shelljs-exec-proxy v0.2.1

ShellJS Exec Proxy

Unleash the power of unlimited ShellJS commands... with ES6 Proxies!

Do you like ShellJS, but wish it had your favorite commands? Skip the weird exec() calls by using shelljs-exec-proxy:

// Our goal: make a commit: `$ git commit -am "I'm updating the \"foo\" module to be more secure"`
// Standard ShellJS requires the exec function, with confusing string escaping:
shell.exec('git commit -am "I\'m updating the \\"foo\\" module to be more secure"');
// Skip the extra string escaping with shelljs-exec-proxy!
shell.git.commit('-am', `I'm updating the "foo" module to be more secure`);

Installation

Important: This is only available for Node v6+ (it requires ES6 Proxies!)

$ npm install --save shelljs-exec-proxy

Get that JavaScript feeling back in your code

const shell = require('shelljs-exec-proxy');
shell.git.status();
shell.git.add('.');
shell.git.commit('-am', 'Fixed issue #1');
shell.git.push('origin', 'master');

Security improvements

Current versions of ShellJS export the .exec() method, which if not used carefully, could introduce command injection Vulnerabilities to your module. Here's an insecure code snippet:

shell.ls('dir/*.txt').forEach(file => {
  shell.exec('git add ' + file);
}

This leaves you vulnerable to files like:

shelljs-exec-proxy solves all these problems:

shell.ls('dir/*.txt').forEach(file => {
  shell.git.add(file);
}