From 6406aa4dc26a92d65d723376fb1d3ed0dd4f1b45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Curn?= Date: Fri, 5 Dec 2025 22:48:44 +0100 Subject: [PATCH 1/2] Update utilities.ts Ensure people cannot hijack CLI install paths - see https://docs.apify.com/cli/docs/next/installation --- packages/utilities/src/utilities.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/packages/utilities/src/utilities.ts b/packages/utilities/src/utilities.ts index bd7515c9..01e6c6bc 100644 --- a/packages/utilities/src/utilities.ts +++ b/packages/utilities/src/utilities.ts @@ -244,6 +244,9 @@ const FORBIDDEN_USERNAMES_REGEXPS = [ // File starting with xxx- '(xxx-.*)', + // File starting with install-cli. + '(install-cli\..*)', + // Strings not starting with letter or number '([^0-9a-z].*)', From fccba93a5791fe4b3184af967480ba7b03239bf0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20=C4=8Curn?= Date: Sat, 6 Dec 2025 19:11:47 +0100 Subject: [PATCH 2/2] Update comments for regex patterns in utilities.ts --- packages/utilities/src/utilities.ts | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/packages/utilities/src/utilities.ts b/packages/utilities/src/utilities.ts index 01e6c6bc..de1b3881 100644 --- a/packages/utilities/src/utilities.ts +++ b/packages/utilities/src/utilities.ts @@ -241,11 +241,11 @@ const FORBIDDEN_USERNAMES_REGEXPS = [ // All hidden files '(\\..*)', - // File starting with xxx- + // Username starting with xxx- '(xxx-.*)', - // File starting with install-cli. - '(install-cli\..*)', + // Username starting with install-cli. (see https://docs.apify.com/cli/docs/installation) + '(install-cli\\..*)', // Strings not starting with letter or number '([^0-9a-z].*)',