
Security News
Browserslist-rs Gets Major Refactor, Cutting Binary Size by Over 1MB
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
Manipulate strings according to the word parsing rules of the UNIX Bourne shell.
The shellwords package is designed to manipulate strings according to the word parsing rules of the UNIX Bourne shell. It provides functionality for splitting a string into an array of tokens in the same way the shell would and for escaping and joining words into a single string that can be safely used in a shell command.
Splitting a string into an array of tokens
This feature allows you to split a command line string into an array of tokens, similar to how a UNIX shell would. It's useful for parsing command line arguments or processing shell commands within a Node.js application.
"const shellwords = require('shellwords');
const cmd = 'ls -la /some/path with spaces';
const tokens = shellwords.split(cmd);
console.log(tokens);"
Escaping and joining words into a shell command
This feature enables you to take an array of command line arguments and join them into a single string that is safe to use in a shell command. It automatically escapes any characters that have special meaning in the shell, making it easier to construct shell commands programmatically.
"const shellwords = require('shellwords');
const args = ['ls', '-la', '/some/path with spaces'];
const cmd = shellwords.join(args);
console.log(cmd);"
Similar to shellwords, shell-quote provides functionality for quoting and parsing shell commands. It differs in its approach to handling special characters and offers more customization options for parsing, making it a versatile alternative for complex shell command manipulations.
Shlex is a port of Python's shlex module for Node.js. It offers similar functionality to shellwords, focusing on splitting shell commands into tokens. Shlex might be preferred in environments where developers are more familiar with Python's way of handling shell strings.
Shellwords provides functions to manipulate strings according to the word parsing rules of the UNIX Bourne shell. It is based on the Ruby module of the same name.
With npm:
npm install shellwords
With pnpm:
pnpm add shellwords
With Yarn:
yarn add shellwords
Shellwords exports the following functions, shown here in the TypeScript declaration file format.
/**
* Splits a string into an array of tokens in the same way the UNIX Bourne shell does.
*
* @param line A string to split.
* @returns An array of the split tokens.
*/
export declare const split: (line?: string) => string[];
/**
* Escapes a string so that it can be safely used in a Bourne shell command line.
*
* @param str A string to escape.
* @returns The escaped string.
*/
export declare const escape: (str?: string) => string;
/**
* Builds a command line string from an argument list.
*
* @param array An array of string arguments.
* @returns The command line string.
*/
export const join = (array: string[]) => string;
import { escape, split, join } from "shellwords";
split("foo 'bar baz'");
// ["foo", "bar baz"]
escape("What's up, yo?");
// 'What\\\'s\\ up,\\ yo\\?'
join(["What's", "up,", "gang?");
// 'What\\\'s up, gang\\?'
shellwords is released under the MIT license. See LICENSE
.
FAQs
Manipulate strings according to the word parsing rules of the UNIX Bourne shell.
The npm package shellwords receives a total of 6,476,181 weekly downloads. As such, shellwords popularity was classified as popular.
We found that shellwords demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Browserslist-rs now uses static data to reduce binary size by over 1MB, improving memory use and performance for Rust-based frontend tools.
Research
Security News
Eight new malicious Firefox extensions impersonate games, steal OAuth tokens, hijack sessions, and exploit browser permissions to spy on users.
Security News
The official Go SDK for the Model Context Protocol is in development, with a stable, production-ready release expected by August 2025.