rushstack icon indicating copy to clipboard operation
rushstack copied to clipboard
verified publisher icon microsoft

[rush] Build cache does not support symbolic links with relative paths

Open chengbapi opened this issue 1 month ago • 1 comments

Summary

When the output folder contains a symbolic link, Rush throws an error.

Image

Details

I think this is a good default behavior in most cases, since it helps prevent people from making mistakes.

However, in some cases the symbolic link is a relative path that points to another file within the same repo. Would it make sense to make the symbolic-link check (code linked below) more precise, so that it ignores cases where the relative target resolves to a path inside the repo?

https://github.com/microsoft/rushstack/blob/98d7c1af0768507c1e49c5224dc97f34305ac8ce/libraries/rush-lib/src/logic/buildCache/OperationBuildCache.ts#L349

Standard questions

Please answer these questions to help us investigate your issue more quickly:

Question Answer
@microsoft/rush globally installed version? -
rushVersion from rush.json? -
useWorkspaces from rush.json? No
Operating system? All
Would you consider contributing a PR? Yes
Node.js version (node -v)? -

chengbapi avatar Dec 04 '25 09:12 chengbapi

We categorically don't support putting symbolic links in the build cache because the vast majority of security issues related to unpacking of archives are related to symbolic link handling. It's a difficult thing to get right and we'd need an extremely convincing reason to support them.

dmichon-msft avatar Dec 08 '25 23:12 dmichon-msft

Closing for now, as this behavior is intentional.

iclanton avatar Dec 17 '25 19:12 iclanton