mirror of
https://github.com/affaan-m/everything-claude-code.git
synced 2026-06-10 18:23:12 +08:00
7145ca9dfe
CodeRabbit major on PR #1898: fs.statSync follows symlinks, so a dangling protected symlink (e.g. .eslintrc.js pointing at a missing target) would throw ENOENT and be treated as absent — letting an agent "replace" the symlink and bypass the protection. Swap statSync for lstatSync. lstat reports the link node itself regardless of whether its target exists, so protected entries that happen to be symlinks stay blocked. ENOENT handling is unchanged: only a genuinely missing path (no link, no file, no directory) counts as absent. Add a regression test that creates a dangling symlink at .eslintrc.js and verifies the hook still blocks Write. Skips cleanly on platforms/sandboxes that disallow symlink creation (EPERM/EACCES).