Big update!Announcing Socket for GitHub 1.0. Learn more
Socket
BlogLoveFAQ
Install
Log in

shell-quote

Package Overview
Dependencies
0
Maintainers
4
Versions
24
Issues
File Explorer

Advanced tools

shell-quote

quote and parse shell commands

    1.7.3latest

Version published
Maintainers
4
Weekly downloads
12,969,670
decreased by-0.07%

Weekly downloads

Changelog

Source

1.7.3

  • Fix a security issue where the regex for windows drive letters allowed some shell meta-characters to escape the quoting rules. (CVE-2021-42740)

Readme

Source

shell-quote

Parse and quote shell commands.

example

quote

var quote = require('shell-quote').quote; var s = quote([ 'a', 'b c d', '$f', '"g"' ]); console.log(s);

output

a 'b c d' \$f '"g"'

parse

var parse = require('shell-quote').parse; var xs = parse('a "b c" \\$def \'it\\\'s great\''); console.dir(xs);

output

[ 'a', 'b c', '\\$def', 'it\'s great' ]

parse with an environment variable

var parse = require('shell-quote').parse; var xs = parse('beep --boop="$PWD"', { PWD: '/home/robot' }); console.dir(xs);

output

[ 'beep', '--boop=/home/robot' ]

parse with custom escape character

var parse = require('shell-quote').parse; var xs = parse('beep --boop="$PWD"', { PWD: '/home/robot' }, { escape: '^' }); console.dir(xs);

output

[ 'beep', '--boop=/home/robot' ]

parsing shell operators

var parse = require('shell-quote').parse; var xs = parse('beep || boop > /byte'); console.dir(xs);

output:

[ 'beep', { op: '||' }, 'boop', { op: '>' }, '/byte' ]

parsing shell comment

var parse = require('shell-quote').parse; var xs = parse('beep > boop # > kaboom'); console.dir(xs);

output:

[ 'beep', { op: '>' }, 'boop', { comment: '> kaboom' } ]

methods

var quote = require('shell-quote').quote; var parse = require('shell-quote').parse;

quote(args)

Return a quoted string for the array args suitable for using in shell commands.

parse(cmd, env={})

Return an array of arguments from the quoted string cmd.

Interpolate embedded bash-style $VARNAME and ${VARNAME} variables with the env object which like bash will replace undefined variables with "".

env is usually an object but it can also be a function to perform lookups. When env(key) returns a string, its result will be output just like env[key] would. When env(key) returns an object, it will be inserted into the result array like the operator objects.

When a bash operator is encountered, the element in the array with be an object with an "op" key set to the operator string. For example:

'beep || boop > /byte'

parses as:

[ 'beep', { op: '||' }, 'boop', { op: '>' }, '/byte' ]

install

With npm do:

npm install shell-quote

license

MIT

Keywords

FAQs

What is shell-quote?

quote and parse shell commands

Is shell-quote popular?

The npm package shell-quote receives a total of 12,379,509 weekly downloads. As such, shell-quote popularity was classified as popular.

Is shell-quote well maintained?

We found that shell-quote demonstrated a healthy version release cadence and project activity. It has 4 open source maintainers collaborating on the project.

Last updated on 21 Oct 2021
Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc