Have ideas to improve npm?Join in the discussion! »

    shelljs-exec-proxy
    DefinitelyTyped icon, indicating that this package has TypeScript declarations provided by the separate @types/shelljs-exec-proxy package

    0.2.0 • Public • Published

    ShellJS Exec Proxy

    Travis Codecov npm npm downloads

    Unleash the power of unlimited ShellJS commands... with ES6 Proxies!

    Do you like ShellJS, but wish it had your favorite commands? Skip the weird exec() calls by using shelljs-exec-proxy:

    // Our goal: make a commit: `$ git commit -am "I'm updating the \"foo\" module to be more secure"`
    // Standard ShellJS requires the exec function, with confusing string escaping:
    shell.exec('git commit -am "I\'m updating the \\"foo\\" module to be more secure"');
    // Skip the extra string escaping with shelljs-exec-proxy!
    shell.git.commit('-am', `I'm updating the "foo" module to be more secure`);

    Installation

    Important: This is only available for Node v6+ (it requires ES6 Proxies!)

    $ npm install --save shelljs-exec-proxy
    

    Get that JavaScript feeling back in your code

    const shell = require('shelljs-exec-proxy');
    shell.git.status();
    shell.git.add('.');
    shell.git.commit('-am', 'Fixed issue #1');
    shell.git.push('origin', 'master');

    Security improvements

    Current versions of ShellJS export the .exec() method, which if not used carefully, could introduce command injection Vulnerabilities to your module. Here's an insecure code snippet:

    shell.ls('dir/*.txt').forEach(file => {
      shell.exec('git add ' + file);
    }

    This leaves you vulnerable to files like:

    Example file name Unintended behavior
    File 1.txt This tries to add both File and 1.txt, instead of File 1.txt
    foo;rm -rf * This executes both git add foo and rm -rf *, unexpectedly deleting your files!
    ThisHas"quotes'.txt This tries running git add ThisHas"quotes'.txt, producing a Bash syntax error

    shelljs-exec-proxy solves all these problems:

    shell.ls('dir/*.txt').forEach(file => {
      shell.git.add(file);
    }
    Example file name Behavior
    File 1.txt Arguments are automatically quoted, so spaces aren't an issue
    foo;rm -rf * Only one command runs at a time (semicolons are treated literally) and wildcards aren't expanded
    ThisHas"quotes'.txt Quote characters are automatically escaped for you, so there are never any issues

    Install

    npm i shelljs-exec-proxy

    DownloadsWeekly Downloads

    158

    Version

    0.2.0

    License

    MIT

    Unpacked Size

    7.49 kB

    Total Files

    5

    Last publish

    Collaborators

    • avatar