Check for valid package installation archive (#28)

Author: andersevenrud

src/packages.js

@@ -181,7 +181,16 @@ class Packages {
     await fs.mkdir(target);
     await extract(stream, target);
 
-    const filenames = await fg(root + '/*/metadata.json');
+    // FIXME: npm packages have a 'package' subdirectory
+    if (!await fs.exists(path.resolve(target, 'metadata.json'))) {
+      await fs.unlink(target);
+
+      throw new Error('Invalid package');
+    }
+
+    // TODO: Check conflicts ?
+
+    const filenames = await fg(root + '/*/metadata.json'); // FIXME: Windows!
     const metadatas = await Promise.all(filenames.map(f => fs.readJson(f)));
 
     await fs.writeJson(manifest, metadatas);