Bastien ROUCARIES <roucaries.bast...@gmail.com> writes: > Package: wnpp > Severity: wishlist > Owner: ro...@debian.org > X-Debbugs-CC: debian-de...@lists.debian.org > > * Package name : node-shell-quote > Version : 1.6.1 > Upstream Author : James Halliday <m...@substack.net> (http://substack.net) > * URL : https://github.com/substack/node-shell-quote#readme > * License : Expat > Programming Lang: JavaScript > Description : quote and parse shell commands > > This package parses shell like argument and quotes it if needed. > It supports replacing environment variables by value, and shell operator > (redirection) by equivalent javascript syntax. > . > Node.js is an event-based server-side JavaScript engine.
I note that there are a couple of open issues that seem reasonably serious for a package that appears to be intended for sanitising user input before passing it on to the shell: https://github.com/substack/node-shell-quote/issues/31 https://github.com/substack/node-shell-quote/issues/19 Meanwhile, the project is looking a bit dead, with no commits in the last year. Those bugs, if still present in the code, should be opened against the package in our BTS, with #31 being RC IMO. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
signature.asc
Description: PGP signature