Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
shescape - npm Package Compare versions
Comparing version 1.5.9 to 1.5.10
@@ -12,2 +12,9 @@ # Changelog | ||
| ## [1.5.10] - 2022-08-21 | ||
| - Fix potential polynomial backtracking in regular expression for Bash escaping | ||
| with `{interpolation:true}`. ([#373]) | ||
| - Fix potential quadratic runtime regular expressions for Bash escaping with | ||
| `{interpolation:true}`. ([#373]) | ||
| ## [1.5.9] - 2022-07-28 | ||
@@ -175,3 +182,4 @@ | ||
| [#354]: https://github.com/ericcornelissen/shescape/pull/354 | ||
| [#373]: https://github.com/ericcornelissen/shescape/pull/373 | ||
| [keep a changelog]: https://keepachangelog.com/en/1.0.0/ | ||
| [semantic versioning]: https://semver.org/spec/v2.0.0.html |
@@ -6,2 +6,5 @@ # Shescape Recipes | ||
| Please [open an issue] if you found a mistake or if you have a suggestion for | ||
| how to improve the documentation. | ||
| ## [`node:child_process`] | ||
@@ -275,5 +278,5 @@ | ||
| > **Warning**: Using `execFileSync` with a shell may result in `args` not being | ||
| > passed properly to the `command`, depending on the shell being used. See | ||
| > [nodejs/node#43333]. | ||
| > **Warning**: Due to a bug in Node.js (<18.7.0), using `execFileSync` with a | ||
| > shell may result in `args` not being passed properly to the `command`, | ||
| > depending on the shell being used. See [nodejs/node#43333]. | ||
@@ -532,1 +535,2 @@ ```js | ||
| [nodejs/node#43333]: https://github.com/nodejs/node/issues/43333 | ||
| [open an issue]: https://github.com/ericcornelissen/shescape/issues/new?labels=documentation&template=documentation.md |
@@ -11,3 +11,3 @@ /** | ||
| * @module shescape | ||
| * @version 1.5.9 | ||
| * @version 1.5.10 | ||
| * @license MPL-2.0 | ||
@@ -14,0 +14,0 @@ */ |
| { | ||
| "name": "shescape", | ||
| "version": "1.5.9", | ||
| "version": "1.5.10", | ||
| "description": "simple shell escape library", | ||
@@ -29,2 +29,3 @@ "homepage": "https://ericcornelissen.github.io/shescape/", | ||
| "lint": "npm run _prettier -- --check", | ||
| "eslint": "eslint . --ext .js,.cjs", | ||
| "prepare": "is-ci || husky install script/hooks", | ||
@@ -70,2 +71,4 @@ "prepublishOnly": "npm run transpile", | ||
| "dotenv": "16.0.1", | ||
| "eslint": "8.22.0", | ||
| "eslint-plugin-regexp": "1.8.0", | ||
| "fast-check": "3.1.1", | ||
@@ -77,3 +80,3 @@ "husky": "8.0.1", | ||
| "prettier": "2.7.1", | ||
| "rollup": "2.77.1", | ||
| "rollup": "2.78.1", | ||
| "sinon": "14.0.0", | ||
@@ -80,0 +83,0 @@ "unimported": "1.21.0" |
@@ -6,3 +6,3 @@ # Shescape | ||
| [![Mutation Report][mutation-image]][mutation-url] | ||
| [![quality Report][quality-image]][quality-url] | ||
| [![Quality Report][quality-image]][quality-url] | ||
| [![NPM Package][npm-image]][npm-url] | ||
@@ -213,2 +213,7 @@ | ||
| --- | ||
| Please [open an issue] if you found a mistake or if you have a suggestion for | ||
| how to improve the documentation. | ||
| [ci-url]: https://github.com/ericcornelissen/shescape/actions/workflows/push-checks.yml | ||
@@ -227,2 +232,3 @@ [ci-image]: https://img.shields.io/github/workflow/status/ericcornelissen/shescape/Push%20checks/main?logo=github | ||
| [license]: https://github.com/ericcornelissen/shescape/blob/main/LICENSE | ||
| [open an issue]: https://github.com/ericcornelissen/shescape/issues/new?labels=documentation&template=documentation.md | ||
| [recipes]: docs/recipes.md | ||
@@ -229,0 +235,0 @@ [security]: https://github.com/ericcornelissen/shescape/blob/main/SECURITY.md |
@@ -24,2 +24,9 @@ # Security Policy | ||
| ## Advisories | ||
| - `CVE-2021-21384` (2021-03-19) | ||
| - `CVE-2022-24725` (2022-03-03) | ||
| - `CVE-2022-31179` (2022-07-26) | ||
| - `CVE-2022-31180` (2022-07-26) | ||
| ## Acknowledgments | ||
@@ -26,0 +33,0 @@ |
@@ -30,3 +30,3 @@ /** | ||
| } catch (_) { | ||
| // for backwards compatibility return the executable even if its location | ||
| // For backwards compatibility return the executable even if its location | ||
| // cannot be obtained | ||
@@ -37,3 +37,3 @@ return executable; | ||
| if (!exists(executable)) { | ||
| // for backwards compatibility return the executable even if there exists no | ||
| // For backwards compatibility return the executable even if there exists no | ||
| // file at the specified path | ||
@@ -40,0 +40,0 @@ return executable; |
@@ -44,17 +44,19 @@ /** | ||
| function escapeArgBash(arg, interpolation, quoted) { | ||
| let result = arg.replace(/\u0000/g, ""); | ||
| let result = arg.replace(/\0/gu, ""); | ||
| if (interpolation) { | ||
| result = result | ||
| .replace(/\\/g, "\\\\") | ||
| .replace(/\n/g, " ") | ||
| .replace(/(^|\s)(~|#)/g, "$1\\$2") | ||
| .replace(/(\*|\?)/g, "\\$1") | ||
| .replace(/(\$|\;|\&|\|)/g, "\\$1") | ||
| .replace(/(\(|\)|\<|\>)/g, "\\$1") | ||
| .replace(/("|'|`)/g, "\\$1") | ||
| .replace(/\{(?=([^]*?(?:\,|\.)[^]*?)\})/g, "\\{") | ||
| .replace(/(?<=\=(?:[^]*?:)?)(~)(?=\:|\=|\-|\+|\/|0|\s|$)/g, "\\$1"); | ||
| .replace(/\\/gu, "\\\\") | ||
| .replace(/\n/gu, " ") | ||
| .replace(/(^|\s)([#~])/gu, "$1\\$2") | ||
| .replace(/([*?])/gu, "\\$1") | ||
| .replace(/([$&;|])/gu, "\\$1") | ||
| .replace(/([()<>])/gu, "\\$1") | ||
| .replace(/(["'`])/gu, "\\$1") | ||
| .replace(/(?<!\{)\{+(?=(?:[^{][^,.]*)?[,.][^}]*\})/gu, (curlyBraces) => | ||
| curlyBraces.replace(/\{/gu, "\\{") | ||
| ) | ||
| .replace(/(?<=[:=])(~)(?=[\s+\-/0:=]|$)/gu, "\\$1"); | ||
| } else if (quoted) { | ||
| result = result.replace(/'/g, `'\\''`); | ||
| result = result.replace(/'/gu, `'\\''`); | ||
| } | ||
@@ -74,15 +76,15 @@ | ||
| function escapeArgDash(arg, interpolation, quoted) { | ||
| let result = arg.replace(/\u0000/g, ""); | ||
| let result = arg.replace(/\0/gu, ""); | ||
| if (interpolation) { | ||
| result = result | ||
| .replace(/\\/g, "\\\\") | ||
| .replace(/\n/g, " ") | ||
| .replace(/(^|\s)(~|#)/g, "$1\\$2") | ||
| .replace(/(\*|\?)/g, "\\$1") | ||
| .replace(/(\$|\;|\&|\|)/g, "\\$1") | ||
| .replace(/(\(|\)|\<|\>)/g, "\\$1") | ||
| .replace(/("|'|`)/g, "\\$1"); | ||
| .replace(/\\/gu, "\\\\") | ||
| .replace(/\n/gu, " ") | ||
| .replace(/(^|\s)([#~])/gu, "$1\\$2") | ||
| .replace(/([*?])/gu, "\\$1") | ||
| .replace(/([$&;|])/gu, "\\$1") | ||
| .replace(/([()<>])/gu, "\\$1") | ||
| .replace(/(["'`])/gu, "\\$1"); | ||
| } else if (quoted) { | ||
| result = result.replace(/'/g, `'\\''`); | ||
| result = result.replace(/'/gu, `'\\''`); | ||
| } | ||
@@ -102,16 +104,16 @@ | ||
| function escapeArgZsh(arg, interpolation, quoted) { | ||
| let result = arg.replace(/\u0000/g, ""); | ||
| let result = arg.replace(/\0/gu, ""); | ||
| if (interpolation) { | ||
| result = result | ||
| .replace(/\\/g, "\\\\") | ||
| .replace(/\n/g, " ") | ||
| .replace(/(^|\s)(~|#|=)/g, "$1\\$2") | ||
| .replace(/(\*|\?)/g, "\\$1") | ||
| .replace(/(\$|\;|\&|\|)/g, "\\$1") | ||
| .replace(/(\(|\)|\<|\>)/g, "\\$1") | ||
| .replace(/("|'|`)/g, "\\$1") | ||
| .replace(/(\[|\]|\{|\})/g, "\\$1"); | ||
| .replace(/\\/gu, "\\\\") | ||
| .replace(/\n/gu, " ") | ||
| .replace(/(^|\s)([#=~])/gu, "$1\\$2") | ||
| .replace(/([*?])/gu, "\\$1") | ||
| .replace(/([$&;|])/gu, "\\$1") | ||
| .replace(/([()<>])/gu, "\\$1") | ||
| .replace(/(["'`])/gu, "\\$1") | ||
| .replace(/([[\]{}])/gu, "\\$1"); | ||
| } else if (quoted) { | ||
| result = result.replace(/'/g, `'\\''`); | ||
| result = result.replace(/'/gu, `'\\''`); | ||
| } | ||
@@ -118,0 +120,0 @@ |
@@ -36,12 +36,12 @@ /** | ||
| function escapeArgCmd(arg, interpolation, quoted) { | ||
| let result = arg.replace(/\u0000/g, "").replace(/\n|\r/g, " "); | ||
| let result = arg.replace(/\0/gu, "").replace(/[\n\r]/gu, " "); | ||
| if (interpolation) { | ||
| result = result | ||
| .replace(/\^/g, "^^") | ||
| .replace(/(<|>)/g, "^$1") | ||
| .replace(/(")/g, "^$1") | ||
| .replace(/(\&|\|)/g, "^$1"); | ||
| .replace(/\^/gu, "^^") | ||
| .replace(/([<>])/gu, "^$1") | ||
| .replace(/(")/gu, "^$1") | ||
| .replace(/([&|])/gu, "^$1"); | ||
| } else if (quoted) { | ||
| result = result.replace(/"/g, `""`); | ||
| result = result.replace(/"/gu, `""`); | ||
| } | ||
@@ -62,17 +62,17 @@ | ||
| let result = arg | ||
| .replace(/\u0000/g, "") | ||
| .replace(/`/g, "``") | ||
| .replace(/\$/g, "`$"); | ||
| .replace(/\0/gu, "") | ||
| .replace(/`/gu, "``") | ||
| .replace(/\$/gu, "`$$"); | ||
| if (interpolation) { | ||
| result = result | ||
| .replace(/\n|\r/g, " ") | ||
| .replace(/(^|\s|\u0085)((?:\*|[1-6])?)(>)/g, "$1$2`$3") | ||
| .replace(/(^|\s|\u0085)(<|@|#|-|\:|\])/g, "$1`$2") | ||
| .replace(/(,|\;|\&|\|)/g, "`$1") | ||
| .replace(/(\(|\)|\{|\})/g, "`$1") | ||
| .replace(/('|’|‘|‛|‚)/g, "`$1") | ||
| .replace(/("|“|”|„)/g, "`$1"); | ||
| .replace(/[\n\r]/gu, " ") | ||
| .replace(/(^|[\s\u0085])([*1-6]?)(>)/gu, "$1$2`$3") | ||
| .replace(/(^|[\s\u0085])([#\-:<@\]])/gu, "$1`$2") | ||
| .replace(/([&,;|])/gu, "`$1") | ||
| .replace(/([(){}])/gu, "`$1") | ||
| .replace(/(['‘’‚‛])/gu, "`$1") | ||
| .replace(/(["“”„])/gu, "`$1"); | ||
| } else if (quoted) { | ||
| result = result.replace(/("|“|”|„)/g, "$1$1"); | ||
| result = result.replace(/(["“”„])/gu, "$1$1"); | ||
| } | ||
@@ -79,0 +79,0 @@ |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by1.15%
100237
- Lines of code
- increased by0.26%
1546
- Number of lines in readme file
- increased by2.62%
235
Worsened metrics
- Dev dependency count
- increased by12.5%
18
No dependency changes