How to handle paths outside of package.json's directory
mk-pmb opened this issue · comments
"browser": {
"./../../limits.json": "./overrides/limits.json",
"/etc/users.json": "./override/etc_users.json"
}
The first one even complies with the wishful thinking that
All paths for browser fields are relative to the
package.json
file location
I can make up a dozen of cases where it would be really useful if some bundlers accept above config, but nevertheless I propose that:
Bundlers MUST ignore overrides that:
would apply to parent directories of the(nope, that could leak information about file system structure)package.json
that sets them- contain upwards path components, e.g.
..
. - contain absolute or network paths, e.g. start with a slash (linux/win), backslash (win), drive letter (win), UNC path (win)
- contain characters below U+0020
You might wish to include even more Unicode ranges, but they'd probably be in a region where we'd have to care about the differemces between UTF-8 and UCS-2.