Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/nfischer/shelljs-exec-proxy
Unlimited shelljs commands with ES6 proxies
https://github.com/nfischer/shelljs-exec-proxy
es6-proxies shelljs shelljs-plugin
Last synced: 8 days ago
JSON representation
Unlimited shelljs commands with ES6 proxies
- Host: GitHub
- URL: https://github.com/nfischer/shelljs-exec-proxy
- Owner: nfischer
- License: mit
- Created: 2016-06-28T04:03:22.000Z (over 8 years ago)
- Default Branch: main
- Last Pushed: 2024-06-24T00:07:03.000Z (4 months ago)
- Last Synced: 2024-10-14T12:37:41.997Z (20 days ago)
- Topics: es6-proxies, shelljs, shelljs-plugin
- Language: JavaScript
- Size: 106 KB
- Stars: 41
- Watchers: 6
- Forks: 4
- Open Issues: 7
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: .github/SECURITY.md
Awesome Lists containing this project
README
# ShellJS Exec Proxy
[](https://github.com/nfischer/shelljs-exec-proxy/actions/workflows/main.yml)
[](https://codecov.io/gh/nfischer/shelljs-exec-proxy)
[](https://www.npmjs.com/package/shelljs-exec-proxy)
[](https://www.npmjs.com/package/shelljs-exec-proxy)
Unleash the power of unlimited ShellJS commands... *with ES6 Proxies!*
Do you like [ShellJS](https://github.com/shelljs/shelljs), but wish it had your
favorite commands? Skip the weird `exec()` calls by using `shelljs-exec-proxy`:
```javascript
// Our goal: make a commit: `$ git commit -am "I'm updating the \"foo\" module to be more secure"`
// Standard ShellJS requires the exec function, with confusing string escaping:
shell.exec('git commit -am "I\'m updating the \\"foo\\" module to be more secure"');
// Skip the extra string escaping with shelljs-exec-proxy!
shell.git.commit('-am', `I'm updating the "foo" module to be more secure`);
```
## Installation
**Important:** This is only available for Node v6+ (it requires ES6 Proxies!)
```
$ npm install --save shelljs-exec-proxy
```
## Get that JavaScript feeling back in your code
```javascript
const shell = require('shelljs-exec-proxy');
shell.git.status();
shell.git.add('.');
shell.git.commit('-am', 'Fixed issue #1');
shell.git.push('origin', 'main');
```
## Security improvements
Current versions of ShellJS export the `.exec()` method, which if not used
carefully, could introduce command injection Vulnerabilities to your module.
Here's an insecure code snippet:
```javascript
shell.ls('dir/*.txt').forEach(file => {
shell.exec('git add ' + file);
}
```
This leaves you vulnerable to files like:
| Example file name | Unintended behavior |
|------------------ | ------------- |
| `File 1.txt` | This tries to add both `File` and `1.txt`, instead of `File 1.txt` |
| `foo;rm -rf *` | This executes both `git add foo` and `rm -rf *`, unexpectedly deleting your files! |
| `ThisHas"quotes'.txt` | This tries running `git add ThisHas"quotes'.txt`, producing a Bash syntax error |
`shelljs-exec-proxy` solves all these problems:
```javascript
shell.ls('dir/*.txt').forEach(file => {
shell.git.add(file);
}
```
| Example file name | Behavior |
|------------------ | ------------ |
| `File 1.txt` | Arguments are automatically quoted, so spaces aren't an issue |
| `foo;rm -rf *` | Only one command runs at a time (semicolons are treated literally) and wildcards aren't expanded |
| `ThisHas"quotes'.txt` | Quote characters are automatically escaped for you, so there are never any issues |