- Big update!Announcing Socket for GitHub 1.0. Learn more →
shell-quote
Advanced tools
shell-quote
quote and parse shell commands
- 1.7.3latest
- Version published
- Maintainers
- 4
- Weekly downloads
- 12,969,670
- decreased by-0.07%
Weekly downloads
Changelog
1.7.3
- Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)
Readme
shell-quote
Parse and quote shell commands.
example
quote
var quote = require('shell-quote').quote;
var s = quote([ 'a', 'b c d', '$f', '"g"' ]);
console.log(s);
output
a 'b c d' \$f '"g"'
parse
var parse = require('shell-quote').parse;
var xs = parse('a "b c" \\$def \'it\\\'s great\'');
console.dir(xs);
output
[ 'a', 'b c', '\\$def', 'it\'s great' ]
parse with an environment variable
var parse = require('shell-quote').parse;
var xs = parse('beep --boop="$PWD"', { PWD: '/home/robot' });
console.dir(xs);
output
[ 'beep', '--boop=/home/robot' ]
parse with custom escape character
var parse = require('shell-quote').parse;
var xs = parse('beep --boop="$PWD"', { PWD: '/home/robot' }, { escape: '^' });
console.dir(xs);
output
[ 'beep', '--boop=/home/robot' ]
parsing shell operators
var parse = require('shell-quote').parse;
var xs = parse('beep || boop > /byte');
console.dir(xs);
output:
[ 'beep', { op: '||' }, 'boop', { op: '>' }, '/byte' ]
parsing shell comment
var parse = require('shell-quote').parse;
var xs = parse('beep > boop # > kaboom');
console.dir(xs);
output:
[ 'beep', { op: '>' }, 'boop', { comment: '> kaboom' } ]
methods
var quote = require('shell-quote').quote;
var parse = require('shell-quote').parse;
quote(args)
Return a quoted string for the array args suitable for using in shell
commands.
parse(cmd, env={})
Return an array of arguments from the quoted string cmd.
Interpolate embedded bash-style $VARNAME and ${VARNAME} variables with
the env object which like bash will replace undefined variables with "".
env is usually an object but it can also be a function to perform lookups.
When env(key) returns a string, its result will be output just like env[key]
would. When env(key) returns an object, it will be inserted into the result
array like the operator objects.
When a bash operator is encountered, the element in the array with be an object
with an "op" key set to the operator string. For example:
'beep || boop > /byte'
parses as:
[ 'beep', { op: '||' }, 'boop', { op: '>' }, '/byte' ]
install
With npm do:
npm install shell-quote
license
MIT
FAQs
What is shell-quote?
quote and parse shell commands
Is shell-quote popular?
The npm package shell-quote receives a total of 12,379,509 weekly downloads. As such, shell-quote popularity was classified as popular.
Is shell-quote well maintained?
We found that shell-quote demonstrated a healthy version release cadence and project activity. It has 4 open source maintainers collaborating on the project.