From 6615e2788afc1d73e1343804443e96fecc42a400 Mon Sep 17 00:00:00 2001
From: Valentin Brandl <mail@vbrandl.net>
Date: Sat, 17 Aug 2024 14:59:55 +0200
Subject: [PATCH] Platform independent path validation

---
 src/lib/index.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lib/index.ts b/src/lib/index.ts
index 4141315..f5f5087 100644
--- a/src/lib/index.ts
+++ b/src/lib/index.ts
@@ -7,9 +7,9 @@ function safePath(basePath: string, name: string): boolean {
 	return (
 		!!relative &&
 		// does move out of `basePath`
-		!relative.startsWith('..') &&
+		!relative.startsWith(`..${path.sep}`) &&
 		// exactly one layer deep, e.g. no `./uplodas/foo/bar`
-		!relative.includes('/') &&
+		!relative.includes(path.sep) &&
 		// result is not an absolute path
 		!path.isAbsolute(relative)
 	);