Skip to content

Commit

Permalink
Sanitize spawn calls which contain .cmd for win32 (#1465)
Browse files Browse the repository at this point in the history
  • Loading branch information
Promytheos authored Oct 16, 2024
1 parent 3f5f58a commit 6d446d7
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 5 deletions.
1 change: 1 addition & 0 deletions src/index.ts
Original file line number Diff line number Diff line change
Expand Up @@ -174,6 +174,7 @@ const install = async (
// See: https://github.com/raineorshine/npm-check-updates/issues/1191
...(packageManager === 'pnpm' ? { npm_config_strict_peer_dependencies: false } : null),
},
shell: process.platform === 'win32',
},
)
print(options, stdout)
Expand Down
4 changes: 3 additions & 1 deletion src/package-managers/npm.ts
Original file line number Diff line number Diff line change
Expand Up @@ -609,15 +609,17 @@ export async function defaultPrefix(options: Options): Promise<string | undefine
if (options.prefix) {
return Promise.resolve(options.prefix)
}
const spawnOptions = {}

const cmd = process.platform === 'win32' ? 'npm.cmd' : 'npm'
const sanitizedSpawnOptions = process.platform === 'win32' ? { ...spawnOptions, shell: true } : spawnOptions

let prefix: string | undefined

// catch spawn error which can occur on Windows
// https://github.com/raineorshine/npm-check-updates/issues/703
try {
const { stdout } = await spawn(cmd, ['config', 'get', 'prefix'])
const { stdout } = await spawn(cmd, ['config', 'get', 'prefix'], {}, sanitizedSpawnOptions)
prefix = stdout
} catch (e: any) {
const message = (e.message || e || '').toString()
Expand Down
9 changes: 6 additions & 3 deletions src/package-managers/pnpm.ts
Original file line number Diff line number Diff line change
Expand Up @@ -56,9 +56,11 @@ export const list = async (options: Options = {}): Promise<Index<string | undefi
// use npm for local ls for completeness
// this should never happen since list is only called in runGlobal -> getInstalledPackages
if (!options.global) return npm.list(options)
const spawnOptions = {}

const cmd = process.platform === 'win32' ? 'pnpm.cmd' : 'pnpm'
const { stdout } = await spawn(cmd, ['ls', '-g', '--json'])
const sanitzedSpawnOptions = process.platform === 'win32' ? { ...spawnOptions, shell: true } : spawnOptions
const { stdout } = await spawn(cmd, ['ls', '-g', '--json'], {}, sanitzedSpawnOptions)
const result = JSON.parse(stdout) as PnpmList
const list = keyValueBy(result[0].dependencies || {}, (name, { version }) => ({
[name]: version,
Expand Down Expand Up @@ -91,18 +93,19 @@ export const semver = withNpmWorkspaceConfig(npm.semver)
async function spawnPnpm(
args: string | string[],
npmOptions: NpmOptions = {},
spawnOptions?: SpawnOptions,
spawnOptions: SpawnOptions = {},
spawnPleaseOptions?: SpawnPleaseOptions,
): Promise<string> {
const cmd = process.platform === 'win32' ? 'pnpm.cmd' : 'pnpm'
const sanitzedSpawnOptions = process.platform === 'win32' ? { ...spawnOptions, shell: true } : spawnOptions

const fullArgs = [
...(npmOptions.global ? 'global' : []),
...(Array.isArray(args) ? args : [args]),
...(npmOptions.prefix ? `--prefix=${npmOptions.prefix}` : []),
]

const { stdout } = await spawn(cmd, fullArgs, spawnPleaseOptions, spawnOptions)
const { stdout } = await spawn(cmd, fullArgs, spawnPleaseOptions, sanitzedSpawnOptions)

return stdout
}
Expand Down
4 changes: 3 additions & 1 deletion src/package-managers/yarn.ts
Original file line number Diff line number Diff line change
Expand Up @@ -225,10 +225,12 @@ export async function defaultPrefix(options: Options): Promise<string | null> {
if (options.prefix) {
return Promise.resolve(options.prefix)
}
const spawnOptions = {}

const cmd = process.platform === 'win32' ? 'yarn.cmd' : 'yarn'
const sanitizedSpawnOptions = process.platform === 'win32' ? { ...spawnOptions, shell: true } : spawnOptions

const { stdout: prefix } = await spawn(cmd, ['global', 'dir'])
const { stdout: prefix } = await spawn(cmd, ['global', 'dir'], {}, sanitizedSpawnOptions)
// yarn 2.0 does not support yarn global
// catch error to prevent process from crashing
// https://github.com/raineorshine/npm-check-updates/issues/873
Expand Down
1 change: 1 addition & 0 deletions src/types/SpawnOptions.ts
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ import { Index } from './IndexType'
export interface SpawnOptions {
cwd?: string
env?: Index<string>
shell?: boolean
}

0 comments on commit 6d446d7

Please sign in to comment.