spawn-default-shell
Advanced tools
spawn-default-shell - npm Package Compare versions
+1
-1
| { | ||
| "name": "spawn-default-shell", | ||
| "version": "1.1.0", | ||
| "version": "2.0.0", | ||
| "description": "Spawn shell command with platform default shell", | ||
@@ -5,0 +5,0 @@ "main": "src/index.js", |
+17
-3
@@ -22,4 +22,4 @@ # spawn-default-shell | ||
| Windows | `cmd.exe /c "..."`. If `COMSPEC` env variable is defined, it is used as shell path. | ||
| Mac | `/bin/bash -c "..."` | ||
| Linux | `/bin/sh -c "..."` | ||
| Mac | `/bin/bash -l -c "..."` | ||
| Linux | `/bin/sh -l -c "..."` | ||
@@ -29,4 +29,18 @@ You can always override the shell path by defining these two environment variables: | ||
| * `SHELL=/bin/zsh` | ||
| * `SHELL_EXECUTE_FLAG=-c` | ||
| * `SHELL_EXECUTE_FLAGS=-l -c` **Warning: execute flag must be the last flag.** | ||
| All `sh` variants will be called with `-l` flag (--login). It invokes the shell | ||
| as a non-interactive login shell. In bash it means: | ||
| > When bash is invoked as an interactive login shell, or as a non-inter- | ||
| > active shell with the --login option, it first reads and executes commands | ||
| > from the file /etc/profile, if that file exists. After reading | ||
| > that file, it looks for ~/.bash_profile, ~/.bash_login, and ~/.profile, | ||
| > in that order, and reads and executes commands from the first one that | ||
| > exists and is readable. The --noprofile option may be used when the | ||
| > shell is started to inhibit this behavior. | ||
| > | ||
| > When a login shell exits, bash reads and executes commands from the | ||
| > file ~/.bash_logout, if it exists. | ||
| ## Install | ||
@@ -33,0 +47,0 @@ |
+6
-6
@@ -18,5 +18,5 @@ const DETECT_CMD_REGEX = /cmd.exe/; | ||
| function detectExecuteFlag(shell) { | ||
| if (process.env.SHELL_EXECUTE_FLAG) { | ||
| return process.env.SHELL_EXECUTE_FLAG; | ||
| function detectExecuteFlags(shell) { | ||
| if (process.env.SHELL_EXECUTE_FLAGS) { | ||
| return process.env.SHELL_EXECUTE_FLAGS; | ||
| } | ||
@@ -27,6 +27,6 @@ | ||
| } else if (shell.match(DETECT_SH_REGEX)) { | ||
| return '-c'; | ||
| return '-l -c'; | ||
| } | ||
| throw new Error('Unable to detect platform shell type. Please set SHELL_EXECUTE_FLAG env variable.'); | ||
| throw new Error('Unable to detect platform shell type. Please set SHELL_EXECUTE_FLAGS env variable.'); | ||
| } | ||
@@ -39,3 +39,3 @@ | ||
| shell: shell, | ||
| executeFlag: detectExecuteFlag(shell), | ||
| executeFlags: detectExecuteFlags(shell), | ||
| }; | ||
@@ -42,0 +42,0 @@ } |
+2
-1
@@ -7,5 +7,6 @@ const childProcess = require('child_process'); | ||
| const args = shellDetails.executeFlags.split(' '); | ||
| return childProcess.spawn( | ||
| shellDetails.shell, | ||
| [shellDetails.executeFlag, command], | ||
| args.concat([command]), | ||
| spawnOpts | ||
@@ -12,0 +13,0 @@ ); |
@@ -45,3 +45,3 @@ const assert = require('assert'); | ||
| assert.strictEqual(getShell().shell, '/bin/bash'); | ||
| assert.strictEqual(getShell().executeFlag, '-c'); | ||
| assert.strictEqual(getShell().executeFlags, '-l -c'); | ||
| }); | ||
@@ -51,3 +51,3 @@ | ||
| assert.strictEqual(getShell().shell, 'zsh'); | ||
| assert.strictEqual(getShell().executeFlag, '-c'); | ||
| assert.strictEqual(getShell().executeFlags, '-l -c'); | ||
| }); | ||
@@ -69,3 +69,3 @@ }); | ||
| assert.strictEqual(getShell().shell, 'cmd.exe'); | ||
| assert.strictEqual(getShell().executeFlag, '/c'); | ||
| assert.strictEqual(getShell().executeFlags, '/c'); | ||
| }); | ||
@@ -75,3 +75,3 @@ | ||
| assert.strictEqual(getShell().shell, '\\C:\\cmd.exe'); | ||
| assert.strictEqual(getShell().executeFlag, '/c'); | ||
| assert.strictEqual(getShell().executeFlags, '/c'); | ||
| }); | ||
@@ -81,3 +81,3 @@ | ||
| assert.strictEqual(getShell().shell, 'bash'); | ||
| assert.strictEqual(getShell().executeFlag, '-c'); | ||
| assert.strictEqual(getShell().executeFlags, '-l -c'); | ||
| }); | ||
@@ -99,3 +99,3 @@ }); | ||
| assert.strictEqual(getShell().shell, '/bin/sh'); | ||
| assert.strictEqual(getShell().executeFlag, '-c'); | ||
| assert.strictEqual(getShell().executeFlags, '-l -c'); | ||
| }); | ||
@@ -105,3 +105,3 @@ | ||
| assert.strictEqual(getShell().shell, 'zsh'); | ||
| assert.strictEqual(getShell().executeFlag, '-c'); | ||
| assert.strictEqual(getShell().executeFlags, '-l -c'); | ||
| }); | ||
@@ -108,0 +108,0 @@ }); |
@@ -10,3 +10,3 @@ const assert = require('assert'); | ||
| assert.strictEqual(getShell().shell, '/bin/zsh'); | ||
| assert.strictEqual(getShell().executeFlag, '-c'); | ||
| assert.strictEqual(getShell().executeFlags, '-l -c'); | ||
| }); | ||
@@ -16,4 +16,4 @@ }); | ||
| it('custom execute flag should override default', () => { | ||
| withEnv({ SHELL_EXECUTE_FLAG: '--execute' }, () => { | ||
| assert.strictEqual(getShell().executeFlag, '--execute'); | ||
| withEnv({ SHELL_EXECUTE_FLAGS: '--execute' }, () => { | ||
| assert.strictEqual(getShell().executeFlags, '--execute'); | ||
| }); | ||
@@ -23,5 +23,5 @@ }); | ||
| it('customizing whole command should work', () => { | ||
| withEnv({ SHELL: '/bin/verycustomshell', SHELL_EXECUTE_FLAG: '-x' }, () => { | ||
| withEnv({ SHELL: '/bin/verycustomshell', SHELL_EXECUTE_FLAGS: '-x' }, () => { | ||
| assert.strictEqual(getShell().shell, '/bin/verycustomshell'); | ||
| assert.strictEqual(getShell().executeFlag, '-x'); | ||
| assert.strictEqual(getShell().executeFlags, '-x'); | ||
| }); | ||
@@ -28,0 +28,0 @@ }); |
New alerts
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
Fixed alerts
AI-detected possible typosquat
Supply chain riskAI has identified this package as a potential typosquat of a more popular package. This suggests that the package may be intentionally mimicking another package's name, description, or other metadata.
Found 1 instance in 1 package
Major refactor
Supply chain riskPackage has recently undergone a major refactor. It may be unstable or indicate significant internal changes. Use caution when updating to versions that include significant changes.
Found 1 instance in 1 package
Shell access
Supply chain riskThis module accesses the system shell. Accessing the system shell increases the risk of executing arbitrary code.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 4 instances in 1 package
AI-detected potential code anomaly
Supply chain riskAI has identified unusual behaviors that may pose a security risk.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
13576
6.78%- Lines of code
207
0.49%- Number of lines in readme file
62
29.17%- Number of low supply chain risk alerts
10
-9.09%- Number of medium supply chain risk alerts
1
-66.67%