nfischer/shelljs-exec-proxyPublic

NotificationsYou must be signed in to change notification settings
Fork4
Star41

Unlimited shelljs commands with ES6 proxies

License

MIT license

41 stars 4 forks Branches Tags Activity

Star

Notifications

You must be signed in to change notification settings

Branches Tags

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 63 Commits
.github		.github
test		test
.eslintignore		.eslintignore
.eslintrc		.eslintrc
.gitattributes		.gitattributes
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
common.js		common.js
index.js		index.js
package-lock.json		package-lock.json
package.json		package.json

Repository files navigation

ShellJS Exec Proxy

Unleash the power of unlimited ShellJS commands...with ES6 Proxies!

Do you likeShellJS, but wish it had yourfavorite commands? Skip the weirdexec() calls by usingshelljs-exec-proxy:

// Our goal: make a commit: `$ git commit -am "I'm updating the \"foo\" module to be more secure"`// Standard ShellJS requires the exec function, with confusing string escaping:shell.exec('git commit -am "I\'m updating the \\"foo\\" module to be more secure"');// Skip the extra string escaping with shelljs-exec-proxy!shell.git.commit('-am',`I'm updating the "foo" module to be more secure`);

Installation

$ npm install --save shelljs-exec-proxy

Get that JavaScript feeling back in your code

constshell=require('shelljs-exec-proxy');shell.git.status();shell.git.add('.');shell.git.commit('-am','Fixed issue #1');shell.git.push('origin','main');

Security improvements

Current versions of ShellJS export the.exec() method, which if not usedcarefully, could introduce command injection Vulnerabilities to your module.Here's an insecure code snippet:

shell.ls('dir/*.txt').forEach(file=>{shell.exec('git add '+file);}

This leaves you vulnerable to files like:

Example file name	Unintended behavior
`File 1.txt`	This tries to add both`File` and`1.txt`, instead of`File 1.txt`
`foo;rm -rf *`	This executes both`git add foo` and`rm -rf *`, unexpectedly deleting your files!
`ThisHas"quotes'.txt`	This tries running`git add ThisHas"quotes'.txt`, producing a Bash syntax error

shelljs-exec-proxy solves all these problems:

shell.ls('dir/*.txt').forEach(file=>{shell.git.add(file);}

Example file name	Behavior
`File 1.txt`	Arguments are automatically quoted, so spaces aren't an issue
`foo;rm -rf *`	Only one command runs at a time (semicolons are treated literally) and wildcards aren't expanded
`ThisHas"quotes'.txt`	Quote characters are automatically escaped for you, so there are never any issues

About

Unlimited shelljs commands with ES6 proxies

Releases

2tags

Packages

No packages published

Contributors3

Languages

JavaScript100.0%

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

License

Uh oh!

Folders and files

Latest commit

History

Repository files navigation

ShellJS Exec Proxy

Installation

Get that JavaScript feeling back in your code

Security improvements

About

Topics

Resources

License

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages

Uh oh!

Contributors3

Uh oh!

Languages

Movatterモバイル変換

License

nfischer/shelljs-exec-proxy

Folders and files

Latest commit

History

Repository files navigation

ShellJS Exec Proxy

Installation

Get that JavaScript feeling back in your code

Security improvements

About

Topics

Resources

License

Security policy

Uh oh!

Stars

Watchers

Forks

Releases

Packages0

Uh oh!

Contributors3

Uh oh!

Languages

Packages