zsp/everything-claude-code
1
0
Fork 0
mirror of https://github.com/affaan-m/everything-claude-code.git synced 2026-04-02 23:23:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: eliminate command injection in hooks, fix pass-through newline corruption, add 8 tests

Browse Source 
Replace shell: true with npx.cmd on Windows in post-edit-format.js and
post-edit-typecheck.js to prevent command injection via crafted file paths.
Replace console.log(data) with process.stdout.write(data) in
check-console-log.js to avoid appending extra newlines to pass-through data.
This commit is contained in:
Affaan Mustafa
2026-02-13 02:22:55 -08:00
parent f33ed4c49e
commit d9331cb17f
4 changed files with 82 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
scripts/hooks/check-console-log.js
View File

@@ -39,7 +39,7 @@ process.stdin.on('data', chunk => {
process.stdin.on('end', () => {
try {
if (!isGitRepo()) {
console.log(data);
process.stdout.write(data);
process.exit(0);
}
@@ -65,5 +65,5 @@ process.stdin.on('end', () => {
}
// Always output the original data
console.log(data);
process.stdout.write(data);
});