cross-spawn - npm Package Compare versions

Comparing version 6.0.3 to 6.0.4

CHANGELOG.md

@@ -5,2 +5,12 @@ # Change Log
 
+<a name="6.0.4"></a>
+## [6.0.4](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.3...v6.0.4) (2018-01-31)
+
+
+### Bug Fixes
+
+* fix paths being incorrectly normalized on unix ([06ee3c6](https://github.com/moxystudio/node-cross-spawn/commit/06ee3c6)), closes [#90](https://github.com/moxystudio/node-cross-spawn/issues/90)
+
+
+
 <a name="6.0.3"></a>
@@ -7,0 +17,0 @@ ## [6.0.3](https://github.com/moxystudio/node-cross-spawn/compare/v6.0.2...v6.0.3) (2018-01-23)

lib/parse.js

@@ -52,2 +52,6 @@ 'use strict';
 
+        // Normalize posix paths into OS compatible paths (e.g.: foo/bar -> foo\bar)
+        // This is necessary otherwise it will always fail with ENOENT in those cases
+        parsed.command = path.normalize(parsed.command);
+
         // Escape command & arguments
@@ -108,3 +112,3 @@ parsed.command = escape.command(parsed.command);
     const parsed = {
-        command: path.normalize(command),
+        command,
         args,
@@ -111,0 +115,0 @@ options,

lib/util/resolveCommand.js

@@ -7,11 +7,36 @@ 'use strict';
 
-function resolveCommandAttempt(parsed, withPathExt) {
-    withPathExt = !!withPathExt;
+function resolveCommandAttempt(parsed, withoutPathExt) {
+    const cwd = process.cwd();
+    const hasCustomCwd = parsed.options.cwd != null;
 
+    // If a custom `cwd` was specified, we need to change the process cwd
+    // because `which` will do stat calls but does not support a custom cwd
+    if (hasCustomCwd) {
+        try {
+            process.chdir(parsed.options.cwd);
+        } catch (err) {
+            /* Empty */
+        }
+    }
+
+    let resolved;
+
     try {
-        return which.sync(parsed.command, {
+        resolved = which.sync(parsed.command, {
             path: (parsed.options.env || process.env)[pathKey],
-            pathExt: withPathExt && process.env.PATHEXT ? path.delimiter + process.env.PATHEXT : undefined,
+            pathExt: withoutPathExt ? path.delimiter : undefined,
         });
-    } catch (e) { /* Empty */ }
+    } catch (e) {
+        /* Empty */
+    } finally {
+        process.chdir(cwd);
+    }
+
+    // If we successfully resolved, ensure that an absolute path is returned
+    // Note that when a custom `cwd` was used, we need to resolve to an absolute path based on it
+    if (resolved) {
+        resolved = path.resolve(hasCustomCwd ? parsed.options.cwd : '', resolved);
+    }
+
+    return resolved;
 }
@@ -18,0 +43,0 @@

package.json

 {
   "name": "cross-spawn",
-  "version": "6.0.3",
+  "version": "6.0.4",
   "description": "Cross platform child_process#spawn and child_process#spawnSync",
@@ -5,0 +5,0 @@ "keywords": [

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 1 instance in 1 package

Fixed alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 2 instances in 1 package

Improved metrics

Total package byte prevSize

20713

increased by6.34%

Lines of code

259

increased by10.21%

No dependency changes