hjdave/everything-claude-code-zh
1
0
Fork 0
mirror of https://github.com/sweetwisdom/everything-claude-code-zh.git synced 2026-03-21 22:10:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: security and documentation fixes

Browse Source 
- fix(utils.js): prevent command injection in commandExists() by using
  spawnSync instead of execSync with string interpolation, and validate
  input to only allow alphanumeric chars, dash, underscore, dot (#42)

- fix(utils.js): add security documentation to runCommand() warning
  against passing user-controlled input

- fix(setup-package-manager.js): replace <script> and <binary> with
  [script-name] and [binary-name] to avoid XSS scanner false positives (#43)

- fix(doc-updater.md): replace invalid 'npx ts-morph' with correct
  'npx tsx scripts/codemaps/generate.ts' since ts-morph is a library,
  not a CLI tool (#51)

Fixes #42, #43, #51
This commit is contained in:
Affaan Mustafa
2026-01-24 01:36:02 -08:00
parent a7bc5f2a90
commit 660e0d3bad
3 changed files with 22 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/setup-package-manager.js
View File

@@ -89,8 +89,8 @@ function detectAndShow() {
console.log('');
console.log('Commands:');
console.log(` Install: ${pm.config.installCmd}`);
console.log(` Run script: ${pm.config.runCmd} <script>`);
console.log(` Execute binary: ${pm.config.execCmd} <binary>`);
console.log(` Run script: ${pm.config.runCmd} [script-name]`);
console.log(` Execute binary: ${pm.config.execCmd} [binary-name]`);
console.log('');
}