Summary
deepsec scan fails on Windows with:
Invalid filePath: contains backslash
This happens because scanner glob results on Windows can include \ separators, but file record paths are validated as POSIX-style (/) and reject backslashes.
Repro
- On Windows, initialize deepsec in a project.
- Run scan:
npx --yes deepsec@latest scan --project-id <id> (or pnpm deepsec scan ... in .deepsec)
- Observe failure when matchers start (for me it failed at
auth-bypass).
Error
Invalid filePath: contains backslash
Expected
Scan should accept Windows glob output and normalize relative paths consistently.
Proposed fix
Normalize glob-returned relative paths in scanner before using them as record keys/file paths, e.g. relPathRaw.replaceAll(\, /).
I opened a PR with this change:
Summary
deepsec scanfails on Windows with:Invalid filePath: contains backslashThis happens because scanner glob results on Windows can include
\separators, but file record paths are validated as POSIX-style (/) and reject backslashes.Repro
npx --yes deepsec@latest scan --project-id <id>(orpnpm deepsec scan ...in.deepsec)auth-bypass).Error
Invalid filePath: contains backslashExpected
Scan should accept Windows glob output and normalize relative paths consistently.
Proposed fix
Normalize glob-returned relative paths in scanner before using them as record keys/file paths, e.g.
relPathRaw.replaceAll(\, /).I opened a PR with this change: