From 6d446d71314b616a0a7ad2dcc69437b5704edb55 Mon Sep 17 00:00:00 2001 From: Luke Swan Date: Thu, 17 Oct 2024 00:01:28 +0300 Subject: [PATCH] Sanitize spawn calls which contain .cmd for win32 (#1465) --- src/index.ts | 1 + src/package-managers/npm.ts | 4 +++- src/package-managers/pnpm.ts | 9 ++++++--- src/package-managers/yarn.ts | 4 +++- src/types/SpawnOptions.ts | 1 + 5 files changed, 14 insertions(+), 5 deletions(-) diff --git a/src/index.ts b/src/index.ts index bf7a7620..7e2d0a82 100755 --- a/src/index.ts +++ b/src/index.ts @@ -174,6 +174,7 @@ const install = async ( // See: https://github.com/raineorshine/npm-check-updates/issues/1191 ...(packageManager === 'pnpm' ? { npm_config_strict_peer_dependencies: false } : null), }, + shell: process.platform === 'win32', }, ) print(options, stdout) diff --git a/src/package-managers/npm.ts b/src/package-managers/npm.ts index 910775d1..ee0a0079 100644 --- a/src/package-managers/npm.ts +++ b/src/package-managers/npm.ts @@ -609,15 +609,17 @@ export async function defaultPrefix(options: Options): Promise getInstalledPackages if (!options.global) return npm.list(options) + const spawnOptions = {} const cmd = process.platform === 'win32' ? 'pnpm.cmd' : 'pnpm' - const { stdout } = await spawn(cmd, ['ls', '-g', '--json']) + const sanitzedSpawnOptions = process.platform === 'win32' ? { ...spawnOptions, shell: true } : spawnOptions + const { stdout } = await spawn(cmd, ['ls', '-g', '--json'], {}, sanitzedSpawnOptions) const result = JSON.parse(stdout) as PnpmList const list = keyValueBy(result[0].dependencies || {}, (name, { version }) => ({ [name]: version, @@ -91,10 +93,11 @@ export const semver = withNpmWorkspaceConfig(npm.semver) async function spawnPnpm( args: string | string[], npmOptions: NpmOptions = {}, - spawnOptions?: SpawnOptions, + spawnOptions: SpawnOptions = {}, spawnPleaseOptions?: SpawnPleaseOptions, ): Promise { const cmd = process.platform === 'win32' ? 'pnpm.cmd' : 'pnpm' + const sanitzedSpawnOptions = process.platform === 'win32' ? { ...spawnOptions, shell: true } : spawnOptions const fullArgs = [ ...(npmOptions.global ? 'global' : []), @@ -102,7 +105,7 @@ async function spawnPnpm( ...(npmOptions.prefix ? `--prefix=${npmOptions.prefix}` : []), ] - const { stdout } = await spawn(cmd, fullArgs, spawnPleaseOptions, spawnOptions) + const { stdout } = await spawn(cmd, fullArgs, spawnPleaseOptions, sanitzedSpawnOptions) return stdout } diff --git a/src/package-managers/yarn.ts b/src/package-managers/yarn.ts index e27b864d..bb9db2f9 100644 --- a/src/package-managers/yarn.ts +++ b/src/package-managers/yarn.ts @@ -225,10 +225,12 @@ export async function defaultPrefix(options: Options): Promise { if (options.prefix) { return Promise.resolve(options.prefix) } + const spawnOptions = {} const cmd = process.platform === 'win32' ? 'yarn.cmd' : 'yarn' + const sanitizedSpawnOptions = process.platform === 'win32' ? { ...spawnOptions, shell: true } : spawnOptions - const { stdout: prefix } = await spawn(cmd, ['global', 'dir']) + const { stdout: prefix } = await spawn(cmd, ['global', 'dir'], {}, sanitizedSpawnOptions) // yarn 2.0 does not support yarn global // catch error to prevent process from crashing // https://github.com/raineorshine/npm-check-updates/issues/873 diff --git a/src/types/SpawnOptions.ts b/src/types/SpawnOptions.ts index fff99f8c..a47401c0 100644 --- a/src/types/SpawnOptions.ts +++ b/src/types/SpawnOptions.ts @@ -4,4 +4,5 @@ import { Index } from './IndexType' export interface SpawnOptions { cwd?: string env?: Index + shell?: boolean }