolute path. This will throw if the resulting resolution seems malicious. The following are malicious:

  • The relative path is an absolute path

  • The relative path contains a NULL byte

  • The relative path resolves to a path outside of process.cwd()

  • The relative path traverses above process.cwd() and back down

hashtag
resolvePath(rootPath, relativePath)

Resolve a relative path against the provided root path and return an absolute path. This will throw if the resulting resolution seems malicious. The following are malicious:

  • The relative path is an absolute path

  • The relative path contains a NULL byte

  • The relative path resolves to a path outside of the root path

  • The relative path traverses above the root and back down

hashtag
Example

hashtag
Safely resolve paths in a public directory

hashtag
License

MITarrow-up-right

Previousrequire-directoryNextSecurity

Last updated