-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathforce-patch.js
More file actions
22 lines (20 loc) · 963 Bytes
/
force-patch.js
File metadata and controls
22 lines (20 loc) · 963 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
const fs = require('fs');
const path = require('path');
// Create exact path to vulnerable module
const vulnerablePath = path.join(__dirname, 'node_modules', 'react-scripts', 'node_modules', 'resolve-url-loader', 'node_modules', 'postcss');
const securePostcssPath = path.join(__dirname, 'node_modules', 'postcss');
if (fs.existsSync(vulnerablePath) && fs.existsSync(securePostcssPath)) {
console.log('Forcing direct replacement of vulnerable postcss...');
// Remove vulnerable version
fs.rmSync(vulnerablePath, { recursive: true, force: true });
// Create symlink to secure version
fs.symlinkSync(securePostcssPath, vulnerablePath, 'junction');
console.log('Successfully patched postcss vulnerability!');
} else {
if (!fs.existsSync(vulnerablePath)) {
console.log('Vulnerable postcss path not found:', vulnerablePath);
}
if (!fs.existsSync(securePostcssPath)) {
console.log('Secure postcss path not found:', securePostcssPath);
}
}