edsger 0.27.7 → 0.27.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/dist/workspace/workspace-manager.js +8 -4
  2. package/package.json +1 -1
package/dist/workspace/workspace-manager.js CHANGED
@@ -9,7 +9,7 @@
9
9
  */
10
10
  import { existsSync, mkdirSync } from 'fs';
11
11
  import { join, basename } from 'path';
12
- import { execSync } from 'child_process';
12
+ import { execSync, execFileSync } from 'child_process';
13
13
  import { logInfo, logSuccess, logWarning, logError } from '../utils/logger.js';
14
14
  const WORKSPACE_DIR_NAME = 'edsger';
15
15
  /**
@@ -71,7 +71,7 @@ export function cloneFeatureRepo(workspaceRoot, featureId, owner, repo, token) {
71
71
  const repoUrl = `https://github.com/${owner}/${repo}.git`;
72
72
  // Configure git to use token via credential helper (avoids token in URL / process list)
73
73
  const credentialHelper = `!f() { echo "username=x-access-token"; echo "password=${token}"; }; f`;
74
- const gitCredentialArgs = ['-c', `credential.helper=${credentialHelper}`];
74
+ const gitCredentialArg = `credential.helper=${credentialHelper}`;
75
75
  // Check if already cloned
76
76
  if (existsSync(join(repoPath, '.git'))) {
77
77
  logInfo(`Reusing existing repo for feature ${featureId}`);
@@ -86,8 +86,9 @@ export function cloneFeatureRepo(workspaceRoot, featureId, owner, repo, token) {
86
86
  logWarning('Could not update remote URL');
87
87
  }
88
88
  // Fetch latest changes using credential helper
89
+ // Use execFileSync to avoid shell interpretation of credential helper metacharacters
89
90
  try {
90
- execSync(`git ${gitCredentialArgs.join(' ')} fetch origin`, {
91
+ execFileSync('git', ['-c', gitCredentialArg, 'fetch', 'origin'], {
91
92
  cwd: repoPath,
92
93
  stdio: 'pipe',
93
94
  });
@@ -100,8 +101,11 @@ export function cloneFeatureRepo(workspaceRoot, featureId, owner, repo, token) {
100
101
  }
101
102
  // Clone fresh using credential helper
102
103
  logInfo(`Cloning ${owner}/${repo} for feature ${featureId}...`);
104
+ // Use execFileSync to avoid shell interpretation of credential helper metacharacters
103
105
  try {
104
- execSync(`git ${gitCredentialArgs.join(' ')} clone "${repoUrl}" "${repoPath}"`, { stdio: 'pipe' });
106
+ execFileSync('git', ['-c', gitCredentialArg, 'clone', repoUrl, repoPath], {
107
+ stdio: 'pipe',
108
+ });
105
109
  logSuccess(`Cloned ${owner}/${repo} to ${repoPath}`);
106
110
  return { repoPath, freshClone: true };
107
111
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "edsger",
3
- "version": "0.27.7",
3
+ "version": "0.27.8",
4
4
  "type": "module",
5
5
  "bin": {
6
6
  "edsger": "dist/index.js"