shelljs-exec-proxy
Advanced tools
Unleash the power of unlimited ShellJS commands... with ES6 Proxies!
Do you like ShellJS, but wish it had your
favorite commands? Skip the weird exec() calls by using shelljs-exec-proxy:
// Our goal: make a commit: `$ git commit -am "I'm updating the \"foo\" module to be more secure"`
// Standard ShellJS requires the exec function, with confusing string escaping:
shell.exec('git commit -am "I\'m updating the \\"foo\\" module to be more secure"');
// Skip the extra string escaping with shelljs-exec-proxy!
shell.git.commit('-am', `I'm updating the "foo" module to be more secure`);
Important: This is only available for Node v6+ (it requires ES6 Proxies!)
$ npm install --save shelljs-exec-proxy
const shell = require('shelljs-exec-proxy');
shell.git.status();
shell.git.add('.');
shell.git.commit('-am', 'Fixed issue #1');
shell.git.push('origin', 'master');
Current versions of ShellJS export the .exec() method, which if not used
carefully, could introduce command injection Vulnerabilities to your module.
Here's an insecure code snippet:
shell.ls('dir/*.txt').forEach(file => {
shell.exec('git add ' + file);
}
This leaves you vulnerable to files like:
| Example file name | Unintended behavior |
|---|---|
File 1.txt | This tries to add both File and 1.txt, instead of File 1.txt |
foo;rm -rf * | This executes both git add foo and rm -rf *, unexpectedly deleting your files! |
ThisHas"quotes'.txt | This tries running git add ThisHas"quotes'.txt, producing a Bash syntax error |
shelljs-exec-proxy solves all these problems:
shell.ls('dir/*.txt').forEach(file => {
shell.git.add(file);
}
| Example file name | Behavior |
|---|---|
File 1.txt | Arguments are automatically quoted, so spaces aren't an issue |
foo;rm -rf * | Only one command runs at a time (semicolons are treated literally) and wildcards aren't expanded |
ThisHas"quotes'.txt | Quote characters are automatically escaped for you, so there are never any issues |
FAQs
Unlimited shelljs commands with ES6 proxies
The npm package shelljs-exec-proxy receives a total of 455 weekly downloads. As such, shelljs-exec-proxy popularity was classified as not popular.
We found that shelljs-exec-proxy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
Product
Socket now supports uv.lock files to ensure consistent, secure dependency resolution for Python projects and enhance supply chain security.