shellwords alternatives and similar packages
Based on the "Text" category.
Alternatively, view shellwords alternatives based on common mentions on social networks and blogs.
-
skylighting
A Haskell syntax highlighting library with tokenizers derived from KDE syntax highlighting descriptions -
double-conversion
A fast Haskell library for converting between double precision floating point numbers and text strings. It is implemented as a binding to the V8-derived C++ double-conversion library.
WorkOS - The modern identity platform for B2B SaaS
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of shellwords or a related project?
README
ShellWords
Parse a string into words, like a shell would.
Motivation
If you need to execute commands given to you as user-input, you should know not to give that text as-is to a shell:
callProcess "sh" ["-c", "some --user --input"]
Such code is a severe security vulnerability. Furthermore, any attempts to
sanitize the string are unlikely to be 100% affective and should be avoided. The
only safe way to do this is to not use a shell intermediary, and always exec
a
process directly:
callProcess "some" ["--user", "--input"]
The new problem (and not a security-related one) is how to correctly parse a
string like "some --user --input"
into the command and its arguments. The
rules are complex enough that you probably want to get a library to do it.
So here we are.
Example
Right (cmd:args) <- parse "some -complex --command=\"Line And\" 'More'"
callProcess cmd args
--
-- Is equivalent to:
--
-- > callProcess "some" ["-complex", "--command=Line And", "More"]
--
Lineage
This package is inspired by and named after
python-shellwords
, which was itself inspired bygo-shellwords
, which was itself inspired byParser::CommandLine
[CHANGELOG](./CHANGELOG.md) | [LICENSE](./LICENSE)
*Note that all licence references and agreements mentioned in the shellwords README section above
are relevant to that project's source code only.