From e68cd3ae28d70e31dfe89d42d12a58afb9462949 Mon Sep 17 00:00:00 2001
From: Thomas Bouldin <inlined@google.com>
Date: Wed, 8 Oct 2025 15:17:55 -0700
Subject: [PATCH 1/2] Fix filter for symlinks

---
 src/archiveDirectory.ts | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/src/archiveDirectory.ts b/src/archiveDirectory.ts
index 9f6c65d3b9d..1ce741695f3 100644
--- a/src/archiveDirectory.ts
+++ b/src/archiveDirectory.ts
@@ -142,12 +142,16 @@ async function zipDirectory(
     throw err;
   }
   // For security, filter out all symlinks
-  const realFiles = await Promise.all(
-    files.filter(async (f) => {
+  const realFiles: typeof files = [];
+  await Promise.all(
+    files.map(async (f) => {
       const stats = await fs.promises.lstat(f.name);
-      return !stats.isSymbolicLink();
+      if (!stats.isSymbolicLink()) {
+        realFiles.push(f);
+      }
     }),
   );
+
   for (const file of realFiles) {
     const name = path.relative(sourceDirectory, file.name);
     allFiles.push(name);

From 5b8d2d0b61ee7aedd341e77e7de066a6dcfb1fcd Mon Sep 17 00:00:00 2001
From: Thomas Bouldin <inlined@google.com>
Date: Wed, 8 Oct 2025 15:42:14 -0700
Subject: [PATCH 2/2] Fine. Preserve ordering at the cost of readability

---
 src/archiveDirectory.ts | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/src/archiveDirectory.ts b/src/archiveDirectory.ts
index 1ce741695f3..21dc7aee002 100644
--- a/src/archiveDirectory.ts
+++ b/src/archiveDirectory.ts
@@ -141,16 +141,13 @@ async function zipDirectory(
     }
     throw err;
   }
-  // For security, filter out all symlinks
-  const realFiles: typeof files = [];
-  await Promise.all(
+  // For security, filter out all symlinks. This code is a bit obtuse to preserve ordering.
+  const realFiles = (await Promise.all(
     files.map(async (f) => {
       const stats = await fs.promises.lstat(f.name);
-      if (!stats.isSymbolicLink()) {
-        realFiles.push(f);
-      }
+      return stats.isSymbolicLink() ? null : f;
     }),
-  );
+  )).filter((fileOrNull): fileOrNull is typeof files[number] => fileOrNull !== null);
 
   for (const file of realFiles) {
     const name = path.relative(sourceDirectory, file.name);