shescape - npm Package Compare versions

Comparing version 1.5.10 to 1.6.0

CHANGELOG.md

		# Changelog

		All notable changes to this project will be documented in this file.
		All notable changes to _Shescape_ will be documented in this file.

		@@ -12,2 +12,10 @@ The format is based on [Keep a Changelog], and this project adheres to [Semantic

		## [1.6.0] - 2022-10-15

		- Escape control characters `U+0008`, `U+000D`, `U+001B`, and `U+009B`. ([#456])
		- Improve escaping performance when interpolation is set to `true`. ([#457])
		- Improve newline substitution on Windows. ([#458], [#460])
		- Improve specificity of supported Node.js versions. ([#432], [#459])
		- Remove all side effects on import. ([#408])

		## [1.5.10] - 2022-08-21
		@@ -183,3 +191,10 @@
		[#373]: https://github.com/ericcornelissen/shescape/pull/373
		[#408]: https://github.com/ericcornelissen/shescape/pull/408
		[#432]: https://github.com/ericcornelissen/shescape/pull/432
		[#456]: https://github.com/ericcornelissen/shescape/pull/456
		[#457]: https://github.com/ericcornelissen/shescape/pull/457
		[#458]: https://github.com/ericcornelissen/shescape/pull/458
		[#459]: https://github.com/ericcornelissen/shescape/pull/459
		[#460]: https://github.com/ericcornelissen/shescape/pull/460
		[keep a changelog]: https://keepachangelog.com/en/1.0.0/
		[semantic versioning]: https://semver.org/spec/v2.0.0.html

docs/recipes.md

		@@ -21,3 +21,3 @@ # Shescape Recipes

		```js
		```javascript
		import { exec } from "node:child_process";
		@@ -46,3 +46,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { exec } from "node:child_process";
		@@ -85,3 +85,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { execSync } from "node:child_process";
		@@ -109,3 +109,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { execSync } from "node:child_process";
		@@ -150,3 +150,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { exec } from "node:child_process";
		@@ -181,3 +181,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { execFile } from "node:child_process";
		@@ -212,3 +212,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { execFile } from "node:child_process";
		@@ -256,3 +256,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { execFileSync } from "node:child_process";
		@@ -289,3 +289,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { execFileSync } from "node:child_process";
		@@ -333,3 +333,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		// echo.js
		@@ -361,3 +361,3 @@

		```js
		```javascript
		// echo.js
		@@ -406,3 +406,3 @@

		```js
		```javascript
		import { spawn } from "node:child_process";
		@@ -433,3 +433,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { spawn } from "node:child_process";
		@@ -476,3 +476,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { spawnSync } from "node:child_process";
		@@ -502,3 +502,3 @@ import * as shescape from "shescape";

		```js
		```javascript
		import { spawnSync } from "node:child_process";
		@@ -505,0 +505,0 @@ import * as shescape from "shescape";

index.js

		@@ -6,8 +6,8 @@ /**
		* @example
		* import cp from "child_process";
		* import * as shescape from "shescape";
		* cp.spawn("command", shescape.escapeAll(userInput), options);
		*
		* import cp from "child_process";
		* import * as shescape from "shescape";
		* cp.spawn("command", shescape.escapeAll(userInput), options);
		* @overview Entrypoint for the package.
		* @module shescape
		* @version 1.5.10
		* @version 1.6.0
		* @license MPL-2.0
		@@ -25,3 +25,3 @@ */
		*
		* @returns {Object} The helper functions for the current platform.
		* @returns {object} The helper functions for the current platform.
		*/
		@@ -51,3 +51,3 @@ function getPlatformHelpers() {
		* @param {string} arg The argument to escape.
		* @param {Object} [options] The escape options.
		* @param {object} [options] The escape options.
		* @param {boolean} [options.interpolation=false] Is interpolation enabled.
		@@ -72,3 +72,3 @@ * @param {boolean \| string} [options.shell] The shell to escape for.
		* @param {string[]} args The arguments to escape.
		* @param {Object} [options] The escape options.
		* @param {object} [options] The escape options.
		* @param {boolean} [options.interpolation=false] Is interpolation enabled.
		@@ -92,3 +92,3 @@ * @param {boolean \| string} [options.shell] The shell to escape for.
		* @param {string} arg The argument to quote and escape.
		* @param {Object} [options] The escape and quote options.
		* @param {object} [options] The escape and quote options.
		* @param {boolean \| string} [options.shell] The shell to escape for.
		@@ -112,3 +112,3 @@ * @returns {string} The quoted and escaped argument.
		* @param {string[]} args The arguments to quote and escape.
		* @param {Object} [options] The escape and quote options.
		* @param {object} [options] The escape and quote options.
		* @param {boolean \| string} [options.shell] The shell to escape for.
		@@ -115,0 +115,0 @@ * @returns {string[]} The quoted and escaped arguments.

package.json

		{
		"name": "shescape",
		"version": "1.5.10",
		"version": "1.6.0",
		"description": "simple shell escape library",
		@@ -14,29 +14,4 @@ "homepage": "https://ericcornelissen.github.io/shescape/",
		"typings": "index.d.ts",
		"scripts": {
		"_coverage": "c8 --reporter=lcov --reporter=text",
		"_prettier": "prettier ./*/.{cjs,js,json,md,yml} --ignore-path .gitignore",
		"benchmark": "node test/bench/bench.js",
		"clean": "node script/clean.js",
		"coverage": "npm run coverage:unit",
		"coverage:compatibility": "npm run _coverage -- --reports-dir=_reports/coverage/compatibility npm run test:compatibility",
		"coverage:e2e": "npm run _coverage -- --reports-dir=_reports/coverage/e2e npm run test:e2e",
		"coverage:integration": "npm run _coverage -- --reports-dir=_reports/coverage/integration npm run test:integration",
		"coverage:property": "npm run _coverage -- --reports-dir=_reports/coverage/property npm run test:property",
		"coverage:unit": "npm run _coverage -- --reports-dir=_reports/coverage/unit npm run test:unit",
		"format": "npm run _prettier -- --write",
		"prefuzz": "npm run transpile",
		"fuzz": "node script/fuzz.js",
		"lint": "npm run _prettier -- --check",
		"eslint": "eslint . --ext .js,.cjs",
		"prepare": "is-ci \|\| husky install script/hooks",
		"prepublishOnly": "npm run transpile",
		"test": "npm run test:unit",
		"test:compatibility": "mocha test/compat/*/.test.{js,cjs}",
		"test:e2e": "ava test/e2e/*/.test.js",
		"test:integration": "ava test/integration/*/.test.{js,cjs}",
		"test:mutation": "stryker run stryker.config.json",
		"test:property": "ava test/prop/*/.test.js",
		"test:unit": "ava test/unit/*/.test.js",
		"transpile": "rollup -c",
		"vet": "depcheck && unimported"
		"engines": {
		"node": "^10.13.0 \|\| ^12 \|\| ^14 \|\| ^16 \|\| ^18"
		},
		@@ -64,5 +39,6 @@ "repository": {
		"devDependencies": {
		"@fast-check/ava": "1.0.1",
		"@stryker-mutator/core": "6.1.2",
		"ava": "4.3.1",
		"@ericcornelissen/eslint-plugin-top": "0.1.2",
		"@fast-check/ava": "1.1.0",
		"@stryker-mutator/core": "6.2.3",
		"ava": "4.3.3",
		"benchmark": "2.1.4",
		@@ -72,17 +48,52 @@ "c8": "7.12.0",
		"dotenv": "16.0.1",
		"eslint": "8.22.0",
		"eslint-plugin-regexp": "1.8.0",
		"fast-check": "3.1.1",
		"eslint": "8.25.0",
		"eslint-plugin-ava": "13.2.0",
		"eslint-plugin-jsdoc": "39.3.6",
		"eslint-plugin-regexp": "1.9.0",
		"fast-check": "3.2.0",
		"husky": "8.0.1",
		"is-ci": "3.0.1",
		"jsfuzz": "1.0.15",
		"markdownlint-cli": "0.32.2",
		"mocha": "9.2.2",
		"prettier": "2.7.1",
		"rollup": "2.78.1",
		"rollup": "2.79.1",
		"sinon": "14.0.0",
		"unimported": "1.21.0"
		},
		"engines": {
		"node": ">=10.13.0"
		"scripts": {
		"prefuzz": "npm run transpile",
		"prepare": "is-ci \|\| husky install script/hooks",
		"prepublishOnly": "npm run transpile",
		"pretest:compat": "npm run transpile",
		"pretest:integration": "npm run transpile",
		"_coverage": "c8 --reporter=lcov --reporter=text",
		"_prettier": "prettier ./*/.{cjs,js,json,md,yml} --ignore-path .gitignore",
		"audit": "npm audit",
		"audit:runtime": "npm audit --omit dev",
		"benchmark": "node test/bench/bench.js",
		"clean": "node script/clean.js",
		"coverage": "npm run coverage:unit",
		"coverage:compat": "npm run _coverage -- --reports-dir=_reports/coverage/compat npm run test:compat",
		"coverage:e2e": "npm run _coverage -- --reports-dir=_reports/coverage/e2e npm run test:e2e",
		"coverage:integration": "npm run _coverage -- --reports-dir=_reports/coverage/integration npm run test:integration",
		"coverage:property": "npm run _coverage -- --reports-dir=_reports/coverage/property npm run test:property",
		"coverage:unit": "npm run _coverage -- --reports-dir=_reports/coverage/unit npm run test:unit",
		"format": "npm run _prettier -- --write",
		"fuzz": "node script/fuzz.js",
		"lint": "npm run _prettier -- --check",
		"lint:js": "eslint . --report-unused-disable-directives --ext .js,.cjs",
		"lint:md": "markdownlint --dot --ignore-path .gitignore .",
		"lint:sh": "shellcheck -e SC1090,SC1091,SC2155 script/.sh script/hooks/.sh script/hooks/pre-*",
		"test": "npm run test:unit",
		"test:compat": "mocha test/compat/*/.test.cjs",
		"test:compat-all": "node script/run-compatibility-tests.js",
		"test:e2e": "ava test/e2e/*/.test.js",
		"test:integration": "ava test/integration/*/.test.js --timeout 1m",
		"test:mutation": "stryker run stryker.config.json",
		"test:property": "ava test/prop/*/.test.js",
		"test:unit": "ava test/unit/*/.test.js",
		"transpile": "rollup --config rollup.config.js",
		"vet": "depcheck && unimported"
		}
		}

README.md

		@@ -6,3 +6,2 @@ # Shescape
		[![Mutation Report][mutation-image]][mutation-url]
		[![Quality Report][quality-image]][quality-url]
		[![NPM Package][npm-image]][npm-url]
		@@ -32,3 +31,3 @@

		```sh
		```shell
		# npm
		@@ -43,3 +42,3 @@ npm install shescape

		```js
		```javascript
		import * as shescape from "shescape";
		@@ -56,8 +55,8 @@ ```
		- Unix
		- [Bash](<https://en.wikipedia.org/wiki/Bash_(Unix_shell)>)
		- [Dash](https://en.wikipedia.org/wiki/Almquist_shell#Dash)
		- [Zsh](https://en.wikipedia.org/wiki/Z_shell)
		- [Bash]
		- [Dash]
		- [Zsh]
		- Windows
		- [cmd.exe](https://en.wikipedia.org/wiki/Cmd.exe)
		- [PowerShell](https://en.wikipedia.org/wiki/PowerShell)
		- [cmd.exe]
		- [PowerShell]

		@@ -80,3 +79,3 @@ If you want to use Shescape with another shell you can request it on GitHub by

		```js
		```javascript
		import { quote } from "shescape";
		@@ -114,3 +113,3 @@

		```js
		```javascript
		import { quoteAll } from "shescape";
		@@ -155,3 +154,3 @@

		```js
		```javascript
		import { escape } from "shescape";
		@@ -193,3 +192,3 @@

		```js
		```javascript
		import { escapeAll } from "shescape";
		@@ -225,4 +224,4 @@

		[ci-url]: https://github.com/ericcornelissen/shescape/actions/workflows/push-checks.yml
		[ci-image]: https://img.shields.io/github/workflow/status/ericcornelissen/shescape/Push%20checks/main?logo=github
		[ci-url]: https://github.com/ericcornelissen/shescape/actions/workflows/checks.yml
		[ci-image]: https://github.com/ericcornelissen/shescape/actions/workflows/checks.yml/badge.svg
		[coverage-url]: https://codecov.io/gh/ericcornelissen/shescape
		@@ -232,10 +231,12 @@ [coverage-image]: https://codecov.io/gh/ericcornelissen/shescape/branch/main/graph/badge.svg
		[mutation-image]: https://img.shields.io/endpoint?style=flat&url=https%3A%2F%2Fbadge-api.stryker-mutator.io%2Fgithub.com%2Fericcornelissen%2Fshescape%2Fmain
		[quality-url]: https://codeclimate.com/github/ericcornelissen/shescape/maintainability
		[quality-image]: https://api.codeclimate.com/v1/badges/6eb1a10f41cf6950b6ce/maintainability
		[npm-url]: https://www.npmjs.com/package/shescape
		[npm-image]: https://img.shields.io/npm/v/shescape.svg
		[an issue]: https://github.com/ericcornelissen/shescape/issues
		[bash]: https://en.wikipedia.org/wiki/Bash_(Unix_shell) "Bourne-Again Shell"
		[changelog]: https://github.com/ericcornelissen/shescape/blob/main/CHANGELOG.md
		[cmd.exe]: https://en.wikipedia.org/wiki/Cmd.exe
		[dash]: https://en.wikipedia.org/wiki/Almquist_shell#Dash "Debian Almquist Shell"
		[license]: https://github.com/ericcornelissen/shescape/blob/main/LICENSE
		[open an issue]: https://github.com/ericcornelissen/shescape/issues/new?labels=documentation&template=documentation.md
		[powershell]: https://en.wikipedia.org/wiki/PowerShell
		[recipes]: docs/recipes.md
		@@ -245,1 +246,2 @@ [security]: https://github.com/ericcornelissen/shescape/blob/main/SECURITY.md
		[source code]: https://github.com/ericcornelissen/shescape
		[zsh]: https://en.wikipedia.org/wiki/Z_shell "Z shell"

SECURITY.md

		@@ -5,27 +5,34 @@ # Security Policy

		The table below tells you which version of the _Shescape_ are currently being
		supported with security updates.
		The table below shows which versions of _Shescape_ are currently supported with
		security updates.

		\| Version \| Supported \|
		\| ------: \| ------------------ \|
		\| 1.x.x \| :white_check_mark: \|
		\| 0.x.x \| :x: \|
		\| Version \| Supported \| End-of-life \|
		\| ------: \| :-------- \| :---------- \|
		\| 1.x.x \| Yes \| - \|
		\| 0.x.x \| No \| 2021-02-01 \|

		## Reporting a Vulnerability

		The maintainers of the _Shescape_ take security bugs very seriously. We
		appreciate your efforts to responsibly disclose your findings. Due to the
		non-funded open-source nature of this project, we take a best-efforts approach
		when it comes to engaging with (security) reports.
		The maintainers of this project take security bugs very seriously. We appreciate
		your efforts to responsibly disclose your findings. Due to the non-funded and
		open-source nature of this project, we take a best-efforts approach when it
		comes to engaging with (security) reports.

		To report a security issue, send an email to [security@ericcornelissen.dev] and
		include the words _"SECURITY"_ and _"Shescape"_ in the subject line. Please
		do not open a regular issue or Pull Request in the public repository.
		To report a security issue in a supported version of the project, send an email
		to [security@ericcornelissen.dev] and include the terms "SECURITY" and
		"shescape" in the subject line. Please do not open a regular issue or Pull
		Request in the public repository.

		If you found a security bug in an unsupported version of the project, please
		report this publicly. For example, as a regular issue in the public repository.

		## Advisories

		- `CVE-2021-21384` (2021-03-19)
		- `CVE-2022-24725` (2022-03-03)
		- `CVE-2022-31179` (2022-07-26)
		- `CVE-2022-31180` (2022-07-26)
		\| ID \| Date \| Affected versions \| Patched versions \|
		\| :--------------- \| :--------- \| :---------------- \| :--------------- \|
		\| `CVE-2021-21384` \| 2021-03-19 \| `<1.1.3` \| `1.1.3` \|
		\| `CVE-2022-24725` \| 2022-03-03 \| `>=1.4.0 <1.5.1` \| `1.5.1` \|
		\| `CVE-2022-31179` \| 2022-07-26 \| `<1.5.8` \| `1.5.8` \|
		\| `CVE-2022-31180` \| 2022-07-26 \| `>=1.4.0 <1.5.8` \| `1.5.8` \|
		\| `CVE-2022-36064` \| 2022-08-29 \| `>=1.5.1 <1.5.10` \| `1.5.10` \|

		@@ -38,2 +45,2 @@ ## Acknowledgments

		[security@ericcornelissen.dev]: mailto:security@ericcornelissen.dev?subject=SECURITY%20%28Shescape%29
		[security@ericcornelissen.dev]: mailto:security@ericcornelissen.dev?subject=SECURITY%20%28shescape%29

src/executables.js

		@@ -14,9 +14,10 @@ /**
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.executable A string representation of the executable.
		* @param {Object} deps The dependencies for this function.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.exists A function to check if a file exists.
		* @param {Function} deps.readlink A function to resolve (sym)links.
		* @param {Function} deps.which A function to perform a `which(1)`-like lookup.
		* @returns The full path to the binary of the executable.
		* @returns {string} The full path to the binary of the executable.
		* @throws {Error} If the `deps` aren't provided.
		*/
		@@ -23,0 +24,0 @@ export function resolveExecutable({ executable }, { exists, readlink, which }) {

src/main.js

		@@ -69,4 +69,4 @@ /**
		*
		* @param {...Object} objects The objects to merge.
		* @returns {Object} The merged object.
		* @param {...object} objects The objects to merge.
		* @returns {object} The merged object.
		*/
		@@ -82,25 +82,21 @@ function mergeObjects(...objects) {
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.arg The argument to escape.
		* @param {Object} args.options The options for escaping `arg`.
		* @param {object} args.options The options for escaping `arg`.
		* @param {string} [args.options.shell] The shell to escape `arg` for.
		* @param {boolean} [args.options.interpolation] Is interpolation enabled.
		* @param {boolean} [args.options.quoted] Is `arg` being quoted.
		* @param {Object} args.process The `process` values.
		* @param {Object} args.process.env The environment variables.
		* @param {Object} deps The dependencies for this function.
		* @param {object} args.process The `process` values.
		* @param {object} args.process.env The environment variables.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.getDefaultShell Get the default shell for the system.
		* @param {Function} deps.getShellName Get the name of a shell.
		* @returns {Object} The parsed arguments.
		* @returns {object} The parsed arguments.
		*/
		function parseArgs(
		{ arg, options, process },
		{ arg, options: { interpolation, quoted, shell }, process: { env } },
		{ getDefaultShell, getShellName }
		) {
		const env = process.env;
		const interpolation = options.interpolation ? true : false;
		const quoted = options.quoted;
		const shell = isString(options.shell)
		? options.shell
		: getDefaultShell({ env });
		interpolation = interpolation ? true : false;
		shell = isString(shell) ? shell : getDefaultShell({ env });

		@@ -114,3 +110,3 @@ const shellName = getShellName({ shell }, { resolveExecutable });
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.arg The argument to escape.
		@@ -120,3 +116,3 @@ * @param {boolean} args.interpolation Is interpolation enabled.
		* @param {string} args.shellName The name of the shell to escape `arg` for.
		* @param {Object} deps The dependencies for this function.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.getEscapeFunction Get the escape function for a shell.
		@@ -143,6 +139,6 @@ * @returns {string} The escaped argument.
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.arg The argument to escape.
		* @param {string} args.shellName The name of the shell to escape `arg` for.
		* @param {Object} deps The dependencies for this function.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.getEscapeFunction Get the escape function for a shell.
		@@ -166,10 +162,7 @@ * @param {Function} deps.getQuoteFunction Get the quote function for a shell.
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.arg The argument to escape.
		* @param {Object} args.options The options for escaping `arg`.
		* @param {string} [args.options.shell] The shell to escape `arg` for.
		* @param {boolean} [args.options.interpolation=false] Is interpolation enabled.
		* @param {Object} args.process The `process` values.
		* @param {Object} args.process.env The environment variables.
		* @param {Object} deps The dependencies for this function.
		* @param {object} args.options The options for escaping `arg`.
		* @param {object} args.process The `process` values.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.getDefaultShell Get the default shell for the system.
		@@ -189,9 +182,9 @@ * @param {Function} deps.getEscapeFunction Get an escape function for a shell.
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.arg The argument to escape.
		* @param {Object} args.options The options for escaping `arg`.
		* @param {object} args.options The options for escaping `arg`.
		* @param {string} [args.options.shell] The shell to escape `arg` for.
		* @param {Object} args.process The `process` values.
		* @param {Object} args.process.env The environment variables.
		* @param {Object} deps The dependencies for this function.
		* @param {object} args.process The `process` values.
		* @param {object} args.process.env The environment variables.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.getDefaultShell Get the default shell for the system.
		@@ -198,0 +191,0 @@ * @param {Function} deps.getEscapeFunction Get an escape function for a shell.

src/platforms.js

		@@ -37,4 +37,4 @@ /**
		*
		* @param {Object} args The arguments for this function.
		* @param {Record<string, string>} args.env The environment variables.
		* @param {object} args The arguments for this function.
		* @param {Object<string, string>} args.env The environment variables.
		* @param {string} args.platform The `os.platform()` value.
		@@ -50,6 +50,6 @@ * @returns {boolean} `true` if the system is Windows, `false` otherwise.
		*
		* @param {Object} args The arguments for this function.
		* @param {Record<string, string>} args.env The environment variables.
		* @param {object} args The arguments for this function.
		* @param {Object<string, string>} args.env The environment variables.
		* @param {string} args.platform The `os.platform()` value.
		* @returns {Object} The helper functions for the current system.
		* @returns {object} The helper functions for the current system.
		*/
		@@ -56,0 +56,0 @@ export function getHelpersByPlatform(args) {

src/unix.js

		@@ -44,3 +44,3 @@ /**
		function escapeArgBash(arg, interpolation, quoted) {
		let result = arg.replace(/\0/gu, "");
		let result = arg.replace(/[\0\u0008\u001B\u009B]/gu, "");

		@@ -52,6 +52,3 @@ if (interpolation) {
		.replace(/(^\|\s)([#~])/gu, "$1\\$2")
		.replace(/([*?])/gu, "\\$1")
		.replace(/([$&;\|])/gu, "\\$1")
		.replace(/([()<>])/gu, "\\$1")
		.replace(/(["'`])/gu, "\\$1")
		.replace(/(["$&'()*;<>?`\|])/gu, "\\$1")
		.replace(/(?<!\{)\{+(?=(?:[^{][^,.])?[,.][^}]\})/gu, (curlyBraces) =>
		@@ -65,2 +62,4 @@ curlyBraces.replace(/\{/gu, "\\{")

		result = result.replace(/\r(?!\n)/gu, "");

		return result;
		@@ -70,3 +69,3 @@ }
		/**
		* Escapes a shell argument for use in Dash
		* Escapes a shell argument for use in Dash.
		*
		@@ -79,3 +78,3 @@ * @param {string} arg The argument to escape.
		function escapeArgDash(arg, interpolation, quoted) {
		let result = arg.replace(/\0/gu, "");
		let result = arg.replace(/[\0\u0008\u001B\u009B]/gu, "");

		@@ -87,6 +86,3 @@ if (interpolation) {
		.replace(/(^\|\s)([#~])/gu, "$1\\$2")
		.replace(/([*?])/gu, "\\$1")
		.replace(/([$&;\|])/gu, "\\$1")
		.replace(/([()<>])/gu, "\\$1")
		.replace(/(["'`])/gu, "\\$1");
		.replace(/(["$&'()*;<>?`\|])/gu, "\\$1");
		} else if (quoted) {
		@@ -96,2 +92,4 @@ result = result.replace(/'/gu, `'\\''`);

		result = result.replace(/\r(?!\n)/gu, "");

		return result;
		@@ -109,3 +107,3 @@ }
		function escapeArgZsh(arg, interpolation, quoted) {
		let result = arg.replace(/\0/gu, "");
		let result = arg.replace(/[\0\u0008\u001B\u009B]/gu, "");

		@@ -117,7 +115,3 @@ if (interpolation) {
		.replace(/(^\|\s)([#=~])/gu, "$1\\$2")
		.replace(/([*?])/gu, "\\$1")
		.replace(/([$&;\|])/gu, "\\$1")
		.replace(/([()<>])/gu, "\\$1")
		.replace(/(["'`])/gu, "\\$1")
		.replace(/([[\]{}])/gu, "\\$1");
		.replace(/(["$&'()*;<>?[\]`{\|}])/gu, "\\$1");
		} else if (quoted) {
		@@ -127,2 +121,4 @@ result = result.replace(/'/gu, `'\\''`);

		result = result.replace(/\r(?!\n)/gu, "");

		return result;
		@@ -142,28 +138,2 @@ }
		/**
		* The mapping from shell names to functions that escape arguments for that
		* shell.
		*
		* @constant
		* @type {Map<string, Function>}
		*/
		const escapeFunctionsByShell = new Map([
		[binBash, escapeArgBash],
		[binDash, escapeArgDash],
		[binZsh, escapeArgZsh],
		]);

		/**
		* The mapping from shell names to functions that quote arguments for that
		* shell.
		*
		* @constant
		* @type {Map<string, Function>}
		*/
		const quoteFunctionsByShell = new Map([
		[binBash, quoteArg],
		[binDash, quoteArg],
		[binZsh, quoteArg],
		]);

		/**
		* Returns the basename of a directory or file path on a Unix system.
		@@ -182,3 +152,3 @@ *
		* For more information, see `options.shell` in:
		* https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback
		* https://nodejs.org/api/child_process.html#child_processexeccommand-options-callback.
		*
		@@ -198,3 +168,12 @@ * @returns {string} The default shell.
		export function getEscapeFunction(shellName) {
		return escapeFunctionsByShell.get(shellName) \|\| null;
		switch (shellName) {
		case binBash:
		return escapeArgBash;
		case binDash:
		return escapeArgDash;
		case binZsh:
		return escapeArgZsh;
		default:
		return null;
		}
		}
		@@ -209,3 +188,10 @@
		export function getQuoteFunction(shellName) {
		return quoteFunctionsByShell.get(shellName) \|\| null;
		switch (shellName) {
		case binBash:
		case binDash:
		case binZsh:
		return quoteArg;
		default:
		return null;
		}
		}
		@@ -216,5 +202,5 @@
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.shell The name or path of the shell.
		* @param {Object} deps The dependencies for this function.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.resolveExecutable Resolve the path to an executable.
		@@ -221,0 +207,0 @@ * @returns {string} The shell name.

src/win.js

		@@ -36,10 +36,8 @@ /**
		function escapeArgCmd(arg, interpolation, quoted) {
		let result = arg.replace(/\0/gu, "").replace(/[\n\r]/gu, " ");
		let result = arg
		.replace(/[\0\u0008\u001B\u009B]/gu, "")
		.replace(/\r?\n\|\r/gu, " ");

		if (interpolation) {
		result = result
		.replace(/\^/gu, "^^")
		.replace(/([<>])/gu, "^$1")
		.replace(/(")/gu, "^$1")
		.replace(/([&\|])/gu, "^$1");
		result = result.replace(/\^/gu, "^^").replace(/(["&<>\|])/gu, "^$1");
		} else if (quoted) {
		@@ -62,15 +60,13 @@ result = result.replace(/"/gu, `""`);
		let result = arg
		.replace(/\0/gu, "")
		.replace(/[\0\u0008\u001B\u009B]/gu, "")
		.replace(/`/gu, "``")
		.replace(/\$/gu, "`$$");
		.replace(/\$/gu, "`$$")
		.replace(/\r(?!\n)/gu, "");

		if (interpolation) {
		result = result
		.replace(/[\n\r]/gu, " ")
		.replace(/\r?\n\|\r/gu, " ")
		.replace(/(^\|[\s\u0085])([*1-6]?)(>)/gu, "$1$2`$3")
		.replace(/(^\|[\s\u0085])([#\-:<@\]])/gu, "$1`$2")
		.replace(/([&,;\|])/gu, "`$1")
		.replace(/([(){}])/gu, "`$1")
		.replace(/(['‘’‚‛])/gu, "`$1")
		.replace(/(["“”„])/gu, "`$1");
		.replace(/(["&'(),;{\|}‘’‚‛“”„])/gu, "`$1");
		} else if (quoted) {
		@@ -94,26 +90,2 @@ result = result.replace(/(["“”„])/gu, "$1$1");
		/**
		* The mapping from shell names to functions that escape arguments for that
		* shell.
		*
		* @constant
		* @type {Map<string, Function>}
		*/
		const escapeFunctionsByShell = new Map([
		[binCmd, escapeArgCmd],
		[binPowerShell, escapeArgPowerShell],
		]);

		/**
		* The mapping from shell names to functions that quote arguments for that
		* shell.
		*
		* @constant
		* @type {Map<string, Function>}
		*/
		const quoteFunctionsByShell = new Map([
		[binCmd, quoteArg],
		[binPowerShell, quoteArg],
		]);

		/**
		* Returns the basename of a directory or file path on a Windows system.
		@@ -132,12 +104,12 @@ *
		* For more information, see:
		* https://nodejs.org/api/child_process.html#default-windows-shell
		* https://nodejs.org/api/child_process.html#default-windows-shell.
		*
		* @param {Object} args The arguments for this function.
		* @param {Object} args.env The environment variables.
		* @param {object} args The arguments for this function.
		* @param {object} args.env The environment variables.
		* @param {string} [args.env.ComSpec] The %COMSPEC% value.
		* @returns {string} The default shell.
		*/
		export function getDefaultShell({ env }) {
		if (Object.prototype.hasOwnProperty.call(env, "ComSpec")) {
		return env.ComSpec;
		export function getDefaultShell({ env: { ComSpec } }) {
		if (ComSpec !== undefined) {
		return ComSpec;
		}
		@@ -155,3 +127,10 @@
		export function getEscapeFunction(shellName) {
		return escapeFunctionsByShell.get(shellName) \|\| null;
		switch (shellName) {
		case binCmd:
		return escapeArgCmd;
		case binPowerShell:
		return escapeArgPowerShell;
		default:
		return null;
		}
		}
		@@ -166,3 +145,9 @@
		export function getQuoteFunction(shellName) {
		return quoteFunctionsByShell.get(shellName) \|\| null;
		switch (shellName) {
		case binCmd:
		case binPowerShell:
		return quoteArg;
		default:
		return null;
		}
		}
		@@ -173,5 +158,5 @@
		*
		* @param {Object} args The arguments for this function.
		* @param {object} args The arguments for this function.
		* @param {string} args.shell The name or path of the shell.
		* @param {Object} deps The dependencies for this function.
		* @param {object} deps The dependencies for this function.
		* @param {Function} deps.resolveExecutable Resolve the path to an executable.
		@@ -178,0 +163,0 @@ * @returns {string} The shell name.

index.cjs

Sorry, the diff of this file is not supported yet

shescape - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics