MCPcopy
hub / github.com/claude-code-best/claude-code / quote

Function quote

src/utils/bash/shellQuote.ts:266–303  ·  view source on GitHub ↗
(args: ReadonlyArray<unknown>)

Source from the content-addressed store, hash-verified

264}
265
266export function quote(args: ReadonlyArray<unknown>): string {
267 // First try the strict validation
268 const result = tryQuoteShellArgs([...args])
269
270 if (result.success) {
271 return result.quoted
272 }
273
274 // If strict validation failed, use lenient fallback
275 // This handles objects, symbols, functions, etc. by converting them to strings
276 try {
277 const stringArgs = args.map(arg => {
278 if (arg === null || arg === undefined) {
279 return String(arg)
280 }
281
282 const type = typeof arg
283
284 if (type === 'string' || type === 'number' || type === 'boolean') {
285 return String(arg)
286 }
287
288 // For unsupported types, use JSON.stringify as a safe fallback
289 // This ensures we don't crash but still get a meaningful representation
290 return jsonStringify(arg)
291 })
292
293 return shellQuoteQuote(stringArgs)
294 } catch (error) {
295 // SECURITY: Never use JSON.stringify as a fallback for shell quoting.
296 // JSON.stringify uses double quotes which don't prevent shell command execution.
297 // For example, jsonStringify(['echo', '$(whoami)']) produces "echo" "$(whoami)"
298 if (error instanceof Error) {
299 logError(error)
300 }
301 throw new Error('Failed to quote shell arguments safely')
302 }
303}

Callers 15

quoteCliLaunchFunction · 0.85
checkCrossProjectResumeFunction · 0.85
buildExecCommandFunction · 0.85
buildInheritedCliFlagsFunction · 0.85
buildInheritedEnvVarsFunction · 0.85
spawnMethod · 0.85
formatShellPrefixCommandFunction · 0.85
getBashCompletionCommandFunction · 0.85
getZshCompletionCommandFunction · 0.85
reconstructCommandFunction · 0.85
buildCommandPartsFunction · 0.85

Calls 3

tryQuoteShellArgsFunction · 0.85
jsonStringifyFunction · 0.85
logErrorFunction · 0.50

Tested by

no test coverage detected