Socket
Socket
Sign inDemoInstall

shescape

Package Overview
Dependencies
Maintainers
1
Versions
51
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

shescape - npm Package Compare versions

Comparing version 1.1.2 to 1.1.3

4

CHANGELOG.md

@@ -12,2 +12,6 @@ # Changelog

## [1.1.3] - 2021-03-13
- Strip null characters from arguments.
## [1.1.2] - 2021-01-07

@@ -14,0 +18,0 @@

6

index.js

@@ -11,3 +11,3 @@ /**

* @module shescape
* @version 1.1.2
* @version 1.1.3
* @license MPL-2.0

@@ -74,3 +74,3 @@ * @author Eric Cornelissen <ericornelissen@gmail.com>

const platform = os.platform();
return main.quoteByPlatform(arg, platform);
return main.quoteShellArgByPlatform(arg, platform);
};

@@ -96,3 +96,3 @@

for (const arg of args) {
const safeArg = main.quoteByPlatform(arg, platform);
const safeArg = main.quoteShellArgByPlatform(arg, platform);
result.push(safeArg);

@@ -99,0 +99,0 @@ }

4

package.json
{
"name": "shescape",
"version": "1.1.2",
"version": "1.1.3",
"description": "simple shell escape library",

@@ -39,3 +39,3 @@ "homepage": "https://ericcornelissen.github.io/shescape/",

"husky": "^5.0.4",
"is-ci": "^2.0.0",
"is-ci": "^3.0.0",
"jsfuzz": "^1.0.14",

@@ -42,0 +42,0 @@ "mocha": "^8.2.0",

3

README.md

@@ -5,2 +5,3 @@ # Shescape

[![Coverage Report][coverage-image]][coverage-url]
[![quality Report][quality-image]][quality-url]
[![NPM Package][npm-image]][npm-url]

@@ -33,2 +34,4 @@ [![Documentation][docs-image]][docs-url]

[coverage-image]: https://codecov.io/gh/ericcornelissen/shescape/branch/main/graph/badge.svg
[quality-url]: https://codeclimate.com/github/ericcornelissen/shescape/maintainability
[quality-image]: https://api.codeclimate.com/v1/badges/6eb1a10f41cf6950b6ce/maintainability
[npm-url]: https://www.npmjs.com/package/shescape

@@ -35,0 +38,0 @@ [npm-image]: https://img.shields.io/npm/v/shescape.svg

8

SECURITY.md

@@ -8,6 +8,6 @@ # Security Policy

| Version | Supported | Until |
| ------- | ------------------ | ---------------- |
| 1.x.x | :white_check_mark: | _current_ |
| < 1.0.0 | :white_check_mark: | 01 February 2021 |
| Version | Supported |
| ------: | ------------------ |
| 1.x.x | :white_check_mark: |
| 0.x.x | :x: |

@@ -14,0 +14,0 @@ ## Reporting a Vulnerability

13

src/constants.js

@@ -0,3 +1,16 @@

/**
* @overview Contains constants that may be used in multiple modules.
* @license MPL-2.0
* @author Eric Cornelissen <ericornelissen@gmail.com>
*/
/**
* @constant {string} typeError The error message for incorrect parameter types.
*/
module.exports.typeError =
"Shescape requires strings or values that can be converted into a string using .toString()";
/**
* @constant {string} win32 The string identifying Windows systems.
*/
module.exports.win32 = "win32";

38

src/main.js

@@ -0,1 +1,8 @@

/**
* @overview Contains functionality to escape and quote shell arguments on any
* operating system.
* @license MPL-2.0
* @author Eric Cornelissen <ericornelissen@gmail.com>
*/
const { typeError, win32 } = require("./constants.js");

@@ -5,2 +12,8 @@ const unix = require("./unix.js");

/**
* Check if a value can be converted into a string.
*
* @param {any} value The value of interest.
* @returns {boolean} `true` iff `value` can be converted into a string.
*/
function isStringable(value) {

@@ -14,2 +27,12 @@ if (value === undefined || value === null) {

/**
* Take a value and escape any dangerous characters.
*
* Non-string inputs will be converted to strings using a `toString()` method.
*
* @param {string} arg The argument to escape.
* @param {string} platform The platform to escape the argument for.
* @returns {string} The escaped argument.
* @throws {TypeError} The argument is not stringable.
*/
function escapeShellArgByPlatform(arg, platform) {

@@ -33,3 +56,14 @@ let argAsString = arg;

function quoteByPlatform(arg, platform) {
/**
* Take a value, put OS-specific quotes around it, and escape any dangerous
* characters.
*
* Non-string inputs will be converted to strings using a `toString()` method.
*
* @param {string} arg The argument to escape and quote.
* @param {string} platform The platform to escape and quote the argument for.
* @returns {string} The escaped argument.
* @throws {TypeError} The argument is not stringable.
*/
function quoteShellArgByPlatform(arg, platform) {
const safeArg = escapeShellArgByPlatform(arg, platform);

@@ -45,2 +79,2 @@ switch (platform) {

module.exports.escapeShellArgByPlatform = escapeShellArgByPlatform;
module.exports.quoteByPlatform = quoteByPlatform;
module.exports.quoteShellArgByPlatform = quoteShellArgByPlatform;

14

src/unix.js

@@ -0,5 +1,17 @@

/**
* @overview Contains functionality specifically for Unix systems.
* @license MPL-2.0
* @author Eric Cornelissen <ericornelissen@gmail.com>
*/
/**
* Escape a shell argument.
*
* @param {string} arg The argument to escape.
* @returns {string} The escaped argument.
*/
function escapeShellArg(arg) {
return arg.replace(/'/g, `'\\''`);
return arg.replace(/\u{0}/gu, "").replace(/'/g, `'\\''`);
}
module.exports.escapeShellArg = escapeShellArg;

14

src/win.js

@@ -0,5 +1,17 @@

/**
* @overview Contains functionality specifically for Windows systems.
* @license MPL-2.0
* @author Eric Cornelissen <ericornelissen@gmail.com>
*/
/**
* Escape a shell argument.
*
* @param {string} arg The argument to escape.
* @returns {string} The escaped argument.
*/
function escapeShellArg(arg) {
return arg.replace(/"/g, `""`);
return arg.replace(/\u{0}/gu, "").replace(/"/g, `""`);
}
module.exports.escapeShellArg = escapeShellArg;
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc