@npmcli/run-script
Advanced tools
@npmcli/run-script - npm Package Compare versions
Comparing version 4.2.0 to 4.2.1
@@ -39,10 +39,7 @@ 'use strict' | ||
| // and finally, prefix shell meta chars with a ^ | ||
| result = result.replace(/[ !^&()<>|"]/g, '^$&') | ||
| result = result.replace(/[ !%^&()<>|"]/g, '^$&') | ||
| if (doubleEscape) { | ||
| result = result.replace(/[ !^&()<>|"]/g, '^$&') | ||
| result = result.replace(/[ !%^&()<>|"]/g, '^$&') | ||
| } | ||
| // except for % which is escaped with another %, and only once | ||
| result = result.replace(/%/g, '%%') | ||
| return result | ||
@@ -69,11 +66,5 @@ } | ||
| // disabling the no-control-regex rule for this line as we very specifically _do_ want to | ||
| // replace those characters if they somehow exist at this point, which is highly unlikely | ||
| // eslint-disable-next-line no-control-regex | ||
| const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x1F]/g, '') | ||
| module.exports = { | ||
| cmd, | ||
| sh, | ||
| filename, | ||
| } |
| /* eslint camelcase: "off" */ | ||
| const isWindows = require('./is-windows.js') | ||
| const setPATH = require('./set-path.js') | ||
| const { unlinkSync: unlink, writeFileSync: writeFile } = require('fs') | ||
| const { tmpdir } = require('os') | ||
| const { resolve } = require('path') | ||
@@ -10,10 +8,3 @@ const which = require('which') | ||
| const escape = require('./escape.js') | ||
| const { randomBytes } = require('crypto') | ||
| const translateWinPathToPosix = (path) => { | ||
| return path | ||
| .replace(/^([A-z]):/, '/$1') | ||
| .replace(/\\/g, '/') | ||
| } | ||
| const makeSpawnArgs = options => { | ||
@@ -42,6 +33,3 @@ const { | ||
| const fileName = escape.filename(`${event}-${randomBytes(4).toString('hex')}`) | ||
| let scriptFile | ||
| let script = '' | ||
| let doubleEscape = false | ||
| const isCmd = /(?:^|\\)cmd(?:\.exe)?$/i.test(scriptShell) | ||
@@ -73,22 +61,14 @@ if (isCmd) { | ||
| const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat') | ||
| doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat') | ||
| } | ||
| scriptFile = resolve(tmpdir(), `${fileName}.cmd`) | ||
| script += '@echo off\n' | ||
| script += cmd | ||
| if (args.length) { | ||
| script += ` ${args.map((arg) => escape.cmd(arg, doubleEscape)).join(' ')}` | ||
| } | ||
| } else { | ||
| scriptFile = resolve(tmpdir(), `${fileName}.sh`) | ||
| script = cmd | ||
| if (args.length) { | ||
| script += ` ${args.map((arg) => escape.sh(arg)).join(' ')}` | ||
| } | ||
| let script = cmd | ||
| for (const arg of args) { | ||
| script += isCmd | ||
| ? ` ${escape.cmd(arg, doubleEscape)}` | ||
| : ` ${escape.sh(arg)}` | ||
| } | ||
| writeFile(scriptFile, script) | ||
| const spawnArgs = isCmd | ||
| ? ['/d', '/s', '/c', escape.cmd(scriptFile)] | ||
| : [isWindows ? translateWinPathToPosix(scriptFile) : scriptFile] | ||
| ? ['/d', '/s', '/c', script] | ||
| : ['-c', '--', script] | ||
@@ -103,14 +83,5 @@ const spawnOpts = { | ||
| const cleanup = () => { | ||
| // delete the script, this is just a best effort | ||
| try { | ||
| unlink(scriptFile) | ||
| } catch (err) { | ||
| // ignore errors | ||
| } | ||
| } | ||
| return [scriptShell, spawnArgs, spawnOpts, cleanup] | ||
| return [scriptShell, spawnArgs, spawnOpts] | ||
| } | ||
| module.exports = makeSpawnArgs |
@@ -9,4 +9,13 @@ const makeSpawnArgs = require('./make-spawn-args.js') | ||
| // you wouldn't like me when I'm angry... | ||
| const bruce = (id, event, cmd) => | ||
| `\n> ${id ? id + ' ' : ''}${event}\n> ${cmd.trim().replace(/\n/g, '\n> ')}\n` | ||
| const bruce = (id, event, cmd, args) => { | ||
| let banner = id | ||
| ? `\n> ${id} ${event}\n` | ||
| : `\n> ${event}\n` | ||
| banner += `> ${cmd.trim().replace(/\n/g, '\n> ')}` | ||
| if (args.length) { | ||
| banner += ` ${args.join(' ')}` | ||
| } | ||
| banner += '\n' | ||
| return banner | ||
| } | ||
@@ -56,6 +65,6 @@ const runScriptPkg = async options => { | ||
| // we're dumping to the parent's stdout, so print the banner | ||
| console.log(bruce(pkg._id, event, cmd)) | ||
| console.log(bruce(pkg._id, event, cmd, args)) | ||
| } | ||
| const [spawnShell, spawnArgs, spawnOpts, cleanup] = makeSpawnArgs({ | ||
| const [spawnShell, spawnArgs, spawnOpts] = makeSpawnArgs({ | ||
| event, | ||
@@ -98,5 +107,5 @@ path, | ||
| } | ||
| }).finally(cleanup) | ||
| }) | ||
| } | ||
| module.exports = runScriptPkg |
| { | ||
| "name": "@npmcli/run-script", | ||
| "version": "4.2.0", | ||
| "version": "4.2.1", | ||
| "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", | ||
@@ -5,0 +5,0 @@ "author": "GitHub Inc.", |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Number of low supply chain risk alerts
- decreased by-25%
3
Worsened metrics
- Total package byte prevSize
- decreased by-5.32%
20578
- Lines of code
- decreased by-5.56%
391
No dependency changes