Bug#872790: ITP: node-shell-quote -- quote and parse shell commands
On Wed, Aug 23, 2017 at 10:55 AM, Philip Hands <phil@hands.com> wrote:
> Bastien ROUCARIES <roucaries.bastien@gmail.com> writes:
>
>> Package: wnpp
>> Severity: wishlist
>> Owner: rouca@debian.org
>> X-Debbugs-CC: debian-devel@lists.debian.org
>>
>> * Package name : node-shell-quote
>> Version : 1.6.1
>> Upstream Author : James Halliday <mail@substack.net> (http://substack.net)
>> * URL : https://github.com/substack/node-shell-quote#readme
>> * License : Expat
>> Programming Lang: JavaScript
>> Description : quote and parse shell commands
>>
>> This package parses shell like argument and quotes it if needed.
>> It supports replacing environment variables by value, and shell operator
>> (redirection) by equivalent javascript syntax.
>> .
>> Node.js is an event-based server-side JavaScript engine.
>
> I note that there are a couple of open issues that seem reasonably
> serious for a package that appears to be intended for sanitising user
> input before passing it on to the shell:
>
> https://github.com/substack/node-shell-quote/issues/31
> https://github.com/substack/node-shell-quote/issues/19
>
> Meanwhile, the project is looking a bit dead, with no commits in the
> last year.
>
> Those bugs, if still present in the code, should be opened against the
> package in our BTS, with #31 being RC IMO.
For sure but browserify need it... So fill RC bug when land in unstable..
Bastien
>
> Cheers, Phil.
> --
> |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd.
> |-| http://www.hands.com/ http://ftp.uk.debian.org/
> |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
Reply to: