A shell parser, formatter and interpreter. Supports POSIX Shell, Bash and mksh. Requires Go 1.10 or later.
Note: v2 is in a feature freeze, and will only receive bugfixes.
Development continues on the mvdan.cc/sh/v3 Go module on the
master.v3 branch.
To parse shell scripts, inspect them, and print them out, see the syntax examples.
For high-level operations like performing shell expansions on strings, see the shell examples.
go get -u mvdan.cc/sh/cmd/shfmt
shfmt formats shell programs. It can use tabs or any number of spaces to
indent. See canonical.sh for a quick look at its default
style.
You can feed it standard input, any number of files or any number of directories
to recurse into. When recursing, it will operate on .sh and .bash files and
ignore files starting with a period. It will also operate on files with no
extension and a shell shebang.
shfmt -l -w script.sh
Typically, CI builds should use the command below, to error if any shell scripts in a project don't adhere to the format:
shfmt -d .
Use -i N to indent with a number of spaces instead of tabs. There are other
formatting options - see shfmt -h. For example, to get the formatting
appropriate for Google's Style guide, use shfmt -i 2 -ci.
Packages are available on Arch, CRUX, Docker, FreeBSD, Homebrew, NixOS, Scoop, Snapcraft, and Void.
bash -nbash -n can be useful to check for syntax errors in shell scripts. However,
shfmt >/dev/null can do a better job as it checks for invalid UTF-8 and does
all parsing statically, including checking POSIX Shell validity:
$ echo '${foo:1 2}' | bash -n
$ echo '${foo:1 2}' | shfmt
1:9: not a valid arithmetic operator: 2
$ echo 'foo=(1 2)' | bash --posix -n
$ echo 'foo=(1 2)' | shfmt -p
1:5: arrays are a bash feature
go get -u mvdan.cc/sh/cmd/gosh
Experimental shell that uses interp. Work in progress, so don't expect
stability just yet.
This project makes use of go-fuzz to find crashes and hangs in both the parser and the printer. To get started, run:
git checkout fuzz
./fuzz
$ echo '${array[spaced string]}' | shfmt
1:16: not a valid arithmetic operator: string
$ echo '${array[dash-string]}' | shfmt
${array[dash - string]}
$(( and (( ambiguity is not supported. Backtracking would complicate the
parser and make streaming support via io.Reader impossible. The POSIX spec
recommends to space the operands if $( ( is meant.$ echo '$((foo); (bar))' | shfmt
1:1: reached ) without matching $(( with ))
export and let are parsed as keywords. This is to allow
statically parsing them and building their syntax tree, as opposed to just
keeping the arguments as a slice of arguments.A subset of the Go packages are available as an npm package called mvdan-sh. See the _js directory for more information.
To build a Docker image, checkout a specific version of the repository and run:
docker build -t my:tag -f cmd/shfmt/Dockerfile .
shfmtshfmtshfmtshfmtFAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket's new Alert Details page is designed to surface more context, with a clearer layout, reachability dependency chains, and structured review.
Product
Campaign-level threat intelligence in Socket now shows when active supply chain attacks affect your repositories and packages.
Research
Malicious PyPI package sympy-dev targets SymPy users, a Python symbolic math library with 85 million monthly downloads.