On Wed, Aug 23, 2017 at 10:55 AM, Philip Hands <p...@hands.com> wrote: > Bastien ROUCARIES <roucaries.bast...@gmail.com> writes: > >> Package: wnpp >> Severity: wishlist >> Owner: ro...@debian.org >> X-Debbugs-CC: debian-de...@lists.debian.org >> >> * Package name : node-shell-quote >> Version : 1.6.1 >> Upstream Author : James Halliday <m...@substack.net> (http://substack.net) >> * URL : https://github.com/substack/node-shell-quote#readme >> * License : Expat >> Programming Lang: JavaScript >> Description : quote and parse shell commands >> >> This package parses shell like argument and quotes it if needed. >> It supports replacing environment variables by value, and shell operator >> (redirection) by equivalent javascript syntax. >> . >> Node.js is an event-based server-side JavaScript engine. > > I note that there are a couple of open issues that seem reasonably > serious for a package that appears to be intended for sanitising user > input before passing it on to the shell: > > https://github.com/substack/node-shell-quote/issues/31 > https://github.com/substack/node-shell-quote/issues/19 > > Meanwhile, the project is looking a bit dead, with no commits in the > last year. > > Those bugs, if still present in the code, should be opened against the > package in our BTS, with #31 being RC IMO.
For sure but browserify need it... So fill RC bug when land in unstable.. Bastien > > Cheers, Phil. > -- > |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. > |-| http://www.hands.com/ http://ftp.uk.debian.org/ > |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY