knoxis-helper 1.4.7 → 1.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -193,15 +193,30 @@ function runClaudeTurn(message, isResume) {
|
|
|
193
193
|
args.push('--session-id', SESSION_ID);
|
|
194
194
|
}
|
|
195
195
|
|
|
196
|
-
//
|
|
197
|
-
//
|
|
198
|
-
//
|
|
199
|
-
|
|
200
|
-
|
|
201
|
-
|
|
202
|
-
|
|
203
|
-
|
|
204
|
-
|
|
196
|
+
// Windows: claude is usually claude.cmd (npm shim) or claude.exe.
|
|
197
|
+
// .cmd/.bat shims require going through cmd.exe (Node CVE-2024-27980).
|
|
198
|
+
// We can't just pass `shell: true` with an args array — that triggers
|
|
199
|
+
// DEP0190 in Node 22+ (args get concatenated into the shell command
|
|
200
|
+
// line without escaping). Instead, build the command line ourselves
|
|
201
|
+
// and pass it as a single string. Our args are static flags + a UUID
|
|
202
|
+
// (no whitespace, no quotes) so trivial space-quoting is sufficient.
|
|
203
|
+
let proc;
|
|
204
|
+
if (isWindows) {
|
|
205
|
+
const quote = a => /\s/.test(a) ? `"${a}"` : a;
|
|
206
|
+
const cmdLine = ['claude', ...args].map(quote).join(' ');
|
|
207
|
+
proc = spawn(cmdLine, [], {
|
|
208
|
+
cwd: process.cwd(),
|
|
209
|
+
env: process.env,
|
|
210
|
+
stdio: ['pipe', 'pipe', 'pipe'],
|
|
211
|
+
shell: true
|
|
212
|
+
});
|
|
213
|
+
} else {
|
|
214
|
+
proc = spawn('claude', args, {
|
|
215
|
+
cwd: process.cwd(),
|
|
216
|
+
env: process.env,
|
|
217
|
+
stdio: ['pipe', 'pipe', 'pipe']
|
|
218
|
+
});
|
|
219
|
+
}
|
|
205
220
|
|
|
206
221
|
let stdout = '';
|
|
207
222
|
let stderr = '';
|