From e7bb166a02152ec07040ecd7e345274f6406e461 Mon Sep 17 00:00:00 2001
From: Nick Martin <nim@meteor.com>
Date: Tue, 6 Aug 2013 15:23:57 -0700
Subject: [PATCH] Check for invalid package names early in the codepath.

We already don't work with packages that contain '.' in the name, this just moves the error up and makes it clearer.
---
 tools/library.js | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/tools/library.js b/tools/library.js
index 6d174ba215..5db0d12700 100644
--- a/tools/library.js
+++ b/tools/library.js
@@ -175,6 +175,17 @@ _.extend(Library.prototype, {
       return self.loadedPackages[name].pkg;
     }
 
+    // Check for invalid package names.
+    //
+    // XXX should we be even stricter and whitelist something like
+    // /\-_A-Za-z0-9/ instead of blacklisting some special characters?
+    // What about unicode package names?
+    if (/[\.\?|'"#<>\(\)]/.test(name)) {
+      if (throwOnError === false)
+        return null;
+      throw new Error("Invalid package name: " + name);
+    }
+
     var packageDir = self.findPackageDirectory(name);
 
     if (! packageDir) {