Unable to run globally installed node modules via this module #7
Comments
|
Hi @tejashah88, can you provide a small example of some code that has this issue? Thanks. |
const shell = require('shelljs-exec-proxy');
shell.npm.install(); // throws an error hereThis happens for pretty much any npm command, or as said before, any globally installed node modules. |
|
I tried the same code, I have no problem. Which OS? Are you changing your prefix ( Double-quoting should not be a problem on unix. Double quoting essentially just means "interpret this literally, don't try any aliases, don't glob expand, don't expand things that look like variables." I'm also pretty sure double-quoting is OK on Windows: we rely on this for |
|
I am on windows, which might be why it's causing the problem. Running The error message indicates that it's trying to access the global module as if it was installed as a local dependency.
Sure enough, if I install npm locally (via |
|
@tejashah88 what's your PATH variable? Does it include the location of where you globally installed I think we use the same mechanism to find the locally-installed |
|
Yes, it does include the location of where npm was globally installed. |
|
My windows machine isn't set up for development currently. @tejashah88 could you perhaps help debugging this? What is the output of running If you feel up for it, could you send a pull request which adds a test to execute a globally installed command? If you can repro with a builtin command, that would be great. |
|
So I ran the test scripts and interestingly, 5 tests failed, including all 3 that test for security. Note that proxy
√ appropriately handles inspect() and valueOf()
√ returns appropriate keys
√ does not override existing commands
√ does not mess up non-command properties
√ does not allow overriding reserved attributes
√ does not allow deleting reserved attributes
√ doesn't claim to have properties that don't exist in target
√ allows adding new attributes
commands
- runs tr
√ runs whoami (1265ms)
skipping test
√ runs wc
skipping test
√ runs du
skipping test
√ runs rmdir
skipping test
√ runs true
skipping test
√ runs printf
√ runs garbage commands (621ms)
1) handles ShellStrings as arguments
subcommands
√ can use subcommands (673ms)
√ can use subcommands with options (638ms)
2) runs very long subcommand chains
security
3) handles unsafe filenames
4) avoids globs
5) escapes quotes
17 passing (9s)
1 pending
5 failing
1) proxy commands handles ShellStrings as arguments:
AssertionError: expected true to be false
+ expected - actual
-true
+false
at Assertion.fail (C:\<root-dir>\node_modules\should\cjs\should.js:326:17)
at Assertion.value (C:\<root-dir>\node_modules\should\cjs\should.js:398:19)
at Context.it (C:\<root-dir>\test\test.js:196:40)
at callFnAsync (C:\<root-dir>\node_modules\mocha\lib\runnable.js:349:8)
at Test.Runnable.run (C:\<root-dir>\node_modules\mocha\lib\runnable.js:301:7)
at Runner.runTest (C:\<root-dir>\node_modules\mocha\lib\runner.js:422:10)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:528:12
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:342:14)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:352:7
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:284:14)
at Immediate.<anonymous> (C:\<root-dir>\node_modules\mocha\lib\runner.js:320:5)
2) proxy subcommands runs very long subcommand chains:
AssertionError: expected '' to be 'one two three four five six seven\n'
+ expected - actual
+one two three four five six seven
at Assertion.fail (C:\<root-dir>\node_modules\should\cjs\should.js:326:17)
at Assertion.value (C:\<root-dir>\node_modules\should\cjs\should.js:398:19)
at Context.it (C:\<root-dir>\test\test.js:223:25)
at callFnAsync (C:\<root-dir>\node_modules\mocha\lib\runnable.js:349:8)
at Test.Runnable.run (C:\<root-dir>\node_modules\mocha\lib\runnable.js:301:7)
at Runner.runTest (C:\<root-dir>\node_modules\mocha\lib\runner.js:422:10)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:528:12
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:342:14)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:352:7
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:284:14)
at Immediate.<anonymous> (C:\<root-dir>\node_modules\mocha\lib\runner.js:320:5)
3) proxy security handles unsafe filenames:
AssertionError: expected true to be false
+ expected - actual
-true
+false
at Assertion.fail (C:\<root-dir>\node_modules\should\cjs\should.js:326:17)
at Assertion.value (C:\<root-dir>\node_modules\should\cjs\should.js:398:19)
at Context.it (C:\<root-dir>\test\test.js:240:35)
at callFnAsync (C:\<root-dir>\node_modules\mocha\lib\runnable.js:349:8)
at Test.Runnable.run (C:\<root-dir>\node_modules\mocha\lib\runnable.js:301:7)
at Runner.runTest (C:\<root-dir>\node_modules\mocha\lib\runner.js:422:10)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:528:12
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:342:14)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:352:7
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:284:14)
at Immediate.<anonymous> (C:\<root-dir>\node_modules\mocha\lib\runner.js:320:5)
4) proxy security avoids globs:
AssertionError: expected 'hello world\r\n' to be 'hello world\n'
+ expected - actual
-hello world
+hello world
at Assertion.fail (C:\<root-dir>\node_modules\should\cjs\should.js:326:17)
at Assertion.value (C:\<root-dir>\node_modules\should\cjs\should.js:398:19)
at Context.it (C:\<root-dir>\test\test.js:257:39)
at callFnAsync (C:\<root-dir>\node_modules\mocha\lib\runnable.js:349:8)
at Test.Runnable.run (C:\<root-dir>\node_modules\mocha\lib\runnable.js:301:7)
at Runner.runTest (C:\<root-dir>\node_modules\mocha\lib\runner.js:422:10)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:528:12
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:342:14)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:352:7
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:284:14)
at Immediate.<anonymous> (C:\<root-dir>\node_modules\mocha\lib\runner.js:320:5)
5) proxy security escapes quotes:
AssertionError: expected false to be true
+ expected - actual
-false
+true
at Assertion.fail (C:\<root-dir>\node_modules\should\cjs\should.js:326:17)
at Assertion.value (C:\<root-dir>\node_modules\should\cjs\should.js:398:19)
at Context.it (C:\<root-dir>\test\test.js:267:36)
at callFnAsync (C:\<root-dir>\node_modules\mocha\lib\runnable.js:349:8)
at Test.Runnable.run (C:\<root-dir>\node_modules\mocha\lib\runnable.js:301:7)
at Runner.runTest (C:\<root-dir>\node_modules\mocha\lib\runner.js:422:10)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:528:12
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:342:14)
at C:\<root-dir>\node_modules\mocha\lib\runner.js:352:7
at next (C:\<root-dir>\node_modules\mocha\lib\runner.js:284:14)
at Immediate.<anonymous> (C:\<root-dir>\node_modules\mocha\lib\runner.js:320:5)
---------------------|----------|----------|----------|----------|----------------|
File | % Stmts | % Branch | % Funcs | % Lines |Uncovered Lines |
---------------------|----------|----------|----------|----------|----------------|
shelljs-exec-proxy\ | 100 | 100 | 100 | 100 | |
common.js | 100 | 100 | 100 | 100 | |
index.js | 100 | 100 | 100 | 100 | |
---------------------|----------|----------|----------|----------|----------------|
All files | 100 | 100 | 100 | 100 | |
---------------------|----------|----------|----------|----------|----------------|
npm ERR! Test failed. See above for more details. |
|
I am busy for now, but eventually, I'd love to submit a PR for testing this peculiarity. |
|
@tejashah88 thanks for the info! Some of the tests look to have simple errors (one fails because Windows uses a different newline). I'll fix that test, look at the others, and try to set up appveyor to run CI on windows. |
This is one PR in a series to test and ensure Windows compatibility. Issue #7
This is one PR in a series to test and ensure Windows compatibility. Issue #7
This fixes some tests on Windows, some of which I actually broke in a previous PR. This focuses on newlines: we need `\n` when comparing against JavaScript strings, but `os.EOL` when comparing something from the file system or the system's stdio. Issue #7
Windows doesn't support having quotes inside a filename, so we need to skip this test. Issue #7
This fixes some tests on Windows, some of which I actually broke in a previous PR. This focuses on newlines: we need `\n` when comparing against JavaScript strings, but `os.EOL` when comparing something from the file system or the system's stdio. Issue #7
Windows doesn't support having quotes inside a filename, so we need to skip this test. Issue #7
This adds `shx` as a devdependency to test executing commands across multiple platforms. This also passes --noglob to avoid glob expansion from the shelljs within shx, so that we can accurately test if we avoid the glob expansion introduced from running shell.exec(). Issue #7
|
Btw the tests should all pass (or will skip gracefully) on Windows now. |
|
Hey, thank you for working hard on this. Although I can't test if the original issue was fixed as I've switched Linux, I'll try it out on a virtual machine when I get some free time. |
I'm not sure if this is a bug or intentional, but I've noticed that adding double quotes around any globally installed node modules (e.g. "npm") causes node to try and access it from your working directory. This actually causes this module to break since all the arguments are quoted. I tested this with the latest LTS release of node, which as of now is v8.10.0. It would be nice if there was either an alternate way to run these modules with this exec proxy or make a quick patch to allow this functionality with a small sacrifice to security.
The text was updated successfully, but these errors were encountered: