Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

@cronvel/shell-quote

Package Overview
Dependencies
Maintainers
1
Versions
6
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@cronvel/shell-quote

quote and parse shell commands

latest
Source
npmnpm
Version
1.6.7
Version published
Maintainers
1
Created
Source

shell-quote

Parse and quote shell commands.

build status

browser support

example

quote

var quote = require('shell-quote').quote;
var s = quote([ 'a', 'b c d', '$f', '"g"' ]);
console.log(s);

output

a 'b c d' \$f '"g"'

parse

var parse = require('shell-quote').parse;
var xs = parse('a "b c" \\$def \'it\\\'s great\'');
console.dir(xs);

output

[ 'a', 'b c', '\\$def', 'it\'s great' ]

parse with an environment variable

var parse = require('shell-quote').parse;
var xs = parse('beep --boop="$PWD"', { PWD: '/home/robot' });
console.dir(xs);

output

[ 'beep', '--boop=/home/robot' ]

parse with custom escape charcter

var parse = require('shell-quote').parse;
var xs = parse('beep --boop="$PWD"', { PWD: '/home/robot' }, { escape: '^' });
console.dir(xs);

output

[ 'beep', '--boop=/home/robot' ]

parsing shell operators

var parse = require('shell-quote').parse;
var xs = parse('beep || boop > /byte');
console.dir(xs);

output:

[ 'beep', { op: '||' }, 'boop', { op: '>' }, '/byte' ]

parsing shell comment

var parse = require('shell-quote').parse;
var xs = parse('beep > boop # > kaboom');
console.dir(xs);

output:

[ 'beep', { op: '>' }, 'boop', { comment: '> kaboom' } ]

methods

var quote = require('shell-quote').quote;
var parse = require('shell-quote').parse;

quote(args)

Return a quoted string for the array args suitable for using in shell commands.

parse(cmd, env={})

Return an array of arguments from the quoted string cmd.

Interpolate embedded bash-style $VARNAME and ${VARNAME} variables with the env object which like bash will replace undefined variables with "".

env is usually an object but it can also be a function to perform lookups. When env(key) returns a string, its result will be output just like env[key] would. When env(key) returns an object, it will be inserted into the result array like the operator objects.

When a bash operator is encountered, the element in the array with be an object with an "op" key set to the operator string. For example:

'beep || boop > /byte'

parses as:

[ 'beep', { op: '||' }, 'boop', { op: '>' }, '/byte' ]

install

With npm do:

npm install shell-quote

license

MIT

Keywords

shell
command
quote
parse

FAQs

Package last updated on 12 Apr 2017

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Node.js Fixes AsyncLocalStorage Crash Bug That Could Take Down Production Servers

Research

Node.js Fixes AsyncLocalStorage Crash Bug That Could Take Down Production Servers

Node.js patched a crash bug where AsyncLocalStorage could cause stack overflows to bypass error handlers and terminate production servers.

By Sarah Gooding  -  Jan 14, 2026
Malicious Chrome Extension Steals MEXC API Keys for Account Takeover

Research

/

Security News

Malicious Chrome Extension Steals MEXC API Keys for Account Takeover

A malicious Chrome extension steals newly created MEXC API keys, exfiltrates them to Telegram, and enables full account takeover with trading and withdrawal rights.

By Kirill Boychenko  -  Jan 12, 2026