search

harlan-zw / unlighthouse

Scan your entire site with Google Lighthouse in 2 minutes (on average). Open source, fully configurable with minimal setup.
https://unlighthouse.dev
MIT License
3.65k stars 105 forks source link

Using `unlighthouse-ci --output-path= <path>` removes the target directory. #200

Closed I-0h closed 2 months ago

I-0h commented 3 months ago

Describe the bug

Using unlighthouse-ci --output-path= <path> removes the target directory. Specifying a path can have catastrophic effects if the command is run with the wrong permissions or on an unprotected directory.

Reproduction

unlighthouse-ci --output-path= <an_unprotected_path_with_stuff_you_want_to_keep>

System / Nuxt Info

System:
    OS: macOS 14.0
    CPU: (10) arm64 Apple M1 Pro
    Memory: 60.92 MB / 16.00 GB
    Shell: 5.9 - /bin/zsh
  Binaries:
    Node: 21.4.0 - /opt/homebrew/bin/node
    npm: 10.2.4 - /opt/homebrew/bin/npm
    pnpm: 7.15.0 - /usr/local/bin/pnpm
  Browsers:
    Brave Browser: 121.1.62.162
    Chrome: 123.0.6312.87
    Safari: 17.0

Resolution

Prevent this behavior by only attempting to remove reports/ if it exists and clearly document CI option behavior.

harlan-zw commented 3 months ago

Thanks for the issue, will jump on it when I have a chance. PRs welcome otherwise :)

apsolut commented 2 months ago

also running just unlighthouse-ci for me deleted old reports I created with unlighthouse

harlan-zw commented 2 months ago

Have pushed up a fix for this, it would no longer attempt to delete the output path, only the generated runtime folder which has a path as <outputPath>/<siteUrl>/<cacheKey> which should avoid anything accidental happening.

also running just unlighthouse-ci for me deleted old reports I created with unlighthouse

The CI will always reset the cache, I'd suggest just using unlighthouse