termbeam 1.8.0 → 1.9.0

package/README.md

@@ -8,14 +8,13 @@
 [![npm downloads](https://img.shields.io/npm/dm/termbeam.svg)](https://www.npmjs.com/package/termbeam)
 [![CI](https://github.com/dorlugasigal/TermBeam/actions/workflows/ci.yml/badge.svg)](https://github.com/dorlugasigal/TermBeam/actions/workflows/ci.yml)
 [![Coverage](https://img.shields.io/endpoint?url=https://raw.githubusercontent.com/dorlugasigal/TermBeam/coverage-data/endpoint.json)](https://github.com/dorlugasigal/TermBeam/actions/workflows/ci.yml)
+[![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/dorlugasigal/TermBeam/badge)](https://securityscorecards.dev/viewer/?uri=github.com/dorlugasigal/TermBeam)
 [![Node.js](https://img.shields.io/node/v/termbeam.svg)](https://nodejs.org/)
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](https://opensource.org/licenses/MIT)
 
 </div>
 
-TermBeam lets you access your terminal from a phone, tablet, or any browser — no SSH, no port forwarding, no config files. Run one command and scan the QR code.
-
-I built this because I kept needing to run quick commands on my dev machine while away from my desk, and SSH on a phone is painful. TermBeam gives you a real terminal with a touch-optimized UI — key bar, swipe scroll, pinch zoom — that actually works on small screens. You get multi-session tabs with split view, terminal search, a command palette, 12 themes, and secure remote access out of the box.
+TermBeam lets you access your terminal from a phone, tablet, or any browser — no SSH, no port forwarding, no configuration needed. Run one command and scan the QR code.
 
 [Full documentation](https://dorlugasigal.github.io/TermBeam/) · [Website](https://termbeam.pages.dev)
 
@@ -46,90 +45,79 @@ termbeam
 
 Scan the QR code printed in your terminal, or open the URL on any device.
 
-> **First time?** Run `termbeam -i` for a guided setup wizard that walks you through password, port, and access mode.
-
-### Secure by default
-
-TermBeam starts with a tunnel and auto-generated password out of the box — just run `termbeam` and scan the QR code.
-
 ```bash
 termbeam                        # tunnel + auto-password (default)
-termbeam --password mysecret    # use a specific password
-termbeam --no-tunnel            # LAN-only (no tunnel)
-termbeam --no-password          # disable password protection
+termbeam --password mysecret    # custom password
+termbeam --no-tunnel            # LAN only
 termbeam -i                     # interactive setup wizard
 ```
 
-## Remote Access
+## Features
 
-```bash
-# Tunnel is on by default
-termbeam
+### Mobile-First
 
-# Persisted tunnel (stable URL you can bookmark, reused across restarts, 30-day expiry)
-termbeam --persisted-tunnel
+- **No SSH client needed** — just open a browser on any device
+- **Touch-optimized key bar** with arrows, Tab, Ctrl, Esc, copy, paste, and more
+- **Swipe scrolling**, pinch zoom, and text selection overlay for copy-paste
+- **iPhone PWA safe-area support** for a native-app feel
 
-# LAN-only (no tunnel)
-termbeam --no-tunnel
-```
+### Multi-Session
 
-If the [Dev Tunnels CLI](https://learn.microsoft.com/en-us/azure/developer/dev-tunnels/get-started) is not installed, TermBeam will offer to install it for you automatically. You can also install it manually:
+- **Tabbed terminals** with drag-to-reorder and live tab previews on hover/long-press
+- **Split view** — two sessions side-by-side (auto-rotates horizontal/vertical)
+- **Session colors and activity indicators** for at-a-glance status
+- **Folder browser** for picking working directory, optional initial command per session
 
-- **Windows:** `winget install Microsoft.devtunnel`
-- **macOS:** `brew install --cask devtunnel`
-- **Linux:** `curl -sL https://aka.ms/DevTunnelCliInstall | bash`
+### Productivity
 
-Persisted tunnels save a tunnel ID to `~/.termbeam/tunnel.json` so the URL stays the same between sessions.
+- **Terminal search** with regex, match count, and prev/next navigation
+- **Command palette** (Ctrl+K / Cmd+K) for quick access to all actions
+- **Completion notifications** — browser alerts when background commands finish
+- **12 color themes** with adjustable font size
+- **Port preview** — reverse-proxy a local web server through TermBeam
+- **Image paste** from clipboard
 
-## CLI Reference
+### Secure by Default
 
-```bash
-termbeam [shell] [args...]        # start with a specific shell (default: auto-detect)
-termbeam --port 8080              # custom port (default: 3456)
-termbeam --host 0.0.0.0           # allow LAN access (default: 127.0.0.1)
-termbeam --lan                    # shortcut for --host 0.0.0.0
-termbeam -i                       # interactive setup wizard
-termbeam service install          # interactive PM2 service setup wizard
-termbeam service uninstall        # stop & remove PM2 service
-termbeam service status           # show PM2 service status
-termbeam service logs             # tail PM2 service logs
-termbeam service restart          # restart PM2 service
+- **Auto-generated password** with rate limiting and httpOnly cookies
+- **QR code auto-login** with single-use share tokens (5-min expiry)
+- **DevTunnel integration** for secure remote access — ephemeral or persisted URLs
+- **Security headers** (X-Frame-Options, CSP, nosniff) on all responses; only detected shells allowed
+
+## How It Works
+
+TermBeam starts a lightweight web server that spawns a PTY (pseudo-terminal) with your shell, serves a mobile-optimized [xterm.js](https://xtermjs.org/) UI via Express, and bridges the two over WebSocket. Multiple clients can view the same session simultaneously, and sessions persist when all clients disconnect.
+
+```mermaid
+flowchart LR
+  A["Phone / Browser"] <-->|WebSocket| B["TermBeam Server"]
+  B <-->|PTY| C["Shell (zsh/bash)"]
+  B -->|Express| D["Web UI (xterm.js)"]
+  B -.->|Optional| E["DevTunnel"]
 ```
 
-| Flag                  | Description                                          | Default        |
-| --------------------- | ---------------------------------------------------- | -------------- |
-| `--password <pw>`     | Set access password (also accepts `--password=<pw>`) | Auto-generated |
-| `--no-password`       | Disable password (cannot combine with `--public`)    | —              |
-| `--generate-password` | Auto-generate a secure password                      | On             |
-| `--tunnel`            | Create an ephemeral devtunnel URL (private)          | On             |
-| `--no-tunnel`         | Disable tunnel (LAN-only)                            | —              |
-| `--persisted-tunnel`  | Create a reusable devtunnel URL                      | Off            |
-| `--public`            | Allow public tunnel access                           | Off            |
-| `--port <port>`       | Server port                                          | `3456`         |
-| `--host <addr>`       | Bind address                                         | `127.0.0.1`    |
-| `--lan`               | Bind to all interfaces (LAN access)                  | Off            |
-| `--log-level <level>` | Log verbosity (error/warn/info/debug)                | `info`         |
-| `-i, --interactive`   | Interactive setup wizard (guided configuration)      | Off            |
-| `-h, --help`          | Show help                                            | —              |
-| `-v, --version`       | Show version                                         | —              |
-
-| Subcommand          | Description                   |
-| ------------------- | ----------------------------- |
-| `service install`   | Interactive PM2 service setup |
-| `service uninstall` | Stop & remove from PM2        |
-| `service status`    | Show PM2 service status       |
-| `service logs`      | Tail PM2 service logs         |
-| `service restart`   | Restart PM2 service           |
-
-Environment variables: `PORT`, `TERMBEAM_PASSWORD`, `TERMBEAM_CWD`, `TERMBEAM_LOG_LEVEL`, `SHELL` (Unix fallback), `COMSPEC` (Windows fallback). See [Configuration docs](https://dorlugasigal.github.io/TermBeam/configuration/).
+## CLI Highlights
 
-## Security
+| Flag                  | Description                                     | Default        |
+| --------------------- | ----------------------------------------------- | -------------- |
+| `--password <pw>`     | Set access password                             | Auto-generated |
+| `--no-password`       | Disable password protection                     | —              |
+| `--tunnel`            | Create an ephemeral devtunnel URL               | On             |
+| `--no-tunnel`         | Disable tunnel (LAN-only)                       | —              |
+| `--persisted-tunnel`  | Reusable devtunnel URL (stable across restarts) | Off            |
+| `--port <port>`       | Server port                                     | `3456`         |
+| `--host <addr>`       | Bind address                                    | `127.0.0.1`    |
+| `--lan`               | Bind to all interfaces (LAN access)             | Off            |
+| `-i, --interactive`   | Interactive setup wizard                        | Off            |
+| `--log-level <level>` | Log verbosity (error/warn/info/debug)           | `info`         |
+
+For all flags, subcommands, and environment variables, see the [Configuration docs](https://dorlugasigal.github.io/TermBeam/configuration/).
 
-TermBeam auto-generates a password and creates a tunnel by default, so your terminal is protected out of the box. By default, the server binds to `127.0.0.1` (localhost only). Use `--lan` or `--host 0.0.0.0` to allow LAN access, or `--no-tunnel` to disable the tunnel.
+## Security
 
-Auth uses secure httpOnly cookies with 24-hour expiry, login is rate-limited to 5 attempts per minute, and security headers (X-Frame-Options, X-Content-Type-Options, etc.) are set on all responses. Each QR code contains a single-use share token (5-minute expiry) for password-free login. API clients that can't use cookies can authenticate with an `Authorization: Bearer <password>` header.
+TermBeam auto-generates a password and creates a secure tunnel by default, binding to `127.0.0.1` (localhost only). Auth uses httpOnly cookies with 24-hour expiry, login is rate-limited to 5 attempts per minute, QR codes contain single-use share tokens (5-min expiry), and security headers (X-Frame-Options, CSP, nosniff) are set on all responses.
 
-For the full threat model, safe usage guidance, and a quick safety checklist, see [SECURITY.md](SECURITY.md). For detailed security feature documentation, see the [Security Guide](https://dorlugasigal.github.io/TermBeam/security/).
+For the full threat model and safety checklist, see [SECURITY.md](SECURITY.md). For detailed security documentation, see the [Security Guide](https://dorlugasigal.github.io/TermBeam/security/).
 
 ## Contributing
 

package/bin/termbeam.js

@@ -8,13 +8,142 @@ if (subcommand === 'service') {
     console.error(err.message);
     process.exit(1);
   });
+} else if (subcommand === 'resume') {
+  const { resume } = require('../src/resume');
+  resume(process.argv.slice(3)).catch((err) => {
+    console.error(err.message);
+    process.exit(1);
+  });
+} else if (subcommand === 'list') {
+  const { list } = require('../src/resume');
+  list().catch((err) => {
+    console.error(err.message);
+    process.exit(1);
+  });
 } else {
+  // Reject any non-flag positional arg — it's not a known subcommand
+  if (subcommand && !subcommand.startsWith('-')) {
+    const { printHelp } = require('../src/cli');
+    console.error(`Unknown command: ${subcommand}\n`);
+    printHelp();
+    process.exit(1);
+  }
+
   const { createTermBeamServer } = require('../src/server.js');
   const { parseArgs } = require('../src/cli');
   const { runInteractiveSetup } = require('../src/interactive');
+  const { readConnectionConfig } = require('../src/resume');
+  const http = require('http');
+
+  function httpPost(url, headers) {
+    return new Promise((resolve) => {
+      const parsed = new URL(url);
+      const req = http.request(
+        {
+          hostname: parsed.hostname,
+          port: parsed.port,
+          path: parsed.pathname,
+          method: 'POST',
+          headers,
+          timeout: 2000,
+        },
+        (res) => {
+          res.resume();
+          resolve(res.statusCode);
+        },
+      );
+      req.on('error', () => resolve(null));
+      req.on('timeout', () => {
+        req.destroy();
+        resolve(null);
+      });
+      req.end();
+    });
+  }
+
+  function checkExistingServer(config) {
+    if (!config) return Promise.resolve(false);
+    const host = config.host === 'localhost' ? '127.0.0.1' : config.host;
+    return new Promise((resolve) => {
+      const req = http.get(
+        `http://${host}:${config.port}/api/sessions`,
+        {
+          timeout: 2000,
+          headers: config.password ? { Authorization: `Bearer ${config.password}` } : {},
+        },
+        (res) => {
+          res.resume();
+          resolve(res.statusCode < 500);
+        },
+      );
+      req.on('error', () => resolve(false));
+      req.on('timeout', () => {
+        req.destroy();
+        resolve(false);
+      });
+    });
+  }
+
+  async function stopExistingServer(config, fallbackPassword) {
+    // Always target loopback — the shutdown endpoint only accepts loopback requests
+    const url = `http://127.0.0.1:${config.port}/api/shutdown`;
+    console.log(`Stopping existing server on port ${config.port}...`);
+
+    // Try with config password, then fallback password, then no password
+    const passwords = [config.password, fallbackPassword, null].filter(
+      (v, i, a) => a.indexOf(v) === i,
+    );
+    let stopped = false;
+    for (const pw of passwords) {
+      const headers = pw ? { Authorization: `Bearer ${pw}` } : {};
+      const status = await httpPost(url, headers);
+      if (status && status !== 401) {
+        stopped = true;
+        break;
+      }
+    }
+    if (!stopped) {
+      console.error(
+        'Cannot stop the existing server — password mismatch.\n' +
+          'Stop it manually (Ctrl+C in its terminal) and try again.',
+      );
+      process.exit(1);
+    }
+    for (let i = 0; i < 20; i++) {
+      await new Promise((r) => setTimeout(r, 250));
+      if (!(await checkExistingServer(config))) break;
+    }
+  }
 
   async function main() {
     const baseConfig = parseArgs();
+    const targetPort = baseConfig.port;
+    const targetHost = baseConfig.host === '0.0.0.0' ? '127.0.0.1' : baseConfig.host;
+
+    // Check connection.json for an existing server
+    const existing = readConnectionConfig();
+    if (existing && (await checkExistingServer(existing))) {
+      if (baseConfig.force) {
+        await stopExistingServer(existing, baseConfig.password);
+      } else {
+        const displayHost = existing.host === '127.0.0.1' ? 'localhost' : existing.host;
+        console.error(
+          `TermBeam is already running on http://${displayHost}:${existing.port}\n` +
+            'Use "termbeam resume" to reconnect, "termbeam list" to list sessions,\n' +
+            'or "termbeam --force" to stop the existing server and start a new one.',
+        );
+        process.exit(1);
+      }
+    }
+
+    // Also check the target port directly (handles stale/missing connection.json)
+    if (baseConfig.force && targetPort !== 0) {
+      const targetConfig = { host: targetHost, port: targetPort, password: baseConfig.password };
+      if (await checkExistingServer(targetConfig)) {
+        await stopExistingServer(targetConfig);
+      }
+    }
+
     let config;
     if (baseConfig.interactive) {
       config = await runInteractiveSetup(baseConfig);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "termbeam",
-  "version": "1.8.0",
+  "version": "1.9.0",
   "description": "Beam your terminal to any device — mobile-optimized web terminal with multi-session support",
   "main": "src/server.js",
   "bin": {
@@ -68,13 +68,17 @@
   "dependencies": {
     "cookie-parser": "^1.4.7",
     "express": "^5.2.1",
+    "express-rate-limit": "^8.2.1",
     "node-pty": "^1.1.0",
     "qrcode": "^1.5.4",
     "ws": "^8.19.0"
   },
   "devDependencies": {
+    "@eslint/js": "^9.39.3",
     "@playwright/test": "^1.58.2",
     "c8": "^11.0.0",
+    "eslint": "^10.0.2",
+    "eslint-plugin-security": "^4.0.0",
     "husky": "^9.1.7",
     "lint-staged": "^16.2.7",
     "prettier": "^3.8.1"

package/src/cli.js

@@ -10,6 +10,8 @@ termbeam — Beam your terminal to any device
 
 Usage:
   termbeam [options] [shell] [args...]
+  termbeam resume [name] [options]     Reconnect to a running session
+  termbeam list                        List running sessions
   termbeam service <action>            Manage as a background service (PM2)
 
 Actions (service):
@@ -31,6 +33,7 @@ Options:
   --host <addr>         Bind address (default: 127.0.0.1)
   --lan                 Bind to 0.0.0.0 (allow LAN access, default: localhost only)
   --log-level <level>   Set log verbosity: error, warn, info, debug (default: info)
+  --force               Stop any existing server before starting a new one
   -i, --interactive     Interactive setup wizard (guided configuration)
   -h, --help            Show this help
   -v, --version         Show version
@@ -50,6 +53,8 @@ Examples:
   termbeam /bin/bash                Use bash instead of default shell
   termbeam --interactive               Guided setup wizard
   termbeam service install          Set up as background service (PM2)
+  termbeam resume                   Reconnect to an active session
+  termbeam list                     List all active sessions
 
 Environment:
   PORT                  Server port (default: 3456)
@@ -244,6 +249,7 @@ function parseArgs() {
   let persistedTunnel = false;
   let publicTunnel = false;
   let interactive = false;
+  let force = false;
   let explicitPassword = !!password;
 
   const args = process.argv.slice(2);
@@ -288,6 +294,14 @@ function parseArgs() {
       interactive = true;
     } else if (args[i] === '--log-level' && args[i + 1]) {
       logLevel = args[++i];
+    } else if (args[i].startsWith('--log-level=')) {
+      logLevel = args[i].split('=')[1];
+    } else if (args[i] === '--force') {
+      force = true;
+    } else if (args[i].startsWith('--')) {
+      console.error(`Unknown flag: ${args[i]}\n`);
+      printHelp();
+      process.exit(1);
     } else {
       filteredArgs.push(args[i]);
     }
@@ -341,6 +355,7 @@ function parseArgs() {
     version,
     logLevel,
     interactive,
+    force,
   };
 }
 

package/src/client.js

@@ -0,0 +1,169 @@
+const WebSocket = require('ws');
+
+const DETACH_KEY = '\x02'; // Ctrl+B
+
+/**
+ * Create a terminal client that pipes stdin/stdout over WebSocket.
+ * Resolves when detached or session exits. Rejects on connection error.
+ *
+ * @param {object} opts
+ * @param {string} opts.url        WebSocket URL (ws://host:port/ws)
+ * @param {string} [opts.password] Server password (null for no-auth mode)
+ * @param {string} opts.sessionId  Session ID to connect to
+ * @param {string} [opts.sessionName] Session name (for display)
+ * @param {string} [opts.detachKey] Key to detach (default: Ctrl+B)
+ * @returns {Promise<{reason: string}>}
+ */
+function createTerminalClient({
+  url,
+  password,
+  sessionId,
+  sessionName = 'session',
+  detachKey = DETACH_KEY,
+  detachLabel = 'Ctrl+B',
+}) {
+  return new Promise((resolve, reject) => {
+    const ws = new WebSocket(url);
+    let cleaned = false;
+    let bannerTimer = null;
+    let bannerShown = false;
+    let onData = null;
+    let onSigwinch = null;
+
+    function showBanner() {
+      if (!cleaned && !bannerShown) {
+        bannerShown = true;
+        process.stdout.write(
+          `\r\n\x1b[33m  attached: ${sessionName} ─── ${detachLabel} to detach\x1b[0m\r\n\r\n`,
+        );
+      }
+      bannerTimer = null;
+    }
+
+    function debounceBanner() {
+      if (bannerShown) return;
+      if (bannerTimer) clearTimeout(bannerTimer);
+      bannerTimer = setTimeout(showBanner, 500);
+    }
+
+    function resetTerminal() {
+      if (bannerTimer) clearTimeout(bannerTimer);
+      process.stdout.write('\x1b]0;\x07');
+      if (process.stdin.isTTY && process.stdin.isRaw) {
+        process.stdin.setRawMode(false);
+      }
+      if (onData) process.stdin.removeListener('data', onData);
+      process.stdin.pause();
+      if (onSigwinch) process.removeListener('SIGWINCH', onSigwinch);
+      if (ws.readyState === WebSocket.OPEN || ws.readyState === WebSocket.CONNECTING) {
+        ws.close();
+      }
+    }
+
+    function cleanup(reason) {
+      if (cleaned) return;
+      cleaned = true;
+      resetTerminal();
+      resolve({ reason });
+    }
+
+    ws.on('open', () => {
+      if (password) {
+        ws.send(JSON.stringify({ type: 'auth', password }));
+      } else {
+        ws.send(JSON.stringify({ type: 'attach', sessionId }));
+      }
+    });
+
+    ws.on('message', (raw) => {
+      let msg;
+      try {
+        msg = JSON.parse(raw);
+      } catch {
+        return;
+      }
+
+      if (msg.type === 'auth_ok') {
+        ws.send(JSON.stringify({ type: 'attach', sessionId }));
+        return;
+      }
+
+      if (msg.type === 'attached') {
+        // Set terminal title to show we're attached
+        process.stdout.write(`\x1b]0;[termbeam] ${sessionName} — ${detachLabel} to detach\x07`);
+
+        const refs = {};
+        enterRawMode(ws, detachKey, cleanup, refs);
+        onData = refs.onData;
+        onSigwinch = refs.onSigwinch;
+        sendResize(ws);
+        debounceBanner();
+        return;
+      }
+
+      if (msg.type === 'output') {
+        debounceBanner();
+        process.stdout.write(msg.data);
+        return;
+      }
+
+      if (msg.type === 'exit') {
+        cleanup(`session exited with code ${msg.code}`);
+        return;
+      }
+
+      if (msg.type === 'error') {
+        cleanup(`error: ${msg.message}`);
+        return;
+      }
+    });
+
+    ws.on('error', (err) => {
+      if (!cleaned) {
+        cleaned = true;
+        resetTerminal();
+        reject(err);
+      }
+    });
+
+    ws.on('close', () => {
+      cleanup('connection closed');
+    });
+  });
+}
+
+function enterRawMode(ws, detachKey, cleanup, refs) {
+  if (process.stdin.isTTY) {
+    process.stdin.setRawMode(true);
+  }
+  process.stdin.resume();
+
+  refs.onData = (data) => {
+    const str = data.toString();
+    if (str === detachKey) {
+      cleanup('detached');
+      return;
+    }
+    if (ws.readyState === WebSocket.OPEN) {
+      ws.send(JSON.stringify({ type: 'input', data: str }));
+    }
+  };
+  process.stdin.on('data', refs.onData);
+
+  refs.onSigwinch = () => sendResize(ws);
+  process.on('SIGWINCH', refs.onSigwinch);
+}
+
+function sendResize(ws) {
+  if (ws.readyState === WebSocket.OPEN && process.stdout.columns && process.stdout.rows) {
+    ws.send(
+      JSON.stringify({
+        type: 'resize',
+        cols: process.stdout.columns,
+        rows: process.stdout.rows,
+      }),
+    );
+  }
+}
+
+module.exports = { createTerminalClient };

package/src/interactive.js

@@ -85,7 +85,7 @@ async function runInteractiveSetup(baseConfig) {
   let passwordMode = 'auto';
   if (pwChoice.index === 0) {
     config.password = crypto.randomBytes(16).toString('base64url');
-    console.log(dim(`  Generated password: ${config.password}`));
+    process.stdout.write(dim(`  Generated password: ${config.password}`) + '\n');
   } else if (pwChoice.index === 1) {
     passwordMode = 'custom';
     config.password = await ask(rl, 'Enter password:');
@@ -99,7 +99,7 @@ async function runInteractiveSetup(baseConfig) {
   }
   decisions.push({
     label: 'Password',
-    value: config.password == null ? yellow('disabled') : '••••••••',
+    value: config.password === null ? yellow('disabled') : '••••••••',
   });
 
   // Step 2: Port
@@ -164,7 +164,7 @@ async function runInteractiveSetup(baseConfig) {
     if (config.publicTunnel && !config.password) {
       console.log(yellow('  ⚠ Public tunnels require password authentication.'));
       config.password = crypto.randomBytes(16).toString('base64url');
-      console.log(dim(`  Auto-generated password: ${config.password}`));
+      process.stdout.write(dim(`  Auto-generated password: ${config.password}`) + '\n');
       passwordMode = 'auto';
       // Update the password decision
       decisions[0] = { label: 'Password', value: '••••••••' };
@@ -212,7 +212,7 @@ async function runInteractiveSetup(baseConfig) {
   showProgress(4);
   console.log(bold('\n── Configuration Summary ──────────────────'));
   console.log(
-    `  Password:      ${config.password == null ? yellow('disabled') : cyan('••••••••')}`,
+    `  Password:      ${config.password === null ? yellow('disabled') : cyan('••••••••')}`,
   );
   console.log(`  Port:          ${cyan(String(config.port))}`);
   console.log(

package/src/prompts.js

@@ -19,11 +19,11 @@ const dim = (t) => color('2', t);
  * If `defaultValue` is provided, it's shown in brackets and used when the user presses Enter.
  */
 function ask(rl, question, defaultValue) {
-  const suffix = defaultValue != null ? ` ${dim(`[${defaultValue}]`)} ` : ' ';
+  const suffix = defaultValue != null ? ` ${dim(`[${defaultValue}]`)} ` : ' '; // eslint-disable-line eqeqeq
   return new Promise((resolve) => {
     rl.question(`${question}${suffix}`, (answer) => {
       const trimmed = answer.trim();
-      resolve(trimmed || (defaultValue != null ? String(defaultValue) : ''));
+      resolve(trimmed || (defaultValue != null ? String(defaultValue) : '')); // eslint-disable-line eqeqeq
     });
   });
 }