Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: f0f322e9a7
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
src/platforms/install-source.ts
Outdated
| }; | ||
|
|
||
| const ARCHIVE_EXTENSIONS = ['.zip', '.tar', '.tar.gz', '.tgz'] as const; | ||
| export const ARCHIVE_EXTENSIONS = ['.zip', '.tar', '.tar.gz', '.tgz'] as const; |
There was a problem hiding this comment.
Exporting ARCHIVE_EXTENSIONS as a live array exposes mutable global state to consumers, and isArchivePath uses that same reference to decide whether files should be treated as archives. In JS (or TS via casts), downstream code can mutate it (for example by adding/removing extensions), which silently changes install-source behavior process-wide and can break or weaken the intended validation path; export a frozen copy or an accessor that returns an immutable list instead.
Useful? React with 👍 / 👎.
thymikee
force-pushed
the
codex/issue-387-export-install-source
branch
from
f0f322e to
ccc5a14
Compare
|
1 participant
Summary
agent-device/install-sourcesubpath and rslib entrypoint.Touched files: 5. Scope stayed within install-source export surface. Docs/skills were not updated because this is a library API export, not CLI behavior.
Closes #387
Validation
pnpm install --frozen-lockfilepnpm formatpnpm check:toolinggit diff --checkKnown gaps: none.