From 0d1a356e0ff47bf1af213d1c86303a5074e86862 Mon Sep 17 00:00:00 2001
From: PiggyPiglet <noreply@piggypiglet.me>
Date: Mon, 9 Feb 2026 01:02:32 +0800
Subject: [PATCH] ExpansionSafety: Fix NPE & Only check files not directories

---
 .../placeholderapi/util/ExpansionSafetyCheck.java     | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/main/java/me/clip/placeholderapi/util/ExpansionSafetyCheck.java b/src/main/java/me/clip/placeholderapi/util/ExpansionSafetyCheck.java
index 365fb36..5b7e810 100644
--- a/src/main/java/me/clip/placeholderapi/util/ExpansionSafetyCheck.java
+++ b/src/main/java/me/clip/placeholderapi/util/ExpansionSafetyCheck.java
@@ -55,9 +55,18 @@ public final class ExpansionSafetyCheck {
         }
 
         final Set<String> maliciousPaths = new HashSet<>();
+        final File[] files = expansionsFolder.listFiles();
 
-        for (File file : expansionsFolder.listFiles()) {
+        if (files == null) {
+            return false;
+        }
+
+        for (File file : files) {
             try {
+                if (!file.isFile()) {
+                    continue;
+                }
+
                 final String hash = Hashing.sha256().hashBytes(Files.asByteSource(file).read()).toString();
 
                 if (knownMaliciousExpansions.contains(hash)) {