fix(utils): resolve command injection vulnerability in emptyFolder

mhassan1 · mhassan1 · commit b9f1c1cc1571 · 2025-09-16T13:11:26.000-04:00
diff --git a/lib/utils.js b/lib/utils.js
@@ -457,7 +457,10 @@ module.exports.isNotSet = function (obj) {
 };
 
 module.exports.emptyFolder = (directoryPath) => {
-  require('child_process').execSync(`rm -rf ${directoryPath}/*`);
+  if (!fs.existsSync(directoryPath)) return;
+  for (const file of fs.readdirSync(directoryPath)) {
+    fs.rmSync(path.join(directoryPath, file), { recursive: true, force: true });
+  }
 };
 
 module.exports.printObjectProperties = (obj) => {
