Expanding yarn-v1.16.0/LICENSE would create file outside of c:\code\frontend-bug\target\node\yarn
The plugin believes that c:\code\frontend-bug\target\node\yarn-v1.16.0\LICENSE would fall outside of c:\code\frontend-bug\target and stops execution.
final File destPath = new File(destinationDirectory + File.separator + tarEntry.getName());
prepDestination(destPath, tarEntry.isDirectory());
if (!destPath.getCanonicalPath().startsWith(destinationDirectory)) {
throw new IOException(
"Expanding " + tarEntry.getName() + " would create file outside of " + destinationDirectory
If the current behavior is a bug, please provide the steps to reproduce.
The bug does not always occur. We have Windows 10 laptops with IBM corporate bloatware installed. Out of five people, three experienced this issue. Two were magically fixed by installing MinGW on their machines and putting it on PATH variable. One persists, so it could be a coincidence.
A simple c:\code\frontend-bug\pom.xml file that reproduces the issue on my machine:
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
<modelVersion>4.0.0</modelVersion>
<groupId>frigo</groupId>
<artifactId>frontend-bug</artifactId>
<version>1.0.0-SNAPSHOT</version>
<packaging>jar</packaging>
<build>
<plugins>
<plugin>
<groupId>com.github.eirslett</groupId>
<artifactId>frontend-maven-plugin</artifactId>
<version>1.7.6</version>
<executions>
<execution>
<id>install node and yarn</id>
<goals>
<goal>install-node-and-yarn</goal>
</goals>
<phase>generate-resources</phase>
</execution>
</executions>
<configuration>
<nodeVersion>v12.2.0</nodeVersion>
<yarnVersion>v1.16.0</yarnVersion>
<installDirectory>target</installDirectory>
</configuration>
</plugin>
</plugins>
</build>
</project>
What is the expected behavior?
The plugin extracts the contents of yarn-v.1.16.0.tar.gz into c:\code\frontend-bug\target\node\ and continues execution.
Please mention your frontend-maven-plugin and operating system version.
frontend-maven-plugin: 1.7.6
windows: Windows 10 Enterprise 1809 17763.437
Apache Maven 3.5.3 (3383c37e1f9e9b3bc3df5050c29c8aff9f295297; 2018-02-24T20:49:05+01:00)
Maven home: c:\Program Files\maven\bin..
Java version: 1.8.0_171, vendor: Oracle Corporation
Java home: c:\Program Files\Java\jdk1.8.0_171\jre
Default locale: en_US, platform encoding: Cp1252
OS name: "windows 10", version: "10.0", arch: "amd64", family: "windows"
Okay I realized what is going on. The getCanonicalPath() path normalizes drive letters by making them uppercase, and this breaks the startsWith call. Proof:
C:\Users\Frigo>cmd /k cd c:\code\frontend-bug
c:\code\frontend-bug>mvn clean package
[INFO] Scanning for projects...
[INFO]
[INFO] -------------------------< frigo:frontend-bug >-------------------------
[INFO] Building frontend-bug 1.0.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ frontend-bug ---
[INFO] Deleting c:\code\frontend-bug\target
[INFO]
[INFO] --- frontend-maven-plugin:1.7.6:install-node-and-yarn (install node and yarn) @ frontend-bug ---
[INFO] Installing node version v12.2.0
[INFO] Copying node binary from C:\Users\Frigo\.m2\repository\com\github\eirslett\node\12.2.0\node-12.2.0-win-x64.exe to c:\code\frontend-bug\target\node\node.exe
[INFO] Installed node locally.
[INFO] Installing Yarn version v1.16.0
[INFO] Unpacking C:\Users\Frigo\.m2\repository\com\github\eirslett\yarn\1.16.0\yarn-1.16.0.tar.gz into c:\code\frontend-bug\target\node\yarn
[INFO] ------------------------------------------------------------------------
[INFO] BUILD FAILURE
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 3.253 s
[INFO] Finished at: 2019-05-23T16:55:03+02:00
[INFO] ------------------------------------------------------------------------
[ERROR] Failed to execute goal com.github.eirslett:frontend-maven-plugin:1.7.6:install-node-and-yarn (install node and yarn) on project frontend-bug: Could not extract the Yarn archive: Could not extract archive: 'C:\Users\Frigo\.m2\repository\com\github\eirslett\yarn\1.16.0\yarn-1.16.0.tar.gz': Expanding yarn-v1.16.0/LICENSE would create file outside of c:\code\frontend-bug\target\node\yarn -> [Help 1]
[ERROR]
[ERROR] To see the full stack trace of the errors, re-run Maven with the -e switch.
[ERROR] Re-run Maven using the -X switch to enable full debug logging.
[ERROR]
[ERROR] For more information about the errors and possible solutions, please read the following articles:
[ERROR] [Help 1] http://cwiki.apache.org/confluence/display/MAVEN/MojoFailureException
c:\code\frontend-bug>exit
C:\Users\Frigo>cmd /k cd C:\code\frontend-bug
C:\code\frontend-bug>mvn clean package
[INFO] Scanning for projects...
[INFO]
[INFO] -------------------------< frigo:frontend-bug >-------------------------
[INFO] Building frontend-bug 1.0.0-SNAPSHOT
[INFO] --------------------------------[ jar ]---------------------------------
[INFO]
[INFO] --- maven-clean-plugin:2.5:clean (default-clean) @ frontend-bug ---
[INFO] Deleting C:\code\frontend-bug\target
[INFO]
[INFO] --- frontend-maven-plugin:1.7.6:install-node-and-yarn (install node and yarn) @ frontend-bug ---
[INFO] Installing node version v12.2.0
[INFO] Copying node binary from C:\Users\Frigo\.m2\repository\com\github\eirslett\node\12.2.0\node-12.2.0-win-x64.exe to C:\code\frontend-bug\target\node\node.exe
[INFO] Installed node locally.
[INFO] Installing Yarn version v1.16.0
[INFO] Unpacking C:\Users\Frigo\.m2\repository\com\github\eirslett\yarn\1.16.0\yarn-1.16.0.tar.gz into C:\code\frontend-bug\target\node\yarn
[INFO] Installed Yarn locally.
[INFO]
[INFO] --- maven-resources-plugin:2.6:resources (default-resources) @ frontend-bug ---
[WARNING] Using platform encoding (Cp1252 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory C:\code\frontend-bug\src\main\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:compile (default-compile) @ frontend-bug ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-resources-plugin:2.6:testResources (default-testResources) @ frontend-bug ---
[WARNING] Using platform encoding (Cp1252 actually) to copy filtered resources, i.e. build is platform dependent!
[INFO] skip non existing resourceDirectory C:\code\frontend-bug\src\test\resources
[INFO]
[INFO] --- maven-compiler-plugin:3.1:testCompile (default-testCompile) @ frontend-bug ---
[INFO] No sources to compile
[INFO]
[INFO] --- maven-surefire-plugin:2.12.4:test (default-test) @ frontend-bug ---
[INFO] No tests to run.
[INFO]
[INFO] --- maven-jar-plugin:2.4:jar (default-jar) @ frontend-bug ---
[WARNING] JAR will be empty - no content was marked for inclusion!
[INFO] Building jar: C:\code\frontend-bug\target\frontend-bug-1.0.0-SNAPSHOT.jar
[INFO] ------------------------------------------------------------------------
[INFO] BUILD SUCCESS
[INFO] ------------------------------------------------------------------------
[INFO] Total time: 5.164 s
[INFO] Finished at: 2019-05-23T16:55:25+02:00
[INFO] ------------------------------------------------------------------------
C:\code\frontend-bug>
I had same issue with install-node-and-npm. I had exctract part of code from DefaultArchiveExtractor::extract() method and try to simulate it in external simple project and the problem is exactly here:
if (!destPath.getCanonicalPath().startsWith(destinationDirectory)) {
throw new IOException("Expanding " + tarEntry.getName() + " would create file outside of " + destinationDirectory);
File::getCanonocalPath() under Windows returns uppercase drive letter but destinationDirectory is obtained from File::getPath().
Current solution for me is to run maven from commandline with explicity specify path with uppercased drive letter - than maven under windows will run and plugin will work; otherwise it will failed.
Hope solution will be available soon.
