Implement path validation and manipulation utilities.
Requirements
Path validation
const PATH_SEPARATOR = '/'
const MAX_PATH_LENGTH = 4096
// Validation checks:
- No null bytes in path
- No traversal beyond root (../../etc/passwd)
- No invalid characters
- Not exceeds MAX_PATH_LENGTH
- Resolved path stays within allowed roots
- Windows: handle drive letters, backslashes
Path utilities
const resolve = (path: string): string
const join = (...parts: string[]): string
const dirname = (path: string): string
const basename = (path: string): string
const extname = (path: string): string
const normalize = (path: string): string
const isAbsolute = (path: string): boolean
Usage examples
Basic manipulation
join('src', 'utils', 'helpers.ts')
// → 'src/utils/helpers.ts'
basename('/src/utils/helpers.ts')
// → 'helpers.ts'
dirname('/src/utils/helpers.ts')
// → '/src/utils'
extname('/src/utils/helpers.ts')
// → '.ts'
normalize('/src/../src/utils/./helpers.ts')
// → '/src/utils/helpers.ts'
isAbsolute('/src/utils')
// → true
isAbsolute('src/utils')
// → falseResolution
resolve('/project', 'src/main.ts')
// → '/project/src/main.ts'
resolve('/project', '../package.json')
// → '/package.json' (blocked by validation!)Validation
// These should be rejected:
validate('/../../../etc/passwd') // traversal attack
validate('/path/with/\x00/null') // null byte
validate('a'.repeat(5000)) // too longGoals
- Security against path traversal attacks
- Works in both Node.js and browser environments
Implement path validation and manipulation utilities.
Requirements
Path validation
Path utilities
Usage examples
Basic manipulation
Resolution
Validation
Goals