Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Merge pull request #12649 from strapi/cli-security
update execa commands
  • Loading branch information
alexandrebodin committed Feb 24, 2022
2 parents 1efba6d + bedb04a commit 2a3f5e9
Show file tree
Hide file tree
Showing 2 changed files with 6 additions and 6 deletions.
8 changes: 4 additions & 4 deletions packages/cli/create-strapi-starter/utils/fetch-npm-starter.js
Expand Up @@ -15,7 +15,7 @@ const stopProcess = require('./stop-process');
async function getPackageInfo(packageName, { useYarn } = {}) {
// Use yarn if possible because it's faster
if (useYarn) {
const { stdout } = await execa.command(`yarn info ${packageName} --json`);
const { stdout } = await execa('yarn', ['info', packageName, '--json']);
const yarnInfo = JSON.parse(stdout);
return {
name: yarnInfo.data.name,
Expand All @@ -24,7 +24,7 @@ async function getPackageInfo(packageName, { useYarn } = {}) {
}

// Fallback to npm
const { stdout } = await execa.command(`npm view ${packageName} name version --silent`);
const { stdout } = await execa('npm', ['view', packageName, 'name', 'version', '--silent']);
// Use regex to parse name and version from CLI result
const [name, version] = stdout.match(/(?<=')(.*?)(?=')/gm);
return { name, version };
Expand Down Expand Up @@ -67,11 +67,11 @@ async function getStarterPackageInfo(starter, { useYarn } = {}) {
async function downloadNpmStarter({ name, version }, parentDir, { useYarn } = {}) {
// Download from npm, using yarn if possible
if (useYarn) {
await execa.command(`yarn add ${name}@${version} --no-lockfile --silent`, {
await execa('yarn', ['add', `${name}@${version}`, '--no-lockfile', '--silent'], {
cwd: parentDir,
});
} else {
await execa.command(`npm install ${name}@${version} --no-save --silent`, {
await execa('npm', ['install', `${name}@${version}`, '--no-save', '--silent'], {
cwd: parentDir,
});
}
Expand Down
4 changes: 2 additions & 2 deletions packages/generators/app/lib/utils/fetch-npm-template.js
Expand Up @@ -10,7 +10,7 @@ const chalk = require('chalk');
* @returns {Object}
*/
async function getPackageInfo(packageName) {
const { stdout } = await execa.shell(`npm view ${packageName} name version --silent`);
const { stdout } = await execa('npm', ['view', packageName, 'name', 'version', '--silent']);
// Use regex to parse name and version from CLI result
const [name, version] = stdout.match(/(?<=')(.*?)(?=')/gm);
return { name, version };
Expand Down Expand Up @@ -46,7 +46,7 @@ async function getTemplatePackageInfo(template) {
*/
async function downloadNpmTemplate({ name, version }, parentDir) {
// Download from npm
await execa.shell(`npm install ${name}@${version} --no-save --silent`, {
await execa('npm', ['install', `${name}@${version}`, '--no-save', '--silent'], {
cwd: parentDir,
});

Expand Down

0 comments on commit 2a3f5e9

Please sign in to comment.