[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#872790: ITP: node-shell-quote -- quote and parse shell commands

On Wed, Aug 23, 2017 at 10:55 AM, Philip Hands <phil@hands.com> wrote:
> Bastien ROUCARIES <roucaries.bastien@gmail.com> writes:
>
>> Package: wnpp
>> Severity: wishlist
>> Owner: rouca@debian.org
>> X-Debbugs-CC: debian-devel@lists.debian.org
>>
>> * Package name    : node-shell-quote
>>   Version         : 1.6.1
>>   Upstream Author : James Halliday <mail@substack.net> (http://substack.net)
>> * URL             : https://github.com/substack/node-shell-quote#readme
>> * License         : Expat
>>   Programming Lang: JavaScript
>>   Description     : quote and parse shell commands
>>
>>  This package parses shell like argument and quotes it if needed.
>>  It supports replacing environment variables by value, and shell operator
>>  (redirection) by equivalent javascript syntax.
>>  .
>>  Node.js is an event-based server-side JavaScript engine.
>
> I note that there are a couple of open issues that seem reasonably
> serious for a package that appears to be intended for sanitising user
> input before passing it on to the shell:
>
>   https://github.com/substack/node-shell-quote/issues/31
>   https://github.com/substack/node-shell-quote/issues/19
>
> Meanwhile, the project is looking a bit dead, with no commits in the
> last year.
>
> Those bugs, if still present in the code, should be opened against the
> package in our BTS, with #31 being RC IMO.

For sure but browserify need it... So fill RC bug when land in unstable..

Bastien

>
> Cheers, Phil.
> --
> |)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
> |-|  http://www.hands.com/    http://ftp.uk.debian.org/
> |(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY
Reply to: