fix potential vulnerability with git clone

yarkeev · Apr 21, 2022 · f828aa7 · f828aa7
1 parent eef249d
commit f828aa7
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 8 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
 	"name": "git-interface",
-	"version": "2.1.1",
+	"version": "2.1.2",
 	"description": "some interfaces for work with git repository",
 	"main": "dist/index",
 	"typings": "dist/index",
@@ -9,7 +9,7 @@
 		"build": "npm run clean && npm run ts",
 		"dev": "npm run clean &&  ./node_modules/.bin/tsc -w",
 		"ts": "./node_modules/.bin/tsc",
-		"prepublish": "npm run build"
+		"prepublishOnly": "npm run build && bump"
 	},
 	"repository": {
 		"type": "git",
@@ -35,6 +35,7 @@
 	"homepage": "https://github.com/yarkeev/git-interface",
 	"devDependencies": {
 		"@types/node": "^10.10.3",
-		"typescript": "^3.0.3"
+		"typescript": "^3.0.3",
+		"version-bump-prompt": "^6.1.0"
 	}
 }
diff --git a/src/index.ts b/src/index.ts
@@ -61,12 +61,10 @@ export class Git extends EventEmitter{
 	}
 
 	public clone(repository: string, dest: string, options?: { depth?: number}) {
-
 		const opt = options || { depth: Infinity }
+		const depthOption = opt.depth !== Infinity ? `--depth=${opt.depth}` : '';
 
-		const depthOption = opt.depth !== Infinity ? ` --depth=${opt.depth}` : '';
-
-		return this.gitExec(`clone ${repository} ${dest}${depthOption}`);
+		return this.gitExec(`clone ${depthOption} -- ${repository} ${dest}`);
 	}
 
 	public checkout(branchName: string) {
@@ -309,4 +307,4 @@ export class Git extends EventEmitter{
 		});
 	}
 
-}
+}