revert: partially revert changes swapping exec with spawn

Refs: 083bb25, 1f86df3

Author: damyanpetev

packages/cli/lib/commands/start.ts

@@ -7,16 +7,16 @@ import { PositionalArgs, StartCommandType } from "./types";
 import { ArgumentsCamelCase } from "yargs";
 
 const execSyncNpmStart = (port: number, options: ExecSyncOptions): void => {
-	const args = ['start'];
 	if (port) {
 		// Validate port is a number to prevent command injection
 		if (!Number.isInteger(port) || port < 0 || port > 65535) {
 			Util.error(`Invalid port number: ${port}`, "red");
 			return;
 		}
-		args.push('--', `--port=${port}`);
+		Util.execSync(`npm start -- --port=${port}`, options);
+		return;
 	}
-	Util.spawnSync('npm', args, options);
+	Util.execSync(`npm start`, options);
 };
 
 const command: StartCommandType = {

packages/core/packages/PackageManager.ts

@@ -1,4 +1,4 @@
-import { spawn } from "child_process";
+import { exec } from "child_process";
 import * as path from "path";
 import { TemplateManager } from "../../cli/lib/TemplateManager";
 import { Config, FS_TOKEN, IFileSystem, ProjectTemplate } from "../types";
@@ -123,18 +123,18 @@ export class PackageManager {
 	}
 
 	public static removePackage(packageName: string, verbose: boolean = false): boolean {
+		let command: string;
 		const managerCommand = this.getManager();
-		let args: string[];
 		switch (managerCommand) {
 			case "npm":
 			/* passes through */
 			default:
-				args = ['uninstall', packageName, '--quiet', '--save'];
+				command = `${managerCommand} uninstall ${packageName} --quiet --save`;
 				break;
 		}
 		try {
 			// tslint:disable-next-line:object-literal-sort-keys
-			Util.spawnSync(managerCommand, args, { stdio: "pipe", encoding: "utf8" });
+			Util.execSync(command, { stdio: "pipe", encoding: "utf8" });
 		} catch (error) {
 			Util.log(`Error uninstalling package ${packageName} with ${managerCommand}`);
 			if (verbose) {
@@ -149,10 +149,10 @@ export class PackageManager {
 
 	public static addPackage(packageName: string, verbose: boolean = false): boolean {
 		const managerCommand = this.getManager();
-		const args = this.getInstallArgs(packageName);
+		const command = this.getInstallCommand(managerCommand, packageName);
 		try {
 			// tslint:disable-next-line:object-literal-sort-keys
-			Util.spawnSync(managerCommand, args, { stdio: "pipe", encoding: "utf8" });
+			Util.execSync(command, { stdio: "pipe", encoding: "utf8" });
 		} catch (error) {
 			Util.log(`Error installing package ${packageName} with ${managerCommand}`);
 			if (verbose) {
@@ -165,7 +165,7 @@ export class PackageManager {
 	}
 
 	public static async queuePackage(packageName: string, verbose = false) {
-		const args = this.getInstallArgs(packageName).map(arg => arg === '--save' ? '--no-save' : arg);
+		const command = this.getInstallCommand(this.getManager(), packageName).replace("--save", "--no-save");
 		const [packName, version] = packageName.split(/@(?=[^\/]+$)/);
 		const packageJSON = this.getPackageJSON();
 		if (!packageJSON.dependencies) {
@@ -190,24 +190,13 @@ export class PackageManager {
 		// D.P. Concurrent install runs should be supported
 		// https://github.com/npm/npm/issues/5948
 		// https://github.com/npm/npm/issues/2500
-		const managerCommand = this.getManager();
 		const task = new Promise<{ packageName, error, stdout, stderr }>((resolve, reject) => {
-			const child = spawn(managerCommand, args);
-			let stdout = '';
-			let stderr = '';
-			child.stdout?.on('data', (data) => {
-				stdout += data.toString();
-			});
-			child.stderr?.on('data', (data) => {
-				stderr += data.toString();
-			});
-			child.on('close', (code) => {
-				const error = code !== 0 ? new Error(`Process exited with code ${code}`) : null;
-				resolve({ packageName, error, stdout, stderr });
-			});
-			child.on('error', (err) => {
-				resolve({ packageName, error: err, stdout, stderr });
-			});
+			const child = exec(
+				command, {},
+				(error, stdout, stderr) => {
+					resolve({ packageName, error, stdout, stderr });
+				}
+			);
 		});
 		task["packageName"] = packName;
 		this.installQueue.push(task);
@@ -236,7 +225,7 @@ export class PackageManager {
 		const fullPackageRegistry = config.igPackageRegistry;
 		try {
 			// tslint:disable-next-line:object-literal-sort-keys
-			Util.spawnSync('npm', ['whoami', `--registry=${fullPackageRegistry}`], { stdio: 'pipe', encoding: 'utf8' });
+			Util.execSync(`npm whoami --registry=${fullPackageRegistry}`, { stdio: "pipe", encoding: "utf8" });
 		} catch (error) {
 			// try registering the user:
 			Util.log(
@@ -265,7 +254,7 @@ export class PackageManager {
 			if (login?.status === 0) {
 				//make sure scope is configured:
 				try {
-					Util.spawnSync('npm', ['config', 'set', `@infragistics:registry`, fullPackageRegistry]);
+					Util.execSync(`npm config set @infragistics:registry ${fullPackageRegistry}`);
 					return true;
 				} catch (error) {
 					return false;
@@ -292,10 +281,6 @@ export class PackageManager {
 		}
 	}
 
-	private static getInstallArgs(packageName: string): string[] {
-		return ['install', packageName, '--quiet', '--save'];
-	}
-
 	private static getManager(/*config:Config*/): string {
 		//stub to potentially swap out managers
 		return "npm";

packages/core/util/Util.ts

@@ -283,11 +283,6 @@ export class Util {
 		}
 
 		for (const key of Object.keys(source)) {
-			// Skip keys that can affect the prototype of objects to avoid prototype pollution vulnerabilities
-			if (key === "__proto__" || key === "constructor") {
-				continue;
-			}
-
 			const sourceKeyIsArray = Array.isArray(source[key]);
 			const targetHasThisKey = target.hasOwnProperty(key);
 
@@ -388,8 +383,7 @@ export class Util {
 			const options: any = { cwd: path.join(parentRoot, projectName), stdio: [process.stdin, "ignore", "ignore"] };
 			Util.execSync("git init", options);
 			Util.execSync("git add .", options);
-			const commitMessage = `"Initial commit for project: ${projectName}"`;
-			Util.spawnSync('git', ['commit', '-m', commitMessage], options);
+			Util.execSync("git commit -m " + "\"Initial commit for project: " + projectName + "\"", options);
 			Util.log(Util.greenCheck() + " Git Initialized and Project '" + projectName + "' Committed");
 		} catch (error) {
 			Util.error("Git initialization failed. Install Git in order to automatically commit the project.", "yellow");

spec/unit/new-spec.ts

@@ -284,24 +284,12 @@ describe("Unit - New command", () => {
 			getProjectLibrary: mockProjLib
 		});
 
-		spyOn(Util, "spawnSync").and.returnValues({
-			status: 0,
-			pid: 0,
-			output: [],
-			stdout: "",
-			stderr: "",
-			signal: "SIGABRT"
-		});
-
 		await newCmd.handler({ name: projectName, framework: "jq", _: ["new"], $0: "new" });
 
 		expect(Util.execSync).toHaveBeenCalledWith("git init", jasmine.any(Object));
 		expect(Util.execSync).toHaveBeenCalledWith("git add .", jasmine.any(Object));
-		expect(Util.spawnSync).toHaveBeenCalledWith(
-			"git",
-			['commit', '-m', `"Initial commit for project: ${projectName}"`],
-			{ cwd: path.join(process.cwd(), projectName), stdio: [process.stdin, "ignore", "ignore"] }
-		);
+		expect(Util.execSync).toHaveBeenCalledWith("git commit -m " + "\"Initial commit for project: " + projectName + "\"",
+			jasmine.any(Object));
 		expect(Util.log).toHaveBeenCalledWith(
 			jasmine.stringMatching("Git Initialized and Project '" + projectName + "' Committed")
 		);