MCPcopy
hub / github.com/codeaashu/claude-code / quote

Function quote

src/utils/bash/shellQuote.ts:267–304  ·  view source on GitHub ↗
(args: ReadonlyArray<unknown>)

Source from the content-addressed store, hash-verified

265}
266
267export function quote(args: ReadonlyArray<unknown>): string {
268 // First try the strict validation
269 const result = tryQuoteShellArgs([...args])
270
271 if (result.success) {
272 return result.quoted
273 }
274
275 // If strict validation failed, use lenient fallback
276 // This handles objects, symbols, functions, etc. by converting them to strings
277 try {
278 const stringArgs = args.map(arg => {
279 if (arg === null || arg === undefined) {
280 return String(arg)
281 }
282
283 const type = typeof arg
284
285 if (type === 'string' || type === 'number' || type === 'boolean') {
286 return String(arg)
287 }
288
289 // For unsupported types, use JSON.stringify as a safe fallback
290 // This ensures we don't crash but still get a meaningful representation
291 return jsonStringify(arg)
292 })
293
294 return shellQuoteQuote(stringArgs)
295 } catch (error) {
296 // SECURITY: Never use JSON.stringify as a fallback for shell quoting.
297 // JSON.stringify uses double quotes which don't prevent shell command execution.
298 // For example, jsonStringify(['echo', '$(whoami)']) produces "echo" "$(whoami)"
299 if (error instanceof Error) {
300 logError(error)
301 }
302 throw new Error('Failed to quote shell arguments safely')
303 }
304}
305

Callers 15

buildInheritedCliFlagsFunction · 0.85
handleSpawnSplitPaneFunction · 0.85
checkCrossProjectResumeFunction · 0.85
buildExecCommandFunction · 0.85
buildInheritedCliFlagsFunction · 0.85
buildInheritedEnvVarsFunction · 0.85
spawnMethod · 0.85
formatShellPrefixCommandFunction · 0.85
getBashCompletionCommandFunction · 0.85
getZshCompletionCommandFunction · 0.85

Calls 3

tryQuoteShellArgsFunction · 0.85
jsonStringifyFunction · 0.85
logErrorFunction · 0.50

Tested by

no test coverage detected