npm - just-bash - Versions diffs - 2.12.8 → 2.13.1 - Mend

just-bash 2.12.8 → 2.13.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (163) hide show

package/dist/bin/chunks/python3-PF7AHNQM.js ADDED Viewed

@@ -0,0 +1,12 @@
+#!/usr/bin/env node
+import{a as M,b as D}from"./chunk-TKTKRRAL.js";import"./chunk-4OALHZXB.js";import"./chunk-MY5PY2PL.js";import"./chunk-LIYVQA3X.js";import{a as C,b as v}from"./chunk-OOJCYVYF.js";import{a as b}from"./chunk-4PRVMER6.js";import{c as h}from"./chunk-MO4RPBN2.js";import{b as k}from"./chunk-YU6OGPZR.js";import{a as c}from"./chunk-SYG3IW7P.js";import{a as T,b as P}from"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";import{randomBytes as F}from"node:crypto";import{fileURLToPath as W}from"node:url";import{Worker as $}from"node:worker_threads";var Q=1e4,R=6e4,U={name:"python3",summary:"Execute Python code via CPython Emscripten",usage:"python3 [OPTIONS] [-c CODE | -m MODULE | FILE] [ARGS...]",description:["Execute Python code using CPython compiled to WebAssembly via Emscripten.","","This command runs Python in an isolated environment with access to","the virtual filesystem. Standard library modules are available."],options:["-c CODE     Execute CODE as Python script","-m MODULE   Run library module as a script","--version   Show Python version","--help      Show this help"],examples:['python3 -c "print(1 + 2)"','python3 -c "import sys; print(sys.version)"',"python3 script.py","python3 script.py arg1 arg2",`echo 'print("hello")' | python3`],notes:["CPython runs in WebAssembly, so execution may be slower than native Python.","Standard library modules are available (no pip install).","Maximum execution time is 30 seconds by default."]};function I(r){let e={code:null,module:null,scriptFile:null,showVersion:!1,scriptArgs:[]};if(r.length===0)return e;let t=r.findIndex(o=>!o.startsWith("-")||o==="-"||o==="--");for(let o=0;o<(t===-1?r.length:t);o++){let s=r[o];if(s==="-c")return o+1>=r.length?{stdout:"",stderr:`python3: option requires an argument -- 'c'
+`,exitCode:2}:(e.code=r[o+1],e.scriptArgs=r.slice(o+2),e);if(s==="-m")return o+1>=r.length?{stdout:"",stderr:`python3: option requires an argument -- 'm'
+`,exitCode:2}:(e.module=r[o+1],e.scriptArgs=r.slice(o+2),e);if(s==="--version"||s==="-V")return e.showVersion=!0,e;if(s.startsWith("-")&&s!=="-")return{stdout:"",stderr:`python3: unrecognized option '${s}'
+`,exitCode:2}}if(t!==-1){let o=r[t];o==="--"?t+1<r.length&&(e.scriptFile=r[t+1],e.scriptArgs=r.slice(t+2)):(e.scriptFile=o,e.scriptArgs=r.slice(t+1))}return e}var w=new WeakMap;function L(r){let e=w.get(r);return e||(e={executionQueue:[],isExecuting:!1},w.set(r,e)),e}function oe(){w=new WeakMap}var H=W(new URL("./worker.js",import.meta.url));function N(){return F(16).toString("hex")}function z(r,e){if(!r||typeof r!="object")return{success:!1,error:"Malformed worker response"};let t=r;return typeof t.protocolToken!="string"||t.protocolToken!==e?{success:!1,error:"Malformed worker response: invalid protocol token"}:t.type==="security-violation"?{success:!1,error:`Security violation: ${typeof t.violation?.type=="string"?t.violation.type:"unknown"}`}:typeof t.success!="boolean"?{success:!1,error:"Malformed worker response: missing success flag"}:t.success?{success:!0}:{success:!1,error:typeof t.error=="string"&&t.error.length>0?t.error:"Worker execution failed"}}function a(r){if(r.isExecuting||r.executionQueue.length===0)return;for(;r.executionQueue.length>0&&r.executionQueue[0].canceled;)r.executionQueue.shift();if(r.executionQueue.length===0)return;let e=r.executionQueue.shift();if(!e)return;r.isExecuting=!0;let t;try{t=k.runTrusted(()=>new $(H,{workerData:e.input}))}catch(n){let i=n instanceof Error?n.message:String(n);e.resolve({success:!1,error:c(i)}),r.isExecuting=!1,a(r);return}e.workerRef&&(e.workerRef.current=t);let o=h(e.requireDefenseContext,"python3","worker message callback",n=>{e.resolve(z(n,e.input.protocolToken)),r.isExecuting=!1,t.terminate(),a(r)}),s=h(e.requireDefenseContext,"python3","worker error callback",n=>{e.resolve({success:!1,error:c(n.message)}),r.isExecuting=!1,a(r)}),p=h(e.requireDefenseContext,"python3","worker exit callback",()=>{r.isExecuting&&(e.resolve({success:!1,error:"Worker exited unexpectedly"}),r.isExecuting=!1,a(r))}),f=n=>{try{o(n)}catch(i){let m=i instanceof Error?i.message:String(i);e.resolve({success:!1,error:c(m)}),r.isExecuting=!1,t.terminate(),a(r)}},l=n=>{try{s(n)}catch(i){let m=i instanceof Error?i.message:String(i);e.resolve({success:!1,error:c(m)}),r.isExecuting=!1,a(r)}},y=()=>{try{p()}catch(n){let i=n instanceof Error?n.message:String(n);e.resolve({success:!1,error:c(i)}),r.isExecuting=!1,a(r)}};t.on("message",f),t.on("error",l),t.on("exit",y)}async function B(r,e,t,o=[]){let s=M(),p=new D(s,e.fs,e.cwd,"python3",e.fetch,e.limits?.maxOutputSize??0),f=e.limits?.maxPythonTimeoutMs??Q,l=e.fetch?Math.max(f,R):f,y=L(e.fs),n={protocolToken:N(),sharedBuffer:s,pythonCode:r,cwd:e.cwd,env:b(e.env),args:o,scriptPath:t,timeoutMs:l},i={current:null},m=new Promise(u=>{let E={input:n,resolve:()=>{},workerRef:i,requireDefenseContext:e.requireDefenseContext},_=h(e.requireDefenseContext,"python3","worker timeout callback",()=>{i.current?i.current.terminate():E.canceled=!0,u({success:!1,error:`Execution timeout: exceeded ${l}ms limit`})}),O=C(()=>{try{_()}catch(d){let A=d instanceof Error?d.message:String(d);u({success:!1,error:c(A)})}},l);E.resolve=d=>{v(O),u(d)},y.executionQueue.push(E),a(y)}),[g,x]=await Promise.all([p.run(l).catch(u=>({stdout:"",stderr:`python3: bridge error: ${c(u.message)}
+`,exitCode:1})),m.catch(u=>({success:!1,error:c(u.message)}))]);if(!x.success&&x.error){let u=c(x.error);return{stdout:g.stdout,stderr:`${g.stderr}python3: ${u}
+`,exitCode:g.exitCode||1}}return g}var V={name:"python3",async execute(r,e){if(P(r))return T(U);let t=I(r);if("exitCode"in t)return t;if(t.showVersion)return{stdout:`Python 3.13.2 (Emscripten)
+`,stderr:"",exitCode:0};let o,s;if(t.code!==null)o=t.code,s="-c";else if(t.module!==null){if(!/^[a-zA-Z_][a-zA-Z0-9_.]*$/.test(t.module))return{stdout:"",stderr:`python3: No module named '${t.module.slice(0,200)}'
+`,exitCode:1};o=`import runpy; runpy.run_module('${t.module}', run_name='__main__')`,s=t.module}else if(t.scriptFile!==null){let p=e.fs.resolvePath(e.cwd,t.scriptFile);if(!await e.fs.exists(p))return{stdout:"",stderr:`python3: can't open file '${t.scriptFile}': [Errno 2] No such file or directory
+`,exitCode:2};try{o=await e.fs.readFile(p),s=t.scriptFile}catch(f){let l=c(f.message);return{stdout:"",stderr:`python3: can't open file '${t.scriptFile}': ${l}
+`,exitCode:2}}}else if(e.stdin.trim())o=e.stdin,s="<stdin>";else return{stdout:"",stderr:`python3: no input provided (use -c CODE, -m MODULE, or provide a script file)
+`,exitCode:2};return B(o,e,s,t.scriptArgs)}},se={name:"python",async execute(r,e){return V.execute(r,e)}};export{oe as _resetExecutionQueue,V as python3Command,se as pythonCommand};

package/dist/bin/chunks/rg-C6KMBFNG.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ import{a,b}from"./chunk-HJEHIH4P.js";import"./chunk-V7ZOPVQS.js";import"./chunk-4OALHZXB.js";import"./chunk-G43H2WGH.js";import"./chunk-SE4C7FJY.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as rgCommand};

package/dist/bin/chunks/time-DDS6JJ23.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ import{a,b}from"./chunk-FBJJY4ZV.js";import"./chunk-4OALHZXB.js";import"./chunk-LIYVQA3X.js";import"./chunk-4PRVMER6.js";import"./chunk-SYG3IW7P.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as timeCommand};

package/dist/bin/chunks/{timeout-JJWIFL7W.js → timeout-Z24MNWOP.js} RENAMED Viewed

@@ -1,2 +1,2 @@
 #!/usr/bin/env node
-import{a,b}from"./chunk-CZFRRDQC.js";import"./chunk-YTIURC67.js";import"./chunk-4OALHZXB.js";import"./chunk-OOJCYVYF.js";import"./chunk-YU6OGPZR.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as timeoutCommand};
+import{a,b}from"./chunk-DOXYBGNA.js";import"./chunk-YTIURC67.js";import"./chunk-4OALHZXB.js";import"./chunk-OOJCYVYF.js";import"./chunk-YU6OGPZR.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as timeoutCommand};

package/dist/bin/chunks/worker.js CHANGED Viewed

@@ -647,7 +647,6 @@ var WorkerDefenseInDepth = class {
    * Create a blocking proxy for a function.
    * In worker context, always blocks (no context check needed).
    */
-  // @banned-pattern-ignore: intentional use of Function type for security proxy
   createBlockingProxy(original, path, violationType) {
     const self = this;
     const auditMode = this.config.auditMode;
@@ -673,7 +672,7 @@ var WorkerDefenseInDepth = class {
   /**
    * Create a blocking proxy for an object (blocks all property access).
    */
-  createBlockingObjectProxy(original, path, violationType) {
+  createBlockingObjectProxy(original, path, violationType, allowedKeys) {
     const self = this;
     const auditMode = this.config.auditMode;
     return new this.originalProxy(original, {
@@ -681,6 +680,9 @@ var WorkerDefenseInDepth = class {
         if (self.inTrap) {
           return Reflect.get(target, prop, receiver);
         }
+        if (allowedKeys && typeof prop === "string" && allowedKeys.has(prop)) {
+          return Reflect.get(target, prop, receiver);
+        }
         self.inTrap = true;
         try {
           const fullPath = `${path}.${String(prop)}`;
@@ -1477,7 +1479,8 @@ var WorkerDefenseInDepth = class {
         ) : this.createBlockingObjectProxy(
           original,
           path,
-          violationType
+          violationType,
+          blocked.allowedKeys
         );
         Object.defineProperty(target, prop, {
           value: proxy,
@@ -1527,8 +1530,9 @@ function wrapWasmCallback(component, phase, callback) {
 var _SharedArrayBuffer = globalThis.SharedArrayBuffer;
 var _Atomics = globalThis.Atomics;
 var _performanceNow = performance.now.bind(performance);
+var _Headers = globalThis.Headers;
-// src/commands/python3/protocol.ts
+// src/commands/worker-bridge/protocol.ts
 var OpCode = {
   NOOP: 0,
   READ_FILE: 1,
@@ -1544,12 +1548,16 @@ var OpCode = {
   LSTAT: 11,
   CHMOD: 12,
   REALPATH: 13,
-  // Special operations for Python I/O
+  RENAME: 14,
+  COPY_FILE: 15,
+  // Special operations for I/O
   WRITE_STDOUT: 100,
   WRITE_STDERR: 101,
   EXIT: 102,
   // HTTP operations
-  HTTP_REQUEST: 200
+  HTTP_REQUEST: 200,
+  // Sub-shell execution
+  EXEC_COMMAND: 300
 };
 var Status = {
   PENDING: 0,
@@ -1586,8 +1594,10 @@ var Offset = {
 var Size = {
   CONTROL_REGION: 32,
   PATH_BUFFER: 4096,
+  // 1MB limit applies to all FS read/write operations through the bridge.
+  // Files larger than this will be truncated. This is tight — consider
+  // increasing if real workloads hit the cap. Reduced from 16MB for faster tests.
   DATA_BUFFER: 1048576,
-  // 1MB (reduced from 16MB for faster tests)
   TOTAL: 1052704
   // 32 + 4096 + 1MB
 };
@@ -1828,11 +1838,13 @@ var ProtocolBuffer = class {
   }
 };
-// src/commands/python3/sync-fs-backend.ts
-var SyncFsBackend = class {
+// src/commands/worker-bridge/sync-backend.ts
+var SyncBackend = class {
   protocol;
-  constructor(sharedBuffer) {
+  operationTimeoutMs;
+  constructor(sharedBuffer, operationTimeoutMs = 3e4) {
     this.protocol = new ProtocolBuffer(sharedBuffer);
+    this.operationTimeoutMs = operationTimeoutMs;
   }
   execSync(opCode, path, data, flags = 0, mode = 0) {
     this.protocol.reset();
@@ -1845,7 +1857,7 @@ var SyncFsBackend = class {
     }
     this.protocol.setStatus(Status.READY);
     this.protocol.notify();
-    const waitResult = this.protocol.waitForResult(5e3);
+    const waitResult = this.protocol.waitForResult(this.operationTimeoutMs);
     if (waitResult === "timed-out") {
       return { success: false, error: "Operation timed out" };
     }
@@ -1948,6 +1960,20 @@ var SyncFsBackend = class {
     }
     return this.protocol.getResultAsString();
   }
+  rename(oldPath, newPath) {
+    const newPathData = new TextEncoder().encode(newPath);
+    const result = this.execSync(OpCode.RENAME, oldPath, newPathData);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to rename");
+    }
+  }
+  copyFile(src, dest) {
+    const destData = new TextEncoder().encode(dest);
+    const result = this.execSync(OpCode.COPY_FILE, src, destData);
+    if (!result.success) {
+      throw new Error(result.error || "Failed to copyFile");
+    }
+  }
   writeStdout(data) {
     const encoded = new TextEncoder().encode(data);
     const result = this.execSync(OpCode.WRITE_STDOUT, "", encoded);
@@ -1978,6 +2004,32 @@ var SyncFsBackend = class {
     const responseJson = new TextDecoder().decode(result.result);
     return JSON.parse(responseJson);
   }
+  /**
+   * Execute a shell command through the main thread's exec function.
+   * Returns the result as { stdout, stderr, exitCode }.
+   */
+  execCommand(command, stdin) {
+    const requestData = stdin ? new TextEncoder().encode(JSON.stringify({ stdin })) : void 0;
+    const result = this.execSync(OpCode.EXEC_COMMAND, command, requestData);
+    if (!result.success) {
+      throw new Error(result.error || "Command execution failed");
+    }
+    const responseJson = new TextDecoder().decode(result.result);
+    return JSON.parse(responseJson);
+  }
+  /**
+   * Execute a shell command with structured args (shell-escaped on the main thread).
+   * Prevents command injection from unsanitized args.
+   */
+  execCommandArgs(command, args) {
+    const requestData = new TextEncoder().encode(JSON.stringify({ args }));
+    const result = this.execSync(OpCode.EXEC_COMMAND, command, requestData);
+    if (!result.success) {
+      throw new Error(result.error || "Command execution failed");
+    }
+    const responseJson = new TextDecoder().decode(result.result);
+    return JSON.parse(responseJson);
+  }
 };
 // src/commands/python3/worker.ts
@@ -2060,27 +2112,30 @@ var cpythonDir = dirname(cpythonEntryPath);
 var stdlibZipPath = `${cpythonDir}/python313.zip`;
 assertApprovedPath(stdlibZipPath, "cpython-stdlib");
 function createHOSTFS(backend, FS, PATH) {
-  const ERRNO_CODES = {
-    EPERM: 63,
-    ENOENT: 44,
-    EIO: 29,
-    EBADF: 8,
-    EAGAIN: 6,
-    EACCES: 2,
-    EBUSY: 10,
-    EEXIST: 20,
-    ENOTDIR: 54,
-    EISDIR: 31,
-    EINVAL: 28,
-    EMFILE: 33,
-    ENOSPC: 51,
-    ESPIPE: 70,
-    EROFS: 69,
-    ENOTEMPTY: 55,
-    ENOSYS: 52,
-    ENOTSUP: 138,
-    ENODATA: 42
-  };
+  const ERRNO_CODES = Object.assign(
+    /* @__PURE__ */ Object.create(null),
+    {
+      EPERM: 63,
+      ENOENT: 44,
+      EIO: 29,
+      EBADF: 8,
+      EAGAIN: 6,
+      EACCES: 2,
+      EBUSY: 10,
+      EEXIST: 20,
+      ENOTDIR: 54,
+      EISDIR: 31,
+      EINVAL: 28,
+      EMFILE: 33,
+      ENOSPC: 51,
+      ESPIPE: 70,
+      EROFS: 69,
+      ENOTEMPTY: 55,
+      ENOSYS: 52,
+      ENOTSUP: 138,
+      ENODATA: 42
+    }
+  );
   function realPath(node) {
     const parts = [];
     while (node.parent !== node) {
@@ -2864,7 +2919,7 @@ async function runPython(input) {
       error: "Defense-in-depth module-loader guard failed to initialize; refusing to execute Python worker"
     };
   }
-  const backend = new SyncFsBackend(input.sharedBuffer);
+  const backend = new SyncBackend(input.sharedBuffer, input.timeoutMs);
   assertApprovedPath(cpythonEntryPath, "cpython-entry");
   const createPythonModule = require2(cpythonEntryPath);
   let moduleReady = false;

package/dist/bin/chunks/{xan-M6MLWZCU.js → xan-MOZFJGMY.js} RENAMED Viewed

@@ -1,2 +1,2 @@
 #!/usr/bin/env node
-import{a,b}from"./chunk-2V53PP6G.js";import"./chunk-GZHFXDDO.js";import"./chunk-QSDVMMYI.js";import"./chunk-ZYQQ6B7B.js";import"./chunk-ZJGIBTWD.js";import"./chunk-4PRVMER6.js";import"./chunk-MO4RPBN2.js";import"./chunk-YU6OGPZR.js";import"./chunk-SE4C7FJY.js";import"./chunk-5WFYIUU2.js";import"./chunk-6KZRLMG3.js";import"./chunk-OBH7XN5N.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as xanCommand};
+import{a,b}from"./chunk-B3RU2PUI.js";import"./chunk-GZHFXDDO.js";import"./chunk-QSDVMMYI.js";import"./chunk-ZO5PSLKR.js";import"./chunk-V7ZOPVQS.js";import"./chunk-4PRVMER6.js";import"./chunk-MO4RPBN2.js";import"./chunk-YU6OGPZR.js";import"./chunk-SE4C7FJY.js";import"./chunk-5WFYIUU2.js";import"./chunk-6KZRLMG3.js";import"./chunk-OBH7XN5N.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as xanCommand};

package/dist/bin/chunks/xargs-SCYIFXOW.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ #!/usr/bin/env node
2	+ import{a,b}from"./chunk-CQG2HEAL.js";import"./chunk-4OALHZXB.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as xargsCommand};

package/dist/bin/chunks/{yq-YWUQUXJJ.js → yq-JJLSDDST.js} RENAMED Viewed

@@ -1,2 +1,2 @@
 #!/usr/bin/env node
-import{a,b}from"./chunk-UG4GMDQL.js";import"./chunk-QSDVMMYI.js";import"./chunk-ZYQQ6B7B.js";import"./chunk-ZJGIBTWD.js";import"./chunk-4PRVMER6.js";import"./chunk-MO4RPBN2.js";import"./chunk-YU6OGPZR.js";import"./chunk-SE4C7FJY.js";import"./chunk-6KZRLMG3.js";import"./chunk-SYG3IW7P.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as yqCommand};
+import{a,b}from"./chunk-LGF54XJQ.js";import"./chunk-QSDVMMYI.js";import"./chunk-ZO5PSLKR.js";import"./chunk-V7ZOPVQS.js";import"./chunk-4PRVMER6.js";import"./chunk-MO4RPBN2.js";import"./chunk-YU6OGPZR.js";import"./chunk-SE4C7FJY.js";import"./chunk-6KZRLMG3.js";import"./chunk-SYG3IW7P.js";import"./chunk-GTNBSMZR.js";import"./chunk-KGOUQS5A.js";export{b as flagsForFuzzing,a as yqCommand};