@snyk/snyk-cocoapods-plugin
Version:
Snyk CLI CocoaPods plugin
51 lines • 2.28 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.execute = execute;
const childProcess = require("child_process");
const stateless_1 = require("shescape/stateless");
const os = require("node:os");
function execute(command, args = [], options) {
const spawnOptions = { shell: false };
if (options && options.cwd) {
spawnOptions.cwd = options.cwd;
}
if (args) {
// Best practices, also security-wise, is to not invoke processes in a shell, but as a stand-alone command.
// However, on Windows, we need to invoke the command in a shell, due to internal NodeJS problems with this approach
// see: https://nodejs.org/docs/latest-v24.x/api/child_process.html#spawning-bat-and-cmd-files-on-windows
const isWinLocal = /^win/.test(os.platform());
if (isWinLocal) {
spawnOptions.shell = true;
// Further, we distinguish between quoting and escaping arguments since quoteAll does not support quoting without
// supplying a shell, but escapeAll does.
// See this (very long) discussion for more details: https://github.com/ericcornelissen/shescape/issues/2009
args = (0, stateless_1.quoteAll)(args, Object.assign(Object.assign({}, spawnOptions), { flagProtection: false }));
}
else {
args = (0, stateless_1.escapeAll)(args, Object.assign(Object.assign({}, spawnOptions), { flagProtection: false }));
}
}
return new Promise((resolve, reject) => {
let stdout = '';
let stderr = '';
const proc = childProcess.spawn(command, args, spawnOptions);
proc.stdout.on('data', (data) => {
stdout = stdout + data;
});
proc.stderr.on('data', (data) => {
stderr = stderr + data;
});
// Handle spawn errors (e.g., ENOENT when command doesn't exist)
proc.on('error', (error) => {
stderr = error.message;
reject({ stdout, stderr });
});
proc.on('close', (code) => {
if (code !== 0) {
return reject(new Error(stdout || stderr));
}
resolve(stdout || stderr);
});
});
}
//# sourceMappingURL=sub-process.js.map