eeymoo/nvm
1
0
Fork 0
mirror of https://github.com/nvm-sh/nvm.git synced 2026-06-05 22:07:09 +08:00
Code Issues Actions 28 Packages Projects Releases Wiki Activity
Files
6d870d182cd5333647ffa16c0d7dbcd817ec27a8
nvm/test/fast/Unit tests
History
Jordan Harband 6d870d182c [Fix] nvm_download: avoid eval so mirror-supplied version strings can't inject commands 
`nvm_download` built a curl/wget command string and ran it with `eval`.
The download URLs embed the version string taken from the mirror's `index.tab`,
which is untrusted.
Wrapping each argument in double quotes inside the `eval` does not prevent command substitution,
so a version field such as `v1$(touch /tmp/proof)` was executed by the shell.
This bypassed the earlier quoting hardening in 0ce8f5a.

Pass every argument as a literal argv element instead of constructing a string for `eval`,
on both the curl and wget paths,
so URL arguments are never re-parsed by the shell.
The wget flag translation is now done per-argument with a POSIX
`set --` loop rather than `sed` over the joined string.
The auth header is sanitized and added once,
before invoking the downloader.
2026-06-02 17:41:44 -07:00
..
mocks
[Tests] update mocks
2024-10-31 14:23:36 -07:00
assert_not_ok
[tests] remove double-substitution in assert_ok and assert_not_ok
2026-04-23 17:16:32 +03:00
assert_ok
[tests] remove double-substitution in assert_ok and assert_not_ok
2026-04-23 17:16:32 +03:00
make_echo
[tests] remove double-substitution in assert_ok and assert_not_ok
2026-04-23 17:16:32 +03:00
nvm install --offline
[New] nvm install --offline: install from cache without network access
2026-03-13 16:13:19 -04:00
nvm install -b
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm install -s and -b conflict
[Fix] nvm install: fix nvm err typo to nvm_err for -s/-b conflict
2026-03-14 09:38:04 -07:00
nvm install with nonlowercase LTS name
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm ls-remote
[Fix] nvm_has_colors: also check if stdout is a terminal
2026-01-27 10:31:07 -08:00
nvm ls-remote with nounset should not fail
[Fix] avoid an unbound variable
2026-05-15 23:08:37 -07:00
nvm set_colors
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm version-remote
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_add_iojs_prefix
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_alias
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_alias handles comments
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_alias LTS-N
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_alias_path
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_change_path
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_check_for_help
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_clang_version
Add nvm_clang_version to ensure clang version > 3.5
2016-11-14 12:28:41 +08:00
nvm_command_info
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_compare_checksum
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_compute_checksum
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_curl_libz_support
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_curl_use_compression
[Fix] enable curl compression only on curl >=7.21.0
2017-06-10 15:25:26 +08:00
nvm_curl_version
[Fix] enable curl compression only on curl >=7.21.0
2017-06-10 15:25:26 +08:00
nvm_die_on_prefix
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_download
[Tests] reduce CI flakiness from transient Docker registry failures
2026-06-03 13:12:31 -07:00
nvm_download no eval injection
[Fix] nvm_download: avoid eval so mirror-supplied version strings can't inject commands
2026-06-02 17:41:44 -07:00
nvm_download wget Authorization header
[Fix] nvm_download: send a well-formed Authorization header on the wget path
2026-06-02 17:40:50 -07:00
nvm_download_artifact
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_download_artifact error propagation
[Fix] nvm_download_artifact: fix error propagation from subshells
2026-03-14 14:30:31 -07:00
nvm_ensure_default_set
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_ensure_version_installed
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_ensure_version_prefix
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_extract_tarball
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_find_project_dir
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_find_up
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_format_version
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_arch
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_arch alpine
[Fix] nvm_get_arch: only apply musl suffix on x64 Alpine
2026-03-14 12:53:14 -07:00
nvm_get_arch_unofficial
[Tests] fix 4 test failures
2026-03-24 12:44:21 -07:00
nvm_get_artifact_compression
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_checksum
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_get_checksum_alg
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_checksum_binary
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_colors
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_default_packages
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_default_packages mawk compat
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_download_slug
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_get_latest missing curl or wget
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_get_minor_version
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_get_mirror
[Fix] nvm_get_mirror: fix awk URL validation to actually reject invalid URLs
2026-03-14 09:40:43 -07:00
nvm_has
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_has_colors
[Fix] nvm_has_colors: also check if stdout is a terminal
2026-01-27 10:31:07 -08:00
nvm_has_non_aliased
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_has_solaris_binary
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_has_system_iojs
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_has_system_node
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_install_binary_extract
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_install_binary_nosource
[Tests] fix 4 test failures
2026-03-24 12:44:21 -07:00
nvm_install_latest_npm
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_install_no_progress_bar
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_install_source SHELL override
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_iojs_prefix
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_iojs_version_has_solaris_binary
[Tests] fix 4 test failures
2026-03-24 12:44:21 -07:00
nvm_is_alias
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_is_iojs_version
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_is_merged_node_version
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_is_natural_num
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_is_valid_version
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_is_version_installed
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_ls handles hash in pattern
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_ls_current
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_ls_remote
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_ls_remote LTS aliases
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_ls_remote nightly
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_ls_remote_iojs
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_make_alias
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_node_prefix
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_node_version_has_solaris_binary
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_normalize_lts
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_num_version_groups
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_offline_version
[New] nvm install --offline: install from cache without network access
2026-03-13 16:13:19 -04:00
nvm_print_alias_path
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_print_color_code
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_print_default_alias
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_print_implicit_alias errors
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_print_implicit_alias success
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_print_npm_version
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_process_nvmrc
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_remote_version
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_remote_versions
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_remote_versions propagates iojs failure
[Fix] nvm_ls_remote_combined: propagate iojs remote listing failures
2026-03-14 09:39:20 -07:00
nvm_stdout_is_terminal
[actions] migrate Travis CI tests to GitHub Actions
2026-01-27 10:31:07 -08:00
nvm_strip_iojs_prefix
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_strip_path
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_supports_xz
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_tree_contains_path
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_use_if_needed
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_validate_implicit_alias
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_version
[Tests] add try/try_err helpers; convert tests to use them
2026-03-13 15:26:07 -04:00
nvm_version_dir
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_version_greater
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_version_path
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
nvm_wrap_with_color_code
[Refactor] add nvm_wrap_with_color_code; allow no color code
2022-10-13 20:16:42 -07:00
nvm_write_nvmrc
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
Running 'nvm install --save' works as expected'
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
Running 'nvm use --save' works as expected'
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
Running 'nvm use --save' works with a .nvmrc in the parent dir
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
Running 'nvm use --silent --save' doesn't output anything
[Tests] set $_ before sourcing nvm.sh in fast tests
2026-01-26 21:41:57 -08:00
security_wget_injection
[Fix] sanitize NVM_AUTH_HEADER in wget path
2026-01-09 11:30:14 +09:00