diff --git a/node_modules/@npmcli/run-script/lib/escape.js b/node_modules/@npmcli/run-script/lib/escape.js index 5254be24bf7ab..3c574371bcf94 100644 --- a/node_modules/@npmcli/run-script/lib/escape.js +++ b/node_modules/@npmcli/run-script/lib/escape.js @@ -65,7 +65,13 @@ const sh = (input) => { return result } +// disabling the no-control-regex rule for this line as we very specifically _do_ want to +// replace those characters if they somehow exist at this point, which is highly unlikely +// eslint-disable-next-line no-control-regex +const filename = (input) => input.replace(/[<>:"/\\|?*\x00-\x31]/g, '') + module.exports = { cmd, sh, + filename, } diff --git a/node_modules/@npmcli/run-script/lib/make-spawn-args.js b/node_modules/@npmcli/run-script/lib/make-spawn-args.js index 660588e3ee9aa..47f73463011be 100644 --- a/node_modules/@npmcli/run-script/lib/make-spawn-args.js +++ b/node_modules/@npmcli/run-script/lib/make-spawn-args.js @@ -30,6 +30,7 @@ const makeSpawnArgs = options => { npm_config_node_gyp, }) + const fileName = escape.filename(`${event}-${Date.now()}`) let scriptFile let script = '' @@ -61,7 +62,7 @@ const makeSpawnArgs = options => { const doubleEscape = pathToInitial.endsWith('.cmd') || pathToInitial.endsWith('.bat') - scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.cmd`) + scriptFile = resolve(tmpdir(), `${fileName}.cmd`) script += '@echo off\n' script += cmd if (args.length) { @@ -71,7 +72,7 @@ const makeSpawnArgs = options => { const shebang = isAbsolute(scriptShell) ? `#!${scriptShell}` : `#!/usr/bin/env ${scriptShell}` - scriptFile = resolve(tmpdir(), `${event}-${Date.now()}.sh`) + scriptFile = resolve(tmpdir(), `${fileName}.sh`) script += `${shebang}\n` script += cmd if (args.length) { diff --git a/node_modules/@npmcli/run-script/package.json b/node_modules/@npmcli/run-script/package.json index ef8b43f772de1..1ce162dd8d19a 100644 --- a/node_modules/@npmcli/run-script/package.json +++ b/node_modules/@npmcli/run-script/package.json @@ -1,6 +1,6 @@ { "name": "@npmcli/run-script", - "version": "4.1.3", + "version": "4.1.5", "description": "Run a lifecycle script for a package (descendant of npm-lifecycle)", "author": "GitHub Inc.", "license": "ISC", @@ -17,10 +17,6 @@ "posttest": "npm run lint", "template-oss-apply": "template-oss-apply --force" }, - "tap": { - "check-coverage": true, - "coverage-map": "map.js" - }, "devDependencies": { "@npmcli/eslint-config": "^3.0.1", "@npmcli/template-oss": "3.5.0", @@ -32,7 +28,8 @@ "@npmcli/node-gyp": "^2.0.0", "@npmcli/promise-spawn": "^3.0.0", "node-gyp": "^9.0.0", - "read-package-json-fast": "^2.0.3" + "read-package-json-fast": "^2.0.3", + "which": "^2.0.2" }, "files": [ "bin/", diff --git a/package-lock.json b/package-lock.json index 54416be8b80a3..74a8b1609f069 100644 --- a/package-lock.json +++ b/package-lock.json @@ -93,7 +93,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.3", + "@npmcli/run-script": "^4.1.5", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1", @@ -1042,15 +1042,16 @@ } }, "node_modules/@npmcli/run-script": { - "version": "4.1.3", - "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.3.tgz", - "integrity": "sha512-xb47c2KMkn6ERw2AwPPGKIITbWoXOT1yDV5rU3SYeC1vksYOodbgN0pnOptIVnRgS2e9G8R7BVDVm8lWp92unQ==", + "version": "4.1.5", + "resolved": "https://registry.npmjs.org/@npmcli/run-script/-/run-script-4.1.5.tgz", + "integrity": "sha512-FyrZkZ+O0bCnQqm+mRb6sKbEJgyJudInwFN84gCcMUcxrWkR15Ags1uOHwnxHYdpj3T5eqrCZNW/Ys20MGTQ6Q==", "inBundle": true, "dependencies": { "@npmcli/node-gyp": "^2.0.0", "@npmcli/promise-spawn": "^3.0.0", "node-gyp": "^9.0.0", - "read-package-json-fast": "^2.0.3" + "read-package-json-fast": "^2.0.3", + "which": "^2.0.2" }, "engines": { "node": "^12.13.0 || ^14.15.0 || >=16.0.0" diff --git a/package.json b/package.json index a9d84ab62ce15..9f60de828c6e3 100644 --- a/package.json +++ b/package.json @@ -62,7 +62,7 @@ "@npmcli/fs": "^2.1.0", "@npmcli/map-workspaces": "^2.0.3", "@npmcli/package-json": "^2.0.0", - "@npmcli/run-script": "^4.1.3", + "@npmcli/run-script": "^4.1.5", "abbrev": "~1.1.1", "archy": "~1.0.0", "cacache": "^16.1.1",