fix(#2857): prevent npm scoped package paths from being resolved as skill paths
resolveSkillPathReferences: add looksLikeFilePath() guard that requires a file extension or trailing slash before resolving @scope/package references. npm packages like @mycom/my_mcp_tools@beta were incorrectly being rewritten to absolute paths in skill templates. 2 new tests.
This commit is contained in:
YeonGyu-Kim
@@ -90,6 +90,30 @@ describe("resolveSkillPathReferences", () => {
|
|||||||
expect(result).toBe("No path references here")
|
expect(result).toBe("No path references here")
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it("does not resolve npm scoped packages in commands", () => {
|
||||||
|
//#given
|
||||||
|
const content = "npx --package=@mycom/my_mcp_tools@beta cli my_cmd_tool XXX"
|
||||||
|
const basePath = "C:/Users/Admin/.config/opencode/skills/my_skills"
|
||||||
|
|
||||||
|
//#when
|
||||||
|
const result = resolveSkillPathReferences(content, basePath)
|
||||||
|
|
||||||
|
//#then
|
||||||
|
expect(result).toBe("npx --package=@mycom/my_mcp_tools@beta cli my_cmd_tool XXX")
|
||||||
|
})
|
||||||
|
|
||||||
|
it("does not resolve npm scoped packages without version suffix", () => {
|
||||||
|
//#given
|
||||||
|
const content = "npm install @angular/core @types/node"
|
||||||
|
const basePath = "/skills/frontend"
|
||||||
|
|
||||||
|
//#when
|
||||||
|
const result = resolveSkillPathReferences(content, basePath)
|
||||||
|
|
||||||
|
//#then
|
||||||
|
expect(result).toBe("npm install @angular/core @types/node")
|
||||||
|
})
|
||||||
|
|
||||||
it("handles basePath with trailing slash", () => {
|
it("handles basePath with trailing slash", () => {
|
||||||
//#given
|
//#given
|
||||||
const content = "@scripts/search.py"
|
const content = "@scripts/search.py"
|
||||||
|
|||||||
@@ -1,10 +1,17 @@
|
|||||||
import { join } from "path"
|
import { join } from "path"
|
||||||
|
|
||||||
|
function looksLikeFilePath(path: string): boolean {
|
||||||
|
if (path.endsWith("/")) return true
|
||||||
|
const lastSegment = path.split("/").pop() ?? ""
|
||||||
|
return /\.[a-zA-Z0-9]+$/.test(lastSegment)
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Resolves @path references in skill content to absolute paths.
|
* Resolves @path references in skill content to absolute paths.
|
||||||
*
|
*
|
||||||
* Matches @references that contain at least one slash (e.g., @scripts/search.py, @data/)
|
* Matches @references that contain at least one slash (e.g., @scripts/search.py, @data/)
|
||||||
* to avoid false positives with decorators (@param), JSDoc tags (@ts-ignore), etc.
|
* to avoid false positives with decorators (@param), JSDoc tags (@ts-ignore), etc.
|
||||||
|
* Also skips npm scoped packages (@scope/package) by requiring a file extension or trailing slash.
|
||||||
*
|
*
|
||||||
* Email addresses are excluded since they have alphanumeric characters before @.
|
* Email addresses are excluded since they have alphanumeric characters before @.
|
||||||
*/
|
*/
|
||||||
@@ -12,6 +19,9 @@ export function resolveSkillPathReferences(content: string, basePath: string): s
|
|||||||
const normalizedBase = basePath.endsWith("/") ? basePath.slice(0, -1) : basePath
|
const normalizedBase = basePath.endsWith("/") ? basePath.slice(0, -1) : basePath
|
||||||
return content.replace(
|
return content.replace(
|
||||||
/(?<![a-zA-Z0-9])@([a-zA-Z0-9_-]+\/[a-zA-Z0-9_.\-\/]*)/g,
|
/(?<![a-zA-Z0-9])@([a-zA-Z0-9_-]+\/[a-zA-Z0-9_.\-\/]*)/g,
|
||||||
(_, relativePath: string) => join(normalizedBase, relativePath)
|
(match, relativePath: string) => {
|
||||||
|
if (!looksLikeFilePath(relativePath)) return match
|
||||||
|
return join(normalizedBase, relativePath)
|
||||||
|
}
|
||||||
)
|
)
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user