dangerouslyAllowCleanPatternsOutsideProject: false doesn't work

johnagan / clean-webpack-plugin

A webpack plugin to remove your build folder(s) before building

MIT License

1.96k stars 137 forks source link

dangerouslyAllowCleanPatternsOutsideProject: false doesn't work #131

Closed shravan2x closed 5 years ago

shravan2x commented 5 years ago

Issue description or question

The dangerouslyAllowCleanPatternsOutsideProject: false option doesn't seem to work when the webpack output.path option is set to a path outside process.cwd(). The docs explicitly state that this shouldn't be possible, but the files get deleted and the logs produced when verbose: true is set show a list of removed ... entries.

Webpack Config

new CleanWebpackPlugin(/*['index.html', '*.js', '*.js.map', '*.css', '*.css.map'],*/ {
        dry: false,
        verbose: true,
        dangerouslyAllowCleanPatternsOutsideProject: false
    }),

Environment

Run: npx envinfo --system --binaries --npmPackages clean-webpack-plugin,webpack

  System:
    OS: Windows 10
    CPU: (8) x64 Intel(R) Core(TM) i7-6820HK CPU @ 2.70GHz
    Memory: 20.71 GB / 63.96 GB
  Binaries:
    Node: 10.15.3 - C:\Program Files\nodejs\node.EXE
    npm: 6.4.1 - C:\Program Files\nodejs\npm.CMD

chrisblossom commented 5 years ago

Can you please provide me with a minimal example repo?

shravan2x commented 5 years ago

The project I'm using this for is closed source, and due to personal commitments I currently don't have the time to prepare an example repo. However, the information I provided above should be all that's needed to reproduce the issue (i.e. set dry: false, dangerouslyAllowCleanPatternsOutsideProject: false, and set a webpack.output.path outside process.cwd()).

chrisblossom commented 5 years ago

What do you think should happen with dangerouslyAllowCleanPatternsOutsideProject: false (this is the default setting)? Here is the test verifying that exactly what you are reporting works as expected.

If you are trying to remove files outside of the project's process.cwd(), you'll need to set dangerouslyAllowCleanPatternsOutsideProject: true as described in the readme.

shravan2x commented 5 years ago

I expect that setting dangerouslyAllowCleanPatternsOutsideProject: false is a layer of security (against accidental deletion of files) and when the option is set, no files outside the current process.cwd() should be deleted under any condition (i.e. only files/directories within the current subtree can be modified). In my case, I used path.resolve('../OtherApp/dist'); to refer to a directory outside process.cwd().

Since you are not able to reproduce the issue, I will try to create a test repo when I find a chance.

joepagan commented 5 years ago

I could not get this working either, Looking inside the plugin's code this option is incorrect as OP highlighted...

It's referenced as allowExternal inside the plugin and there is no reference of dangerouslyAllowCleanPatternsOutsideProject. Setting allowExternal: true works for me on "clean-webpack-plugin": "^0.1.19",

Edit*: Ok, didn't realise how bloody behind I was on versions here! I've updated to latest and can confirm dangerouslyAllowCleanPatternsOutsideProject works.

chrisblossom commented 5 years ago

Closing this issue. @shravan2x please reopen with a reproducible repository or with a PR that includes a failing test that shows the issue.