Latest Threat Research:SANDWORM_MODE: Shai-Hulud-Style npm Worm Hijacks CI Workflows and Poisons AI Toolchains.Details
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

glob

Package Overview
Dependencies
Maintainers
1
Versions
168
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

glob - npm Package Compare versions

Comparing version
10.4.5
 to
10.5.0
+2
-2
dist/commonjs/index.d.ts

@@ -94,5 +94,5 @@ import { Minipass } from 'minipass';

hasMagic: (pattern: string | string[], options?: GlobOptions) => boolean;
escape: (s: string, { windowsPathsNoEscape, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape">) => string;
unescape: (s: string, { windowsPathsNoEscape, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape">) => string;
escape: (s: string, { windowsPathsNoEscape, magicalBraces, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape" | "magicalBraces">) => string;
unescape: (s: string, { windowsPathsNoEscape, magicalBraces, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape" | "magicalBraces">) => string;
};
//# sourceMappingURL=index.d.ts.map
+111
-35
dist/esm/bin.mjs

@@ -6,3 +6,3 @@ #!/usr/bin/env node

import { loadPackageJson } from 'package-json-from-dist';
import { join } from 'path';
import { basename, join } from 'path';
import { globStream } from './index.js';

@@ -36,2 +36,46 @@ const { version } = loadPackageJson(import.meta.url, '../package.json');

.flag({
shell: {
default: false,
description: `Interpret the command as a shell command by passing it
to the shell, with all matched filesystem paths appended,
**even if this cannot be done safely**.
This is **not** unsafe (and usually unnecessary) when using
the known Unix shells sh, bash, zsh, and fish, as these can
all be executed in such a way as to pass positional
arguments safely.
**Note**: THIS IS UNSAFE IF THE FILE PATHS ARE UNTRUSTED,
because a path like \`'some/path/\\$\\(cmd)'\` will be
executed by the shell.
If you do have positional arguments that you wish to pass to
the command ahead of the glob pattern matches, use the
\`--cmd-arg\`/\`-g\` option instead.
The next major release of glob will fully remove the ability
to use this option unsafely.`,
},
})
.optList({
'cmd-arg': {
short: 'g',
hint: 'arg',
default: [],
description: `Pass the provided values to the supplied command, ahead of
the glob matches.
For example, the command:
glob -c echo -g"hello" -g"world" *.txt
might output:
hello world a.txt b.txt
This is a safer (and future-proof) alternative than putting
positional arguments in the \`-c\`/\`--cmd\` option.`,
},
})
.flag({
all: {

@@ -79,3 +123,3 @@ short: 'A',

absolute matches on Windows will be expanded to their
full resolved UNC maths, eg instead of 'C:\\foo\\bar',
full resolved UNC paths, eg instead of 'C:\\foo\\bar',
it will expand to '//?/C:/foo/bar'.

@@ -215,4 +259,6 @@ `,

},
})
.flag({
version: {
short: 'V',
description: `Output the version (${version})`,
},
help: {

@@ -225,37 +271,40 @@ short: 'h',

const { positionals, values } = j.parse();
if (values.help) {
const { cmd, shell, all, default: def, version: showVersion, help, absolute, cwd, dot, 'dot-relative': dotRelative, follow, ignore, 'match-base': matchBase, 'max-depth': maxDepth, mark, nobrace, nocase, nodir, noext, noglobstar, platform, realpath, root, stat, debug, posix, 'cmd-arg': cmdArg, } = values;
if (showVersion) {
console.log(version);
process.exit(0);
}
if (help) {
console.log(j.usage());
process.exit(0);
}
if (positionals.length === 0 && !values.default)
//const { shell, help } = values
if (positionals.length === 0 && !def)
throw 'No patterns provided';
if (positionals.length === 0 && values.default)
positionals.push(values.default);
const patterns = values.all ? positionals : positionals.filter(p => !existsSync(p));
const matches = values.all ?
[]
: positionals.filter(p => existsSync(p)).map(p => join(p));
if (positionals.length === 0 && def)
positionals.push(def);
const patterns = all ? positionals : positionals.filter(p => !existsSync(p));
const matches = all ? [] : positionals.filter(p => existsSync(p)).map(p => join(p));
const stream = globStream(patterns, {
absolute: values.absolute,
cwd: values.cwd,
dot: values.dot,
dotRelative: values['dot-relative'],
follow: values.follow,
ignore: values.ignore,
mark: values.mark,
matchBase: values['match-base'],
maxDepth: values['max-depth'],
nobrace: values.nobrace,
nocase: values.nocase,
nodir: values.nodir,
noext: values.noext,
noglobstar: values.noglobstar,
platform: values.platform,
realpath: values.realpath,
root: values.root,
stat: values.stat,
debug: values.debug,
posix: values.posix,
absolute,
cwd,
dot,
dotRelative,
follow,
ignore,
mark,
matchBase,
maxDepth,
nobrace,
nocase,
nodir,
noext,
noglobstar,
platform: platform,
realpath,
root,
stat,
debug,
posix,
});
const cmd = values.cmd;
if (!cmd) {

@@ -266,4 +315,31 @@ matches.forEach(m => console.log(m));

else {
stream.on('data', f => matches.push(f));
stream.on('end', () => foregroundChild(cmd, matches, { shell: true }));
cmdArg.push(...matches);
stream.on('data', f => cmdArg.push(f));
// Attempt to support commands that contain spaces and otherwise require
// shell interpretation, but do NOT shell-interpret the arguments, to avoid
// injections via filenames. This affordance can only be done on known Unix
// shells, unfortunately.
//
// 'bash', ['-c', cmd + ' "$@"', 'bash', ...matches]
// 'zsh', ['-c', cmd + ' "$@"', 'zsh', ...matches]
// 'fish', ['-c', cmd + ' "$argv"', ...matches]
const { SHELL = 'unknown' } = process.env;
const shellBase = basename(SHELL);
const knownShells = ['sh', 'ksh', 'zsh', 'bash', 'fish'];
if ((shell || /[ "']/.test(cmd)) &&
knownShells.includes(shellBase)) {
const cmdWithArgs = `${cmd} "\$${shellBase === 'fish' ? 'argv' : '@'}"`;
if (shellBase !== 'fish') {
cmdArg.unshift(SHELL);
}
cmdArg.unshift('-c', cmdWithArgs);
stream.on('end', () => foregroundChild(SHELL, cmdArg));
}
else {
if (shell) {
process.emitWarning('The --shell option is unsafe, and will be removed. To pass ' +
'positional arguments to the subprocess, use -g/--cmd-arg instead.', 'DeprecationWarning', 'GLOB_SHELL');
}
stream.on('end', () => foregroundChild(cmd, cmdArg, { shell }));
}
}

@@ -270,0 +346,0 @@ }

+2
-2
dist/esm/index.d.ts

@@ -94,5 +94,5 @@ import { Minipass } from 'minipass';

hasMagic: (pattern: string | string[], options?: GlobOptions) => boolean;
escape: (s: string, { windowsPathsNoEscape, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape">) => string;
unescape: (s: string, { windowsPathsNoEscape, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape">) => string;
escape: (s: string, { windowsPathsNoEscape, magicalBraces, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape" | "magicalBraces">) => string;
unescape: (s: string, { windowsPathsNoEscape, magicalBraces, }?: Pick<import("minimatch").MinimatchOptions, "windowsPathsNoEscape" | "magicalBraces">) => string;
};
//# sourceMappingURL=index.d.ts.map
+1
-1
package.json

@@ -8,3 +8,3 @@ {

"description": "the most correct and second fastest glob implementation in JavaScript",
"version": "10.4.5",
"version": "10.5.0",
"type": "module",

@@ -11,0 +11,0 @@ "tshy": {

dist/commonjs/has-magic.d.ts.map

Sorry, the diff of this file is not supported yet

dist/esm/bin.mjs.map

Sorry, the diff of this file is not supported yet

dist/esm/has-magic.d.ts.map

Sorry, the diff of this file is not supported yet