Gathering detailed insights and metrics for exec-sh
Gathering detailed insights and metrics for exec-sh
Installations
npm install exec-shScore
98.7
Supply Chain
99
Quality
76
Maintenance
100
Vulnerability
100
License
Releases
4
Contributors
5
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4){kind=avatar}
Developer
Developer Guide
BETA
Module System
CommonJS
Min. Node Version
Typescript Support
Yes
Node Version
15.10.0
NPM Version
7.5.3
Statistics
63 Stars
75 Commits
10 Forks
3 Watching
1 Branches
5 Contributors
Updated on 14 May 2024
Languages
JavaScript (96.09%)
TypeScript (3.91%)
Total Downloads
Cumulative downloads
Total Downloads
2,467,611,242
Last day
-10.3%
1,430,105
Compared to previous day
Last week
2.7%
9,260,817
Compared to previous week
Last month
59.9%
32,444,221
Compared to previous month
Last year
-31.5%
285,822,471
Compared to previous year
Daily Downloads
Weekly Downloads
Monthly Downloads
Yearly Downloads
Dev Dependencies
9
Versions
exec-sh
Execute shell command forwarding all stdio streams.
Features
exec-sh is a wrapper for child_process.spawn with some improvements:
- Cross platform command execution:
- Windows:
cmd /C COMMAND - others:
sh -c COMMAND
- Windows:
- Forwards all stdio streams to current terminal (by default):
execSh("bash")execsh("echo -n Say: && read i && echo Said:$i")
- stdout and stderr are passed to callback when available
execSh("pwd", console.log)
Showcase
1// JavaScript 2 3execSh("echo hello exec-sh && bash", { cwd: "/home" }, function(err){ 4 if (err) { 5 console.log("Exit code: ", err.code); 6 } 7});
1# Terminal output: interactive bash session 2 3hello exec-sh 4bash-3.2$ pwd 5/home 6bash-3.2$ exit 99 7exit 8Exit code: 99
Usage
1const execSh = require("../"); 2 3// run interactive bash shell 4execSh("echo lorem && bash", { cwd: "/home" }, (err) => { 5 if (err) { 6 console.log("Exit code: ", err.code); 7 return; 8 } 9 10 // collect streams output 11 const child = execSh(["bash -c id", "echo lorem >&2"], true, 12 (err, stdout, stderr) => { 13 console.log("error: ", err); 14 console.log("stdout: ", stdout); 15 console.log("stderr: ", stderr); 16 }); 17});
Promise Interface
1const execShPromise = require("exec-sh").promise; 2 3// run interactive bash shell 4const run = async () => { 5 let out; 6 7 try { 8 out = await execShPromise('pwd', true); 9 } catch (e) { 10 console.log('Error: ', e); 11 console.log('Stderr: ', e.stderr); 12 console.log('Stdout: ', e.stdout); 13 14 return e; 15 } 16 17 console.log('out: ', out.stdout, out.stderr); 18} 19 20run();
Public API
execSh(command, [options], [callback])
Execute shell command forwarding all stdio.
Parameters:
command {String|Array}- The command to run, or array of commands[options] {Object|TRUE}- Options object passed directly tochild_process.spawn, whenTRUEthen{ stdio: null }used[callback] {Function}-callback(err, stdout, stderr)err {Error|NULL}- Error object. Hascodeproperty containing last command exit code when availablestdout {String|NULL}- aggregated stdout orNULLif not availablestderr {String|NULL}- aggregated stderr orNULLif not available
Return Values:
Returns ChildProcess object.
Scripts
npm test- run testsnpm run jsdoc- build jsdocnpm run dev- run tests continuously
License
The MIT License (MIT)
No vulnerabilities found.
Reason
no binaries found in the repo
Reason
no dangerous workflow patterns detected
Reason
license file detected
Details
- Info: project has a license file: LICENSE:0
- Info: FSF or OSI recognized license: MIT License: LICENSE:0
Reason
3 existing vulnerabilities detected
Details
- Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg
- Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275
- Warn: Project is vulnerable to: GHSA-9wv6-86v2-598j
Reason
dependency not pinned by hash detected -- score normalized to 2
Details
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:31: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:33: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:44: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:45: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:58: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:16: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/node.js.yml:18: update your workflow using https://app.stepsecurity.io/secureworkflow/tsertkov/exec-sh/node.js.yml/master?enable=pin
- Info: 0 out of 8 GitHub-owned GitHubAction dependencies pinned
- Info: 2 out of 2 npmCommand dependencies pinned
Reason
0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0
Reason
Found 2/29 approved changesets -- score normalized to 0
Reason
detected GitHub workflow tokens with excessive permissions
Details
- Warn: no topLevel permission defined: .github/workflows/node.js.yml:1
- Info: no jobLevel write permissions found
Reason
no effort to earn an OpenSSF best practices badge detected
Reason
security policy file not detected
Details
- Warn: no security policy file detected
- Warn: no security file to analyze
- Warn: no security file to analyze
- Warn: no security file to analyze
Reason
project is not fuzzed
Details
- Warn: no fuzzer integrations found
Reason
SAST tool is not run on all commits -- score normalized to 0
Details
- Warn: 0 commits out of 9 are checked with a SAST tool
Score
3.6
/10
Last Scanned on 2024-11-18
The Open Source Security Foundation is a cross-industry collaboration to improve the security of open source software (OSS). The Scorecard provides security health metrics for open source projects.
Learn More