https://github.com/ericcornelissen/shescape
command-line escape-library security shell shell-injection shell-scripting
Score: 20.375891267281713
Last synced: about 19 hours ago
JSON representation
Repository metadata:
Simple shell escape library for JavaScript
- Host: GitHub
- URL: https://github.com/ericcornelissen/shescape
- Owner: ericcornelissen
- License: mpl-2.0
- Created: 2020-11-02T20:23:47.000Z (over 5 years ago)
- Default Branch: main
- Last Pushed: 2026-05-11T06:16:02.000Z (6 days ago)
- Last Synced: 2026-05-11T20:39:17.151Z (6 days ago)
- Topics: command-line, escape-library, security, shell, shell-injection, shell-scripting
- Language: JavaScript
- Homepage:
- Size: 5.72 MB
- Stars: 8
- Watchers: 1
- Forks: 12
- Open Issues: 21
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
- Security: SECURITY.md
Package metadata
- Total packages: 1
-
Total downloads:
- npm: 80,797 last-month
- Total docker downloads: 24,282,626
- Total dependent packages: 15
- Total dependent repositories: 28
- Total versions: 62
- Total maintainers: 1
- Total advisories: 10
npmjs.org: shescape
simple shell escape library
- Homepage: https://github.com/ericcornelissen/shescape#readme
- Licenses: MPL-2.0
- Latest release: 2.1.12 (published 11 days ago)
- Last Synced: 2026-05-16T04:37:34.600Z (1 day ago)
- Versions: 62
- Dependent Packages: 15
- Dependent Repositories: 28
- Downloads: 80,797 Last month
- Docker Downloads: 24,282,626
-
Rankings:
- Docker downloads count: 0.269%
- Downloads: 0.982%
- Dependent packages count: 1.85%
- Dependent repos count: 2.459%
- Average: 5.056%
- Forks count: 7.528%
- Stargazers count: 17.251%
- Maintainers (1)
-
Advisories:
- Shescape escape() leaves bracket glob expansion active on Bash, BusyBox, and Dash
- Withdrawn Advisory: Shescape has possible misidentification of shell due to link chains
- Shescape has potential environment variable exposure on Windows with CMD
- Shescape on Windows escaping may be bypassed in threaded context
- Shescape potential environment variable exposure on Windows with CMD
- Inefficient Regular Expression Complexity in shescape
- Shescape vulnerable to insufficient escaping of whitespace
- Shescape prior to 1.5.8 vulnerable to insufficient escaping of line feeds for CMD
- Exposure of home directory through shescape on Unix with Bash
- Null characters not escaped
Dependencies
.github/workflows/checks.yml
actions
- actions/cache 6998d139ddd3e68c71e9e398d8e40b71a2f39812 composite
- actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
- actions/download-artifact 9bc31d5ccc31df68ecc42ccf4149144866c47d8a composite
- actions/setup-node 64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c composite
- actions/upload-artifact 0b7f8abb1508181956e8e162db84b466c27e18ce composite
- asdf-vm/actions/install 707e84f3ee349548310aeabdad0dd3bfcb9b69fa composite
- benchmark-action/github-action-benchmark c3efd4d54319dbc90622069cc273cba59b46abbf composite
- codecov/codecov-action d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 composite
- dorny/paths-filter 4512585405083f25c027a35db413c2b3b9006d50 composite
- github/codeql-action/analyze 8775e868027fa230df8586bdf502bbd9b618a477 composite
- github/codeql-action/init 8775e868027fa230df8586bdf502bbd9b618a477 composite
- step-security/harden-runner 18bf8ad2ca49c14cbb28b91346d626ccfb00c518 composite
.github/workflows/nightly.yml
actions
- actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
- asdf-vm/actions/install 707e84f3ee349548310aeabdad0dd3bfcb9b69fa composite
- nick-fields/retry 943e742917ac94714d2f408a0e8320f2d1fcafcd composite
- peter-evans/create-pull-request d7db273d6c7206ba99224e659c982ae34a1025e3 composite
- step-security/harden-runner 18bf8ad2ca49c14cbb28b91346d626ccfb00c518 composite
- tibdex/github-app-token b62528385c34dbc9f38e5f4225ac829252d1ea92 composite
.github/workflows/publish.yml
actions
- actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
- actions/github-script 98814c53be79b1d30f795b907e553d8679345975 composite
- actions/setup-node 64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c composite
- ncipollo/release-action a2e71bdd4e7dab70ca26a852f29600c98b33153e composite
- step-security/harden-runner 18bf8ad2ca49c14cbb28b91346d626ccfb00c518 composite
.github/workflows/release.yml
actions
- actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
- actions/setup-node 64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c composite
- peter-evans/create-pull-request d7db273d6c7206ba99224e659c982ae34a1025e3 composite
- step-security/harden-runner 18bf8ad2ca49c14cbb28b91346d626ccfb00c518 composite
- tibdex/github-app-token b62528385c34dbc9f38e5f4225ac829252d1ea92 composite
.github/workflows/reusable-fuzz.yml
actions
- actions/cache 6998d139ddd3e68c71e9e398d8e40b71a2f39812 composite
- actions/checkout ac593985615ec2ede58e132d2e21d2b1cbd6127c composite
- actions/github-script 98814c53be79b1d30f795b907e553d8679345975 composite
- actions/setup-node 64ed1c7eab4cce3362f8c340dee64e5eaeef8f7c composite
- actions/upload-artifact 0b7f8abb1508181956e8e162db84b466c27e18ce composite
- step-security/harden-runner 18bf8ad2ca49c14cbb28b91346d626ccfb00c518 composite
package-lock.json
npm
- 804 dependencies
package.json
npm
- @ericcornelissen/eslint-plugin-top 0.3.0 development
- @fast-check/ava 1.1.2 development
- @stryker-mutator/core 6.3.1 development
- ava 5.1.1 development
- benchmark 2.1.4 development
- c8 7.12.0 development
- depcheck 1.4.3 development
- dotenv 16.0.1 development
- eslint 8.33.0 development
- eslint-plugin-ava 14.0.0 development
- eslint-plugin-jsdoc 40.0.0 development
- eslint-plugin-json 3.1.0 development
- eslint-plugin-regexp 1.12.0 development
- eslint-plugin-yml 1.3.0 development
- fast-check 3.6.3 development
- husky 8.0.3 development
- is-ci 3.0.1 development
- jsfuzz 1.0.15 development
- licensee 10.0.0 development
- markdownlint-cli 0.33.0 development
- mocha 9.2.2 development
- prettier 2.8.4 development
- publint 0.1.9 development
- rollup 3.15.0 development
- sinon 15.0.1 development
- unimported 1.23.0 development
- which ^2.0.0
.github/workflows/audit-dev.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- actions/setup-node 5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d composite
- step-security/harden-runner 8ca2b8b2ece13480cda6dacd3511b49857a23c09 composite
.github/workflows/audit-release.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- actions/setup-node 5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d composite
- step-security/harden-runner 8ca2b8b2ece13480cda6dacd3511b49857a23c09 composite
.github/workflows/config-codecov.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- ericcornelissen/codecov-config-validator-action bbb3f8ef45de6f6ce57ea8d566940bdd78b4814a composite
- step-security/harden-runner 8ca2b8b2ece13480cda6dacd3511b49857a23c09 composite
.github/workflows/config-npm.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- actions/setup-node 5e21ff4d9bc1a8cf6de233a3057d20ec6b3fb69d composite
- step-security/harden-runner 8ca2b8b2ece13480cda6dacd3511b49857a23c09 composite
.github/workflows/fuzz-bash.yml
actions
.github/workflows/fuzz-cmd.yml
actions
.github/workflows/fuzz-csh.yml
actions
.github/workflows/fuzz-dash.yml
actions
.github/workflows/fuzz-no-shell.yml
actions
.github/workflows/fuzz-powershell.yml
actions
.github/workflows/fuzz-zsh.yml
actions
.github/workflows/labeler.yml
actions
- actions/labeler 9fcb2c2f5584144ca754f8bfe8c6f81e77753375 composite
- step-security/harden-runner 8ca2b8b2ece13480cda6dacd3511b49857a23c09 composite
.github/workflows/secrets.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- gitleaks/gitleaks-action 1f2d10fb689bc07a5f56f48d6db61f5bbbe772fa composite
- step-security/harden-runner 8ca2b8b2ece13480cda6dacd3511b49857a23c09 composite
.github/workflows/semgrep.yml
actions
- actions/checkout 3df4ab11eba7bda6032a0b82a6bb43b11571feac composite
- github/codeql-action/upload-sarif 6a28655e3dcb49cb0840ea372fd6d17733edd8a4 composite