adding __proto__ to package name blacklist

2025-01-20 22:52:46 -05:00 · 2013-09-27 13:20:38 +04:00 · 2013-09-27 13:20:38 +04:00 · ac2ea00b2b
commit ac2ea00b2b
parent 361d653613
1 changed files with 3 additions and 1 deletions
--- a/lib/utils.js
+++ b/lib/utils.js
@ -3,11 +3,13 @@ var URL = require('url');

 // from normalize-package-data/lib/fixer.js
 module.exports.validate_name = function(name) {
+	name = name.toLowerCase();
 	if (
-		name.charAt(0) === "." ||
+		name.charAt(0) === "." || // ".bin", etc.
 		name.match(/[\/@\s\+%:]/) ||
 		name !== encodeURIComponent(name) ||
 		name.toLowerCase() === "node_modules" ||
+		name.toLowerCase() === "__proto__" ||
 		name.toLowerCase() === "favicon.ico"
 	) {
 		return false;