{"id":13524569,"url":"https://github.com/piuccio/git-promise","last_synced_at":"2025-10-28T01:48:05.412Z","repository":{"id":16422264,"uuid":"19173476","full_name":"piuccio/git-promise","owner":"piuccio","description":"Simple wrapper to run any git command and process it's output using promises.","archived":false,"fork":false,"pushed_at":"2022-05-26T08:14:26.000Z","size":51,"stargazers_count":98,"open_issues_count":0,"forks_count":7,"subscribers_count":4,"default_branch":"master","last_synced_at":"2025-09-07T03:55:49.873Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/piuccio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-04-26T09:08:16.000Z","updated_at":"2025-01-30T16:52:50.000Z","dependencies_parsed_at":"2022-09-17T00:12:21.249Z","dependency_job_id":null,"html_url":"https://github.com/piuccio/git-promise","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/piuccio/git-promise","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piuccio%2Fgit-promise","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piuccio%2Fgit-promise/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piuccio%2Fgit-promise/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piuccio%2Fgit-promise/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/piuccio","download_url":"https://codeload.github.com/piuccio/git-promise/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/piuccio%2Fgit-promise/sbom","scorecard":{"id":735686,"data":{"date":"2025-08-18","repo":{"name":"github.com/piuccio/git-promise","commit":"195aa982176b7bb3faa8695f91a1f6e0b620ec29"},"scorecard":{"version":"v5.2.1-41-g40576783","commit":"40576783fda6698350fcbbeaea760ff827433034"},"score":3.3,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#dangerous-workflow"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#binary-artifacts"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#pinned-dependencies"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#token-permissions"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#packaging"}},{"name":"Code-Review","score":2,"reason":"Found 4/17 approved changesets -- score normalized to 2","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#maintained"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#security-policy"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#fuzzing"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: MIT License: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#license"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#signed-releases"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#vulnerabilities"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 10 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/40576783fda6698350fcbbeaea760ff827433034/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-22T15:44:12.130Z","repository_id":16422264,"created_at":"2025-08-22T15:44:12.130Z","updated_at":"2025-08-22T15:44:12.130Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":279008139,"owners_count":26084397,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-11T02:00:06.511Z","response_time":55,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-01T06:01:11.325Z","updated_at":"2025-10-14T04:09:15.747Z","avatar_url":"https://github.com/piuccio.png","language":"JavaScript","readme":"# git-promise\r\n\r\nSimple wrapper that allows you to run any `git` command using a more intuitive syntax.\r\n\r\n\u003e **Warning**\r\n\u003e\r\n\u003e Please be cautious and aware of potential command injection vulnerabilities\r\n\u003e that will become an attack vector if user input flows unsanitized and\r\n\u003e uncontrolled into the `git()` function call.\r\n\u003e\r\n\u003e For example:\r\n\u003e ```js\r\n\u003e const git = require(\"git-promise\");\r\n\u003e git(\"fetch origin --upload-pack=touch\t/tmp/abcd\", {cwd: '/tmp/example-git-repo'}).then((output) =\u003e console.log(output))\r\n\u003e ```\r\n\u003e\r\n\u003e or consider the following input\r\n\u003e \r\n\u003e ```js\r\n\u003e const git = require(\"git-promise\");\r\n\u003e git(\"fetch origin --upload-pack=touch${IFS}/tmp/abcd-new\", {cwd: '/tmp/example-git-repo'}).then((output) =\u003e console.log(output))\r\n\u003e ```\r\n\u003e \r\n\u003e both of these serve as an example where user input will result in\r\n\u003e command injection attacks that create a new empty file at `/tmp/abcd` or `/tmp/abcd-new`.\r\n\u003e\r\n\u003e See [original security disclosure report](https://gist.github.com/lirantal/9da1fceb32f5279eb76a5fc1cb9707dd) for further context.\r\n\r\n## Getting Started\r\n\r\n```shell\r\nnpm install git-promise --save\r\n```\r\n\r\nOnce installed, you can use it in your JavaScript files like so:\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\n\r\nconst branch = await git(\"rev-parse --abbrev-ref HEAD\");\r\nconsole.log(branch); // This is your current branch\r\n```\r\n\r\nThe module will handle git exit code automatically, so\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\n\r\ntry {\r\n  await git(\"merge origin/master\");\r\n  // Everything was fine\r\n} catch (err) {\r\n  // Something went bad, maybe merge conflict?\r\n  console.error(err);\r\n}\r\n```\r\n\r\n`err` is an [`Error`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Error) object augmented with `code` property. The following code:\r\n\r\n```js\r\ntry {\r\n  await git('clone http://example.org/notExistingExample.git');\r\n} catch (err) {\r\n  console.log(\"MESSAGE\");\r\n  console.log(err.message);\r\n  console.log(\"ERROR CODE\");\r\n  console.log(err.code);\r\n}\r\n```\r\n\r\nwill log:\r\n\r\n```\r\nMESSAGE\r\nCloning into 'notExistingExample'...\r\nfatal: remote error: Repository does not exist\r\nThe requested repository does not exist, or you do not have permission to\r\naccess it.\r\n}\r\nERROR CODE\r\n128\r\n```\r\n\r\n## Advanced usage\r\n\r\nThe `git` command accepts a second parameter that can be used to parse the output or to deal with non 0 exit code.\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\n\r\nconst branch = await git(\"status -sb\",\r\n  (stdout) =\u003e stdout.match(/## (.*)/)[1]);\r\nconsole.log(branch); // This is your current branch\r\n```\r\n\r\nThe callback accepts 2 parameters, `(stdout, error)`, where `stdout` is the output of the git command and `error` is either `null` or an `Error` in case the git command fails.\r\n\r\nThe return value of this function will be the resolved value of the promise.\r\n\r\nIf the `error` parameter is not specified, it'll be handled automatically and the promise will be rejected in case of non 0 error codes.\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\n\r\ngit(\"merge-base --is-ancestor master HEAD\", function (stdout, error) {\r\n  if (!error) {\r\n    // the branch we are on is fast forward to master\r\n    return true;\r\n  } else if (error.code === 1) {\r\n    // no, it's not\r\n    return false;\r\n  } else {\r\n    // some other error happened\r\n    throw error;\r\n  }\r\n}).then(function (isFastForward) {\r\n  console.log(isFastForward);\r\n}).catch(function (err) {\r\n  // deal with the error\r\n});\r\n```\r\n\r\n### Argument parsing\r\n\r\nVersion 1.0 changes the way the input command is parsed, so instead of executing anything that gets passed as the first parameter, it makes sure that `git` is the only executable used.\r\n\r\n`git(\"status | grep hello\")` won't be executed as a shell command, but everything will be passed as arguments to `git`, likely resulting in an error in this specific case.\r\n\r\nIf your `git` command stops working after upgrading to version 1.0\r\n1. Make sure you're only executing git commands.\r\n1. Try passing an array of arguments instead of a string. For instance: `git([\"merge-base\", \"--is-ancestor\", \"master\", \"HEAD\"]);`.\r\n\r\n### Chaining commands\r\n\r\nImagine to be on a local branch which is not fast forward with master and you want to know which commit were pushed on master after the forking point:\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\n\r\nfunction findForkCommit () {\r\n  return git(\"merge-base master HEAD\", output =\u003e output.trim());\r\n}\r\n\r\nfunction findChanges (forkCommit) {\r\n  return git(\"log \" + forkCommit + \"..master --format=oneline\",\r\n    output =\u003e output.trim().split(\"\\n\"));\r\n}\r\n\r\nconst forkCommit = await findForkCommit();\r\nconst commits = await findChanges(forkCommit);\r\n```\r\n\r\n### Working directory\r\n\r\nBy default all git commands run in the current working directory (i.e. `process.cwd()`).\r\n\r\nYou can use the following syntax to run a git command in different folder\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\n\r\nawait git(\"blame file1.js\", {cwd: \"src/\"});\r\n```\r\n\r\n### Custom git executable\r\n\r\nBy default any command tries to use `git` in `$PATH`, if you have installed `git` in a funky location you can override this value using `gitExec`.\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\n\r\nawait git(\"status\", {gitExec: \"/usr/local/sbin/git\"});\r\n```\r\n\r\n## Utility methods\r\n\r\nThis module comes with some utility methods to parse the output of some git commands\r\n\r\n```js\r\nconst util = require(\"git-promise/util\");\r\n```\r\n\r\n* `util.extractStatus(output [, lineSeparator])`\r\n\r\nParse the output of `git status --porcelain` and returns an object with\r\n\r\n```\r\n{\r\n  branch: \"current branch name, only if git status -b is used\",\r\n  index: {\r\n    modified: [\"list of files modified in the index\"],\r\n    added: [\"list of files added in the index\"],\r\n    deleted: [\"list of files deleted in the index\"],\r\n    renamed: [\"list of files renamed in the index\"],\r\n    copied: [\"list of files copied in the index\"]\r\n  },\r\n  workingTree: {\r\n    modified: [\"list of files modified in the local working tree\"],\r\n    added: [\"list of files added / renamed / copied in the local working tree\"],\r\n    deleted: [\"list of files deleted in the local working tree\"]\r\n  }\r\n}\r\n```\r\n\r\nThe method works both with or without option `-z`.\r\n\r\n* `util.hasConflict(output)`\r\n\r\nTry to determine if there's a merge conflict from the output of `git merge-tree`\r\n\r\n```js\r\nconst git = require(\"git-promise\");\r\nconst util = require(\"git-promise/util\");\r\n\r\ngit(\"merge-tree \u003croot-commit\u003e \u003cbranch1\u003e \u003cbranch2\u003e\").then(function (stdout) {\r\n  console.log(util.hasConflict(stdout));\r\n});\r\n```\r\n\r\n## Release History\r\n\r\n* 1.0.0\r\n  BREAKING CHANGE: The returned value is now a standard JavaScript `Promise`, not anymore a `Q` promise.\r\n  BREAKING CHANGE: Internally the library switches from `shell` to `execFile` to avoid problems with non sanitized input commands.\r\n  BREAKING CHANGE: Callbacks using 2 parameters now receive an error as second parameter instead of an error code.\r\n* 0.3.1 Fix current working directory not switching back when command exits with error\r\n* 0.3.0 Custom git executable with `gitExec` option\r\n* 0.2.0 Change current working directory\r\n* 0.1.0 Just started\r\n","funding_links":[],"categories":["JavaScript","Repository"],"sub_categories":["Git"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiuccio%2Fgit-promise","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpiuccio%2Fgit-promise","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpiuccio%2Fgit-promise/lists"}