A simple shell escape library for JavaScript. Use it to escape user-controlled inputs to shell commands to prevent shell injection.
Quick links: npm | Source code | License | Changelog | Security
The following shells are officially supported and extensively tested. It is recommended to only use shells found in this list.
If you want to use Shescape with another shell you can request it on GitHub by opening an issue.
Install shescape:
npm install shescape
Import shescape:
import * as shescape from "shescape";
Use shescape.
View the recipes for examples of how to use Shescape.
View the API documentation of Shescape.
View the testing documentation for how to test code that uses Shescape.
Read the tips for additional ways to protect against shell injection.
The source code is licensed under the MPL-2.0 license, see LICENSE for
the full license text. The documentation text is licensed under CC BY-SA 4.0;
code snippets under the MIT license.
[1.7.4] - 2023-08-21
shell values for Windows. ([#1137])FAQs
simple shell escape library
The npm package shescape receives a total of 1,370 weekly downloads. As such, shescape popularity was classified as popular.
We found that shescape demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.
Security News
Research
Socket's threat research team has detected five malicious npm packages targeting Roblox developers, deploying malware to steal credentials and personal data.