ui icon indicating copy to clipboard operation
ui copied to clipboard

Published 20 hours ago verified publisher icon shadcn-ui

CLI `add` command - Missing baseColor validation with the registry

Open mateonunez opened this issue 1 year ago • 0 comments

Hi folks!

At first, this project it's awesome. I was trying a first integration with Next.js but I accidentally missmatched the baseColor value. When I tried to add a new component with the CLI, generating and exception.

components.json

{
	"$schema": "https://ui.shadcn.com/schema.json",
	"style": "default",
	"rsc": true,
	"tsx": true,
	"tailwind": {
		"config": "tailwind.config.js",
		"css": "app/globals.css",
-		"baseColor": "slate",
+		"baseColor": "malicious-path",
		"cssVariables": true,
		"prefix": ""
	},
	"aliases": {
		"components": "@/components",
		"utils": "@/lib/utils"
	}
}

and then

npx shadcn-ui@latest add accordion

SyntaxError: Unexpected token '<', "<!DOCTYPE "... is not valid JSON
    at JSON.parse (<anonymous>)
    at Response.json (file:///Users/mateonunez/.npm/_npx/125ee17d583c4e03/node_modules/node-fetch/src/body.js:150:15)
    at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
    at async file:///Users/mateonunez/.npm/_npx/125ee17d583c4e03/node_modules/shadcn-ui/dist/index.js:2:4419
    at async Promise.all (index 0)
    at async N (file:///Users/mateonunez/.npm/_npx/125ee17d583c4e03/node_modules/shadcn-ui/dist/index.js:2:4386)
    at async S (file:///Users/mateonunez/.npm/_npx/125ee17d583c4e03/node_modules/shadcn-ui/dist/index.js:2:3644)
    at async Command.<anonymous> (file:///Users/mateonunez/.npm/_npx/125ee17d583c4e03/node_modules/shadcn-ui/dist/index.js:3:1986)
Failed to fetch base color from registry.

I was forgetting the Request:

[Symbol(Request internals)]: {
    method: 'GET',
    redirect: 'follow',
    headers: {},
    parsedURL: URL {
      href: 'https://ui.shadcn.com/registry/colors/malicious-path.json',
      origin: 'https://ui.shadcn.com',
      protocol: 'https:',
      username: '',
      password: '',
      host: 'ui.shadcn.com',
      hostname: 'ui.shadcn.com',
      port: '',
      pathname: '/registry/colors/malicious-path.json',
      search: '',
      searchParams: URLSearchParams {},
      hash: ''
    },
    signal: null,
    referrer: undefined,
    referrerPolicy: ''
  }

The issue can be avoided by adding a simple check into the registry (array) before resolving it with the fetcher.

I could send a PR to fix it! 👋

mateonunez avatar Jan 10 '24 22:01 mateonunez