shescape - npm Package Compare versions

Comparing version 2.0.0 to 2.0.1

CHANGELOG.md

		@@ -12,2 +12,7 @@ # Changelog

		## [2.0.1] - 2023-10-28

		- Improve alignment between `Shescape` and `Stubscape`. ([#1149])
		- Add a failing `Shescape` stub to the testing module. ([#1149])

		## [2.0.0] - 2023-09-07
		@@ -316,4 +321,5 @@
		[#1142]: https://github.com/ericcornelissen/shescape/pull/1142
		[#1149]: https://github.com/ericcornelissen/shescape/pull/1149
		[552e8ea]: https://github.com/ericcornelissen/shescape/commit/552e8eab56861720b1d4e5474fb65741643358f9
		[keep a changelog]: https://keepachangelog.com/en/1.0.0/
		[semantic versioning]: https://semver.org/spec/v2.0.0.html

docs/testing.md

		@@ -22,7 +22,12 @@ # Testing with Shescape
		import assert from "node:assert";
		import { Shescape as Stubscape } from "shescape/testing";
		import { Shescape as Stubscape, Throwscape } from "shescape/testing";
		import { functionUnderTest } from "./my-module.js";

		// Test good conditions
		const stubscape = new Stubscape();
		assert.ok(functionUnderTest(stubscape));

		// Test bad conditions
		const throwscape = new Throwscape();
		assert.ok(functionUnderTest(throwscape));
		```
		@@ -29,0 +34,0 @@

index.js

		@@ -7,3 +7,3 @@ /**
		* @module shescape
		* @version 2.0.0
		* @version 2.0.1
		* @license MPL-2.0
		@@ -10,0 +10,0 @@ */

package.json

		{
		"name": "shescape",
		"version": "2.0.0",
		"version": "2.0.1",
		"description": "simple shell escape library",
		@@ -36,3 +36,3 @@ "homepage": "https://github.com/ericcornelissen/shescape#readme",
		"type": "git",
		"url": "https://github.com/ericcornelissen/shescape"
		"url": "git+https://github.com/ericcornelissen/shescape.git"
		},
		@@ -56,8 +56,8 @@ "bugs": {
		"devDependencies": {
		"@arethetypeswrong/cli": "0.10.1",
		"@arethetypeswrong/cli": "0.12.2",
		"@ericcornelissen/eslint-plugin-top": "2.1.0",
		"@fast-check/ava": "1.1.6",
		"@gitlab-org/jsfuzz": "1.2.2",
		"@stryker-mutator/core": "7.1.1",
		"@stryker-mutator/tap-runner": "7.1.1",
		"@stryker-mutator/core": "7.3.0",
		"@stryker-mutator/tap-runner": "7.3.0",
		"ava": "5.3.1",
		@@ -68,19 +68,20 @@ "benchmark": "2.1.4",
		"dotenv": "16.3.1",
		"eslint": "8.48.0",
		"eslint": "8.52.0",
		"eslint-plugin-ava": "14.0.0",
		"eslint-plugin-jsdoc": "46.5.0",
		"eslint-plugin-jsonc": "2.9.0",
		"eslint-plugin-regexp": "1.15.0",
		"eslint-plugin-yml": "1.8.0",
		"fast-check": "3.12.1",
		"eslint-plugin-jsdoc": "46.8.2",
		"eslint-plugin-jsonc": "2.10.0",
		"eslint-plugin-regexp": "2.1.1",
		"eslint-plugin-yml": "1.10.0",
		"fast-check": "3.13.2",
		"husky": "8.0.3",
		"is-ci": "3.0.1",
		"knip": "2.20.2",
		"knip": "2.38.1",
		"licensee": "10.0.0",
		"markdownlint-cli": "0.36.0",
		"markdownlint-cli": "0.37.0",
		"nve": "16.1.1",
		"prettier": "3.0.3",
		"publint": "0.2.2",
		"rollup": "3.28.1",
		"sinon": "15.2.0"
		"publint": "0.2.4",
		"rollup": "4.1.4",
		"shescape-previous": "npm:shescape@2.0.0",
		"sinon": "17.0.0"
		},
		@@ -104,3 +105,4 @@ "scripts": {
		"clean": "node script/clean.js",
		"coverage": "npm run coverage:unit && npm run coverage:integration && npm run coverage:e2e && npm run coverage:compat",
		"coverage": "npm run coverage:unit && npm run coverage:integration && npm run coverage:e2e && npm run coverage:compat && npm run coverage:breakage",
		"coverage:breakage": "c8 --config .c8/breakage.json npm run test:breakage",
		"coverage:compat": "c8 --config .c8/compat.json npm run test:compat",
		@@ -118,8 +120,8 @@ "coverage:e2e": "node script/run-platform-coverage.js e2e",
		"license-check": "licensee --errors-only",
		"lint": "npm run lint:js && npm run lint:json && npm run lint:md && npm run lint:yml",
		"lint:ci": "actionlint",
		"lint": "npm run lint:ci && npm run lint:js && npm run lint:json && npm run lint:md && npm run lint:sh && npm run lint:yml",
		"lint:ci": "node script/maybe-run.js actionlint",
		"lint:js": "npm run _eslint -- --ext .js,.cjs",
		"lint:json": "npm run _eslint -- --ext .json,.jsonc",
		"lint:md": "markdownlint --dot --ignore-path .gitignore .",
		"lint:sh": "shellcheck script/hooks/.sh script/hooks/pre-",
		"lint:sh": "node script/maybe-run.js shellcheck script/hooks/.sh script/hooks/pre-",
		"lint:yml": "npm run _eslint -- --ext .yml",
		@@ -129,3 +131,4 @@ "mutation": "npm run mutation:unit && npm run mutation:integration",
		"mutation:unit": "stryker run stryker.unit.config.js",
		"test": "npm run test:unit && npm run test:integration && npm run test:e2e && npm run test:compat",
		"test": "npm run test:unit && npm run test:integration && npm run test:e2e && npm run test:compat && npm run test:breakage",
		"test:breakage": "ava test/breakage/*/.test.js",
		"test:compat": "ava test/compat/*/.test.js",
		@@ -132,0 +135,0 @@ "test:compat-all": "nve 14.18.0,16.13.0,18.0.0,19.0.0,20.0.0 npm run test:compat --ignore-scripts",

SECURITY.md

		@@ -40,2 +40,18 @@ # Security Policy

		### What to Report (Threat Model)

		#### In Scope

		- Insufficient escaping for any supported shell.
		- Logic bugs with a security implication (e.g. unexpected throw) that can be
		triggered through the public API.
		- Security misconfigurations in the continuous integration pipeline or software
		supply chain.
		- Insecure suggestions or snippets in the documentation.

		#### Out of Scope

		- Known vulnerabilities in third-party `dependencies` or `devDependencies`.
		- Bugs only affecting the `shescape/testing` module.

		### What to Include in a Report
		@@ -42,0 +58,0 @@

src/unix.js

		@@ -153,3 +153,3 @@ /**
		export function isShellSupported(shellName) {
		return getEscapeFunction(shellName, {}) !== undefined;
		return getEscapeFunction(shellName) !== undefined;
		}

src/win.js

		@@ -136,3 +136,3 @@ /**
		export function isShellSupported(shellName) {
		return getEscapeFunction(shellName, {}) !== undefined;
		return getEscapeFunction(shellName) !== undefined;
		}

testing.d.ts

		@@ -1,2 +0,2 @@
		import shescape from "shescape";
		import type { Shescape as ShescapeType } from "shescape";

		@@ -24,7 +24,8 @@ /**
		*/
		export const shescape: {
		escape: shescape.escape;
		escapeAll: shescape.escapeAll;
		quote: shescape.quote;
		quoteAll: shescape.quoteAll;
		};
		export const Shescape: ShescapeType;

		/**
		* A test stub of Shescape that can't be instantiated. This can be used to
		* simulate a failure to instantiate Shescape in your code.
		*/
		export const Throwscape: ShescapeType;

testing.js

		@@ -29,13 +29,15 @@ /**
		/**
		* A test stub of Shescape that has the same input-output profile as the real
		* shescape implementation.
		* An optimistic test stub of Shescape that has the same input-output profile as
		* the real Shescape implementation.
		*
		* In particular:
		* - The constructor never fails.
		* - Returns a string for all stringable inputs.
		* - Errors on non-stringable inputs.
		* - Converts non-array inputs to single-item arrays where necessary.
		* - Errors on non-array inputs where arrays are expected.
		* - Errors when trying to quote when `shell: false`.
		*/
		export class Shescape {
		constructor(_options) {
		// Nothing to do.
		constructor(options = {}) {
		this.shell = options.shell;
		}
		@@ -52,2 +54,6 @@
		quote(arg) {
		if (this.shell === false) {
		throw new Error();
		}

		return this.escape(arg);
		@@ -57,4 +63,14 @@ }
		quoteAll(args) {
		return this.escapeAll(args);
		return args.map((arg) => this.quote(arg));
		}
		}

		/**
		* A test stub of Shescape that can't be instantiated. This can be used to
		* simulate a failure to instantiate Shescape in your code.
		*/
		export class Throwscape {
		constructor(_options) {
		throw new Error("Can't be instantiated");
		}
		}

index.cjs

Sorry, the diff of this file is not supported yet

testing.cjs

Sorry, the diff of this file is not supported yet

testing.d.cts

Sorry, the diff of this file is not supported yet

shescape - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics