From f59a114ffe3d1f86ccb2e52a4432292ab76852cc Mon Sep 17 00:00:00 2001 From: nlf Date: Thu, 23 Jun 2022 12:46:21 -0700 Subject: [PATCH] deps: @npmcli/run-script@4.1.3 (#5064) * deps: @npmcli/run-script@4.1.3 --- node_modules/@npmcli/run-script/lib/escape.js | 10 ++- .../@npmcli/run-script/lib/make-spawn-args.js | 70 +++++++++++++++---- node_modules/@npmcli/run-script/package.json | 2 +- package-lock.json | 30 ++++---- package.json | 2 +- test/lib/commands/edit.js | 3 + test/lib/commands/restart.js | 2 +- test/lib/commands/start.js | 2 +- test/lib/commands/stop.js | 2 +- test/lib/commands/test.js | 2 +- workspaces/arborist/package.json | 2 +- workspaces/libnpmexec/package.json | 2 +- workspaces/libnpmexec/test/index.js | 2 +- workspaces/libnpmpack/package.json | 2 +- workspaces/libnpmversion/package.json | 2 +- 15 files changed, 91 insertions(+), 44 deletions(-) diff --git a/node_modules/@npmcli/run-script/lib/escape.js b/node_modules/@npmcli/run-script/lib/escape.js index 29d24a8bc406..5254be24bf7a 100644 --- a/node_modules/@npmcli/run-script/lib/escape.js +++ b/node_modules/@npmcli/run-script/lib/escape.js @@ -2,7 +2,7 @@ // eslint-disable-next-line max-len // this code adapted from: https://blogs.msdn.microsoft.com/twistylittlepassagesallalike/2011/04/23/everyone-quotes-command-line-arguments-the-wrong-way/ -const cmd = (input) => { +const cmd = (input, doubleEscape) => { if (!input.length) { return '""' } @@ -36,8 +36,12 @@ const cmd = (input) => { } // and finally, prefix shell meta chars with a ^ - result = result.replace(/[!^&()<>|"]/g, '^$&') - // except for % which is escaped with another % + result = result.replace(/[ !^&()<>|"]/g, '^$&') + if (doubleEscape) { + result = result.replace(/[ !^&()<>|"]/g, '^$&') + } + + // except for % which is escaped with another %, and only once result = result.replace(/%/g, '%%') return result diff --git a/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/node_modules/@npmcli/run-script/lib/make-spawn-args.js index 6f3aa4c00a14..660588e3ee9a 100644 --- a/node_modules/@npmcli/run-script/lib/make-spawn-args.js +++ b/node_modules/@npmcli/run-script/lib/make-spawn-args.js @@ -3,7 +3,7 @@ const isWindows = require('./is-windows.js') const setPATH = require('./set-path.js') const { chmodSync: chmod, unlinkSync: unlink, writeFileSync: writeFile } = require('fs') const { tmpdir } = require('os') -const { resolve } = require('path') +const { isAbsolute, resolve } = require('path') const which = require('which') const npm_config_node_gyp = require.resolve('node-gyp/bin/node-gyp.js') const escape = require('./escape.js') @@ -20,35 +20,75 @@ const makeSpawnArgs = options => { stdioString = false, } = options + const spawnEnv = setPATH(path, { + // we need to at least save the PATH environment var + ...process.env, + ...env, + npm_package_json: resolve(path, 'package.json'), + npm_lifecycle_event: event, + npm_lifecycle_script: cmd, + npm_config_node_gyp, + }) + let scriptFile let script = '' + const isCmd = /(?:^|\\)cmd(?:\.exe)?$/i.test(scriptShell) if (isCmd) { + let initialCmd = '' + let insideQuotes = false + for (let i = 0; i < cmd.length; ++i) { + const char = cmd.charAt(i) + if (char === ' ' && !insideQuotes) { + break + } + + initialCmd += char + if (char === '"' || char === "'") { + insideQuotes = !insideQuotes + } + } + + let pathToInitial + try { + pathToInitial = which.sync(initialCmd, { + path: spawnEnv.path, + pathext: spawnEnv.pathext, + }).toLowerCase() + } catch (err) { + pathToInitial = initialCmd.toLowerCase() + } + + const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat') + scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.cmd`) script += '@echo off\n' - script += `${cmd} ${args.map((arg) => escape.cmd(arg)).join(' ')}` + script += cmd + if (args.length) { + script += ` ${args.map((arg) => escape.cmd(arg, doubleEscape)).join(' ')}` + } } else { - const shellPath = which.sync(scriptShell) + const shebang = isAbsolute(scriptShell) + ? `#!${scriptShell}` + : `#!/usr/bin/env ${scriptShell}` scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.sh`) - script += `#!${shellPath}\n` - script += `${cmd} ${args.map((arg) => escape.sh(arg)).join(' ')}` + script += `${shebang}\n` + script += cmd + if (args.length) { + script += ` ${args.map((arg) => escape.sh(arg)).join(' ')}` + } } + writeFile(scriptFile, script) if (!isCmd) { chmod(scriptFile, '0775') } - const spawnArgs = isCmd ? ['/d', '/s', '/c', scriptFile] : ['-c', scriptFile] + const spawnArgs = isCmd + ? ['/d', '/s', '/c', escape.cmd(scriptFile)] + : ['-c', escape.sh(scriptFile)] const spawnOpts = { - env: setPATH(path, { - // we need to at least save the PATH environment var - ...process.env, - ...env, - npm_package_json: resolve(path, 'package.json'), - npm_lifecycle_event: event, - npm_lifecycle_script: cmd, - npm_config_node_gyp, - }), + env: spawnEnv, stdioString, stdio, cwd: path, diff --git a/node_modules/@npmcli/run-script/package.json b/node_modules/@npmcli/run-script/package.json index 38c4862e1db2..ef8b43f772de 100644 --- a/node_modules/@npmcli/run-script/package.json +++ b/node_modules/@npmcli/run-script/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/run-script", - "version": "4.1.0", + "version": "4.1.3", "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", "author": "GitHub Inc.", "license": "ISC", diff --git a/package-lock.json b/package-lock.json index a3b317e6cb09..27ddbd185047 100644 --- a/package-lock.json +++ b/package-lock.json @@ -93,7 +93,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1", @@ -1042,9 +1042,9 @@ } }, "node_modules/@npmcli/run-script": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.0.tgz", - "integrity": "sha512-bVX9/2YhQscdlC5WEDQ8HH7bw32klCiAvOSvUHJcmeUTUuaQ7z42KiwmnkXWqhVKKhbWPBp+5H0kN6WDyfknzw==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.3.tgz", + "integrity": "sha512-xb47c2KMkn6ERw2AwPPGKIITbWoXOT1yDV5rU3SYeC1vksYOodbgN0pnOptIVnRgS2e9G8R7BVDVm8lWp92unQ==", "inBundle": true, "dependencies": { "@npmcli/node-gyp": "^2.0.0", @@ -10004,7 +10004,7 @@ "@npmcli/name-from-folder": "^1.0.1", "@npmcli/node-gyp": "^2.0.0", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "bin-links": "^3.0.0", "cacache": "^16.0.6", "common-ancestor-path": "^1.0.1", @@ -10095,7 +10095,7 @@ "dependencies": { "@npmcli/arborist": "^5.0.0", "@npmcli/ci-detect": "^2.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "chalk": "^4.1.0", "mkdirp-infer-owner": "^2.0.0", "npm-package-arg": "^9.0.1", @@ -10170,7 +10170,7 @@ "version": "4.1.1", "license": "ISC", "dependencies": { - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "npm-package-arg": "^9.0.1", "pacote": "^13.6.1" }, @@ -10244,7 +10244,7 @@ "license": "ISC", "dependencies": { "@npmcli/git": "^3.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "json-parse-even-better-errors": "^2.3.1", "proc-log": "^2.0.0", "semver": "^7.3.7" @@ -10725,7 +10725,7 @@ "@npmcli/name-from-folder": "^1.0.1", "@npmcli/node-gyp": "^2.0.0", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "@npmcli/template-oss": "3.5.0", "benchmark": "^2.1.4", "bin-links": "^3.0.0", @@ -10883,9 +10883,9 @@ } }, "@npmcli/run-script": { - "version": "4.1.0", - "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.0.tgz", - "integrity": "sha512-bVX9/2YhQscdlC5WEDQ8HH7bw32klCiAvOSvUHJcmeUTUuaQ7z42KiwmnkXWqhVKKhbWPBp+5H0kN6WDyfknzw==", + "version": "4.1.3", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.3.tgz", + "integrity": "sha512-xb47c2KMkn6ERw2AwPPGKIITbWoXOT1yDV5rU3SYeC1vksYOodbgN0pnOptIVnRgS2e9G8R7BVDVm8lWp92unQ==", "requires": { "@npmcli/node-gyp": "^2.0.0", "@npmcli/promise-spawn": "^3.0.0", @@ -13067,7 +13067,7 @@ "@npmcli/arborist": "^5.0.0", "@npmcli/ci-detect": "^2.0.0", "@npmcli/eslint-config": "^3.0.1", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "@npmcli/template-oss": "3.5.0", "bin-links": "^3.0.0", "chalk": "^4.1.0", @@ -13118,7 +13118,7 @@ "version": "file:workspaces/libnpmpack", "requires": { "@npmcli/eslint-config": "^3.0.1", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "@npmcli/template-oss": "3.5.0", "nock": "^13.0.7", "npm-package-arg": "^9.0.1", @@ -13168,7 +13168,7 @@ "requires": { "@npmcli/eslint-config": "^3.0.1", "@npmcli/git": "^3.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "@npmcli/template-oss": "3.5.0", "json-parse-even-better-errors": "^2.3.1", "proc-log": "^2.0.0", diff --git a/package.json b/package.json index 4a70e6d75ec4..6045f3d6108f 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1", diff --git a/test/lib/commands/edit.js b/test/lib/commands/edit.js index bf7bd3155bd4..b2a10be135ad 100644 --- a/test/lib/commands/edit.js +++ b/test/lib/commands/edit.js @@ -42,6 +42,7 @@ t.test('npm edit', async t => { const [scriptShell] = makeSpawnArgs({ event: 'install', path: npm.prefix, + cmd: 'testinstall', }) spawk.spawn('testeditor', [semverPath]) spawk.spawn( @@ -66,6 +67,7 @@ t.test('rebuild failure', async t => { const [scriptShell] = makeSpawnArgs({ event: 'install', path: npm.prefix, + cmd: 'testinstall', }) spawk.spawn('testeditor', [semverPath]) spawk.spawn( @@ -109,6 +111,7 @@ t.test('npm edit editor has flags', async t => { const [scriptShell] = makeSpawnArgs({ event: 'install', path: npm.prefix, + cmd: 'testinstall', }) spawk.spawn('testeditor', ['--flag', semverPath]) spawk.spawn( diff --git a/test/lib/commands/restart.js b/test/lib/commands/restart.js index 428ecb6b2a70..bfbe715e8c68 100644 --- a/test/lib/commands/restart.js +++ b/test/lib/commands/restart.js @@ -26,7 +26,7 @@ t.test('should run restart script from package.json', async t => { loglevel: 'silent', }, }) - const [scriptShell] = makeSpawnArgs({ path: npm.prefix }) + const [scriptShell] = makeSpawnArgs({ path: npm.prefix, cmd: 'node ./test-restart.js' }) const script = spawk.spawn(scriptShell, (args) => { const lastArg = args[args.length - 1] const rightExtension = lastArg.endsWith('.cmd') || lastArg.endsWith('.sh') diff --git a/test/lib/commands/start.js b/test/lib/commands/start.js index 8f0d3c38b093..79c2133bc69f 100644 --- a/test/lib/commands/start.js +++ b/test/lib/commands/start.js @@ -26,7 +26,7 @@ t.test('should run start script from package.json', async t => { loglevel: 'silent', }, }) - const [scriptShell] = makeSpawnArgs({ path: npm.prefix }) + const [scriptShell] = makeSpawnArgs({ path: npm.prefix, cmd: 'node ./test-start.js' }) const script = spawk.spawn(scriptShell, (args) => { const lastArg = args[args.length - 1] const rightExtension = lastArg.endsWith('.cmd') || lastArg.endsWith('.sh') diff --git a/test/lib/commands/stop.js b/test/lib/commands/stop.js index 234eb2cf4538..1a4abd0b3abd 100644 --- a/test/lib/commands/stop.js +++ b/test/lib/commands/stop.js @@ -26,7 +26,7 @@ t.test('should run stop script from package.json', async t => { loglevel: 'silent', }, }) - const [scriptShell] = makeSpawnArgs({ path: npm.prefix }) + const [scriptShell] = makeSpawnArgs({ path: npm.prefix, cmd: 'node ./test-stop.js' }) const script = spawk.spawn(scriptShell, (args) => { const lastArg = args[args.length - 1] const rightExtension = lastArg.endsWith('.cmd') || lastArg.endsWith('.sh') diff --git a/test/lib/commands/test.js b/test/lib/commands/test.js index ee6dae9024c5..c6d3f530bb69 100644 --- a/test/lib/commands/test.js +++ b/test/lib/commands/test.js @@ -26,7 +26,7 @@ t.test('should run test script from package.json', async t => { loglevel: 'silent', }, }) - const [scriptShell] = makeSpawnArgs({ path: npm.prefix }) + const [scriptShell] = makeSpawnArgs({ path: npm.prefix, cmd: 'node ./test-test.js' }) const script = spawk.spawn(scriptShell, (args) => { const lastArg = args[args.length - 1] const rightExtension = lastArg.endsWith('.cmd') || lastArg.endsWith('.sh') diff --git a/workspaces/arborist/package.json b/workspaces/arborist/package.json index 4a14a11234df..4b3d831f7716 100644 --- a/workspaces/arborist/package.json +++ b/workspaces/arborist/package.json @@ -11,7 +11,7 @@ "@npmcli/name-from-folder": "^1.0.1", "@npmcli/node-gyp": "^2.0.0", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "bin-links": "^3.0.0", "cacache": "^16.0.6", "common-ancestor-path": "^1.0.1", diff --git a/workspaces/libnpmexec/package.json b/workspaces/libnpmexec/package.json index 7efe725d876e..9785d4cdde22 100644 --- a/workspaces/libnpmexec/package.json +++ b/workspaces/libnpmexec/package.json @@ -57,7 +57,7 @@ "dependencies": { "@npmcli/arborist": "^5.0.0", "@npmcli/ci-detect": "^2.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "chalk": "^4.1.0", "mkdirp-infer-owner": "^2.0.0", "npm-package-arg": "^9.0.1", diff --git a/workspaces/libnpmexec/test/index.js b/workspaces/libnpmexec/test/index.js index a64425898db6..d42947e83687 100644 --- a/workspaces/libnpmexec/test/index.js +++ b/workspaces/libnpmexec/test/index.js @@ -372,7 +372,7 @@ t.test('run multiple from registry', async t => { await libexec({ ...baseOpts, packages: ['@ruyadorno/create-test', '@ruyadorno/create-index'], - call: ['create-test && create-index'], + call: 'create-test && create-index', cache, npxCache, path, diff --git a/workspaces/libnpmpack/package.json b/workspaces/libnpmpack/package.json index a17cbd01fac6..c77b60b291ec 100644 --- a/workspaces/libnpmpack/package.json +++ b/workspaces/libnpmpack/package.json @@ -38,7 +38,7 @@ "bugs": "https://github.com/npm/libnpmpack/issues", "homepage": "https://npmjs.com/package/libnpmpack", "dependencies": { - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "npm-package-arg": "^9.0.1", "pacote": "^13.6.1" }, diff --git a/workspaces/libnpmversion/package.json b/workspaces/libnpmversion/package.json index 07d7876f64d6..09c3a9969361 100644 --- a/workspaces/libnpmversion/package.json +++ b/workspaces/libnpmversion/package.json @@ -37,7 +37,7 @@ }, "dependencies": { "@npmcli/git": "^3.0.0", - "@npmcli/run-script": "^4.1.0", + "@npmcli/run-script": "^4.1.3", "json-parse-even-better-errors": "^2.3.1", "proc-log": "^2.0.0", "semver": "^7.3.7"