Comments (4)
I think the switch to fast-glob was more straightforward than expected. I wrote up #1153 to do this.
Unfortunately we currently expose globOptions
as part of our public API. I think deprecating this is the best path forward (I don't think anyone uses this API), however if there's a need for this then we may be able to manually convert node-glob
parameters into the corresponding fast-glob
parameters. https://www.npmjs.com/package/fast-glob#compatible-with-node-glob has a nice conversion table.
from shelljs.
I understand that this package is a transitive dependency, but do you know if the inflight
vulnerability actually be exploited in glob
? Snyk has a bad habit of flagging any "vulnerability" as something which needs fixing, without consideration of whether the warning actually applies to the downstream projects.
Unfortunately, glob@9 is not compatible with node v8, which is compatibility ShellJS still supports. Fixing this is not a trivial package upgrade.
from shelljs.
#828 might be a possible path forward. I originally filed that ticket because fast-glob seemed to have nice perf wins, but switching to that would also mean we can avoid this dependency. I think it's mostly a drop-in replacement, but I see a few behavior differences around symlinks (both broken and non-broken). The behavior differences are clear since several tests are broken.
If someone wants to start a PR to move to fast-glob, let me know. I'm happy to review and provide guidance on the path forward.
from shelljs.
I don't know that the vulnerability is exploitable in glob
(probably not), but I also don't know that it isn't.
I was hoping this would be a straight forward fix, I'm sorry to hear it isn't.
I'll keep an eye on #828
Thanks for your quick response.
from shelljs.
Related Issues (20)
- The cd command can report an incorrect error when executing in a worker HOT 2
- shelljs.exec( `date "+%y%m%d.%H%M" ` ) just hangs
- Sudo requesting while using a npm for a GUI
- the code on [npm.js ](https://www.npmjs.com/package/shelljs) is not up-to-date(Compare with [github] HOT 1
- npm WARN EBADENGINE Unsupported engine HOT 5
- Sdtout is empty if using another shell
- Using exec does not terminate the command process HOT 1
- Codecov broken on CI
- Shell.exec() freezes HOT 6
- Feature request (cp): -v flag for verbose output HOT 3
- Feature request (true, false) HOT 1
- test-with-coverage is broken on node v16 HOT 1
- `cd.js` swallows the initial error HOT 1
- "TypeError: common.register is not a function" under node v20.6.0 HOT 13
- GitHub actions dropping support for node < 16
- Exec failure on Node 21 HOT 1
- In mv command, there should be en error if destination directory not present. HOT 1
- shell.exec(`mv a/m.js b/`) cannot return error stdout HOT 2
- Latest shelljs type definitions have errors HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from shelljs.