Merge branch 'hhristov/update-angular-templates' of https://github.com/IgniteUI/igniteui-cli into hhristov/update-angular-templates

Author: Hristo313

CHANGELOG.md

@@ -1,3 +1,16 @@
+## [14.9.2](https://github.com/IgniteUI/igniteui-cli/compare/14.9.1...14.9.2) (2026-03-11)
+
+### What's Changed
+* fix(igx-ts): update igniteui-angular versions and remove overrides by @Hristo313 in https://github.com/IgniteUI/igniteui-cli/pull/1508
+* fix(igx-ts): fix eslint configurations by @Hristo313 in https://github.com/IgniteUI/igniteui-cli/pull/1509
+* fix(upgrade-packages): correctly glob files on windows by @damyanpetev in https://github.com/IgniteUI/igniteui-cli/pull/1511
+* fix(igx-ts-legacy): fix grid type import and add missing override by @Hristo313 in https://github.com/IgniteUI/igniteui-cli/pull/1519
+* Fix start and other npm exec commands by @damyanpetev in https://github.com/IgniteUI/igniteui-cli/pull/1520
+* fix(schematics): fs writeFile create check by @damyanpetev in https://github.com/IgniteUI/igniteui-cli/pull/1526
+* fix(packages): disable non-functional registry login attempt on upgrade by @damyanpetev in https://github.com/IgniteUI/igniteui-cli/pull/1528
+
+**Full Changelog**: https://github.com/IgniteUI/igniteui-cli/compare/14.9.1...14.9.2
+
 ## [14.9.1](https://github.com/IgniteUI/igniteui-cli/compare/14.9.0...14.9.1) (2026-02-25)
 
 ### What's Changed
@@ -6,7 +19,6 @@
 
 **Full Changelog**: https://github.com/IgniteUI/igniteui-cli/compare/14.9.0...14.9.1
 
-
 # [14.9.0](https://github.com/IgniteUI/igniteui-cli/compare/v14.8.5...14.9.0) (2026-02-25)
 
 🎉 This update includes:

packages/cli/lib/commands/start.ts

@@ -7,16 +7,16 @@ import { PositionalArgs, StartCommandType } from "./types";
 import { ArgumentsCamelCase } from "yargs";
 
 const execSyncNpmStart = (port: number, options: ExecSyncOptions): void => {
-	const args = ['start'];
 	if (port) {
 		// Validate port is a number to prevent command injection
 		if (!Number.isInteger(port) || port < 0 || port > 65535) {
 			Util.error(`Invalid port number: ${port}`, "red");
 			return;
 		}
-		args.push('--', `--port=${port}`);
+		Util.execSync(`npm start -- --port=${port}`, options);
+		return;
 	}
-	Util.spawnSync('npm', args, options);
+	Util.execSync(`npm start`, options);
 };
 
 const command: StartCommandType = {

packages/cli/package.json

@@ -1,6 +1,6 @@
 {
   "name": "igniteui-cli",
-  "version": "14.9.1",
+  "version": "14.9.2",
   "description": "CLI tool for creating Ignite UI projects",
   "keywords": [
     "CLI",
@@ -76,8 +76,8 @@
     "all": true
   },
   "dependencies": {
-    "@igniteui/angular-templates": "~21.1.1491",
-    "@igniteui/cli-core": "~14.9.1",
+    "@igniteui/angular-templates": "~21.1.1492",
+    "@igniteui/cli-core": "~14.9.2",
     "@inquirer/prompts": "^7.9.0",
     "@types/yargs": "^17.0.33",
     "chalk": "^5.3.0",

packages/core/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@igniteui/cli-core",
-  "version": "14.9.1",
+  "version": "14.9.2",
   "description": "Base types and functionality for Ignite UI CLI",
   "repository": {
     "type": "git",

packages/core/packages/PackageManager.ts

@@ -1,11 +1,14 @@
-import { spawn } from "child_process";
+import { exec } from "child_process";
 import * as path from "path";
 import { TemplateManager } from "../../cli/lib/TemplateManager";
 import { Config, FS_TOKEN, IFileSystem, ProjectTemplate } from "../types";
 import { App, ProjectConfig, Util } from "../util";
 
 import componentsConfig = require("./components");
 
+/** @internal */
+export const REGISTRY_ATTEMPT_LOGIN = false;
+
 export class PackageManager {
 	private static ossPackage: string = "ignite-ui";
 	private static fullPackage: string = "@infragistics/ignite-ui-full";
@@ -45,6 +48,10 @@ export class PackageManager {
 			const version = ossVersion ? `@"${ossVersion}"` : "";
 			const errorMsg = "Something went wrong, " +
 				"please follow the steps in this guide: https://www.igniteui.com/help/using-ignite-ui-npm-packages";
+			Util.log(
+				"The project you've created requires the full version of Ignite UI from Infragistics private feed.",
+				"gray"
+			);
 			// fallback to @latest, in case when igniteui-full does not have a matching version to ossVersion
 			// ex: "ignite-ui": "^21.1.13" BUT  --> ignite-ui-full": "^21.1.11" (no 21.1.13 released).
 			// TODO: update temp fix - only working in 21.1.11 without errors
@@ -88,9 +95,8 @@ export class PackageManager {
 		const config = ProjectConfig.localConfig();
 		if (!config.packagesInstalled) {
 			let command: string;
-			let managerCommand: string;
+			const managerCommand = this.getManager();
 
-			managerCommand = this.getManager();
 			switch (managerCommand) {
 				case "npm":
 				/* passes through */
@@ -123,49 +129,52 @@ export class PackageManager {
 	}
 
 	public static removePackage(packageName: string, verbose: boolean = false): boolean {
+		let command: string;
 		const managerCommand = this.getManager();
-		let args: string[];
+		const sanitizePackage = Util.sanitizeShellArg(packageName);
 		switch (managerCommand) {
 			case "npm":
 			/* passes through */
 			default:
-				args = ['uninstall', packageName, '--quiet', '--save'];
+				command = `${managerCommand} uninstall ${sanitizePackage} --quiet --save`;
 				break;
 		}
 		try {
 			// tslint:disable-next-line:object-literal-sort-keys
-			Util.spawnSync(managerCommand, args, { stdio: "pipe", encoding: "utf8" });
+			Util.execSync(command, { stdio: "pipe", encoding: "utf8" });
 		} catch (error) {
-			Util.log(`Error uninstalling package ${packageName} with ${managerCommand}`);
+			Util.log(`Error uninstalling package ${sanitizePackage} with ${managerCommand}`);
 			if (verbose) {
 				Util.log(error.message);
 			}
 			return false;
 		}
 
-		Util.log(`Package ${packageName} uninstalled successfully`);
+		Util.log(`Package ${sanitizePackage} uninstalled successfully`);
 		return true;
 	}
 
 	public static addPackage(packageName: string, verbose: boolean = false): boolean {
 		const managerCommand = this.getManager();
-		const args = this.getInstallArgs(packageName);
+		const sanitizePackage = Util.sanitizeShellArg(packageName);
+		const command = this.getInstallCommand(managerCommand, sanitizePackage);
 		try {
 			// tslint:disable-next-line:object-literal-sort-keys
-			Util.spawnSync(managerCommand, args, { stdio: "pipe", encoding: "utf8" });
+			Util.execSync(command, { stdio: "pipe", encoding: "utf8" });
 		} catch (error) {
-			Util.log(`Error installing package ${packageName} with ${managerCommand}`);
+			Util.log(`Error installing package ${sanitizePackage} with ${managerCommand}`);
 			if (verbose) {
 				Util.log(error.message);
 			}
 			return false;
 		}
-		Util.log(`Package ${packageName} installed successfully`);
+		Util.log(`Package ${sanitizePackage} installed successfully`);
 		return true;
 	}
 
 	public static async queuePackage(packageName: string, verbose = false) {
-		const args = this.getInstallArgs(packageName).map(arg => arg === '--save' ? '--no-save' : arg);
+		const command = this.getInstallCommand(this.getManager(), Util.sanitizeShellArg(packageName))
+			.replace("--save", "--no-save");
 		const [packName, version] = packageName.split(/@(?=[^\/]+$)/);
 		const packageJSON = this.getPackageJSON();
 		if (!packageJSON.dependencies) {
@@ -190,24 +199,13 @@ export class PackageManager {
 		// D.P. Concurrent install runs should be supported
 		// https://github.com/npm/npm/issues/5948
 		// https://github.com/npm/npm/issues/2500
-		const managerCommand = this.getManager();
 		const task = new Promise<{ packageName, error, stdout, stderr }>((resolve, reject) => {
-			const child = spawn(managerCommand, args);
-			let stdout = '';
-			let stderr = '';
-			child.stdout?.on('data', (data) => {
-				stdout += data.toString();
-			});
-			child.stderr?.on('data', (data) => {
-				stderr += data.toString();
-			});
-			child.on('close', (code) => {
-				const error = code !== 0 ? new Error(`Process exited with code ${code}`) : null;
-				resolve({ packageName, error, stdout, stderr });
-			});
-			child.on('error', (err) => {
-				resolve({ packageName, error: err, stdout, stderr });
-			});
+			const child = exec(
+				command, {},
+				(error, stdout, stderr) => {
+					resolve({ packageName, error, stdout, stderr });
+				}
+			);
 		});
 		task["packageName"] = packName;
 		this.installQueue.push(task);
@@ -233,16 +231,17 @@ export class PackageManager {
 	}
 
 	public static ensureRegistryUser(config: Config, message: string): boolean {
-		const fullPackageRegistry = config.igPackageRegistry;
+		const fullPackageRegistry = Util.sanitizeShellArg(config.igPackageRegistry);
 		try {
 			// tslint:disable-next-line:object-literal-sort-keys
-			Util.spawnSync('npm', ['whoami', `--registry=${fullPackageRegistry}`], { stdio: 'pipe', encoding: 'utf8' });
+			Util.execSync(`npm whoami --registry=${fullPackageRegistry}`, { stdio: "pipe", encoding: "utf8" });
 		} catch (error) {
+			if (!REGISTRY_ATTEMPT_LOGIN) {
+				Util.log(message, "gray");
+				return true;
+			}
+
 			// try registering the user:
-			Util.log(
-				"The project you've created requires the full version of Ignite UI from Infragistics private feed.",
-				"gray"
-			);
 			Util.log(
 				"We are initiating the login process for you. This will be required only once per environment.",
 				"gray"
@@ -257,20 +256,16 @@ export class PackageManager {
 			if (process.stdin.isTTY) {
 				process.stdin.setRawMode(true);
 			}
-			const cmd = /^win/.test(process.platform) ? "npm.cmd" : "npm"; //https://github.com/nodejs/node/issues/3675
-			const login = Util.spawnSync(cmd,
-				["adduser", `--registry=${fullPackageRegistry}`, `--scope=@infragistics`, `--auth-type=legacy`],
-				{ stdio: "inherit" }
-			);
-			if (login?.status === 0) {
+
+			try {
+				Util.execSync(
+					`npm login --registry=${fullPackageRegistry} --scope=@infragistics --auth-type=legacy`,
+					{ stdio: "inherit" }
+				);
 				//make sure scope is configured:
-				try {
-					Util.spawnSync('npm', ['config', 'set', `@infragistics:registry`, fullPackageRegistry]);
-					return true;
-				} catch (error) {
-					return false;
-				}
-			} else {
+				Util.execSync(`npm config set @infragistics:registry ${fullPackageRegistry}`);
+				return true;
+			} catch (error) {
 				Util.log(message, "red");
 				return false;
 			}
@@ -292,11 +287,7 @@ export class PackageManager {
 		}
 	}
 
-	private static getInstallArgs(packageName: string): string[] {
-		return ['install', packageName, '--quiet', '--save'];
-	}
-
-	private static getManager(/*config:Config*/): string {
+	private static getManager(/*config:Config*/): 'npm' {
 		//stub to potentially swap out managers
 		return "npm";
 	}

packages/core/update/Update.ts

@@ -55,7 +55,7 @@ export async function updateWorkspace(rootPath: string): Promise<boolean> {
 	}
 	const pkgJSON = JSON.parse(fileString);
 
-	const errorMsg = "Something went wrong, please follow the steps in this guide: " + guideLink;
+	const errorMsg = "Can't detect/setup Infragistics feed login required for licensed packages.\nSee: " + guideLink;
 	if (!PackageManager.ensureRegistryUser(config, errorMsg)) {
 		return false;
 	}

packages/core/util/Util.ts

@@ -283,11 +283,6 @@ export class Util {
 		}
 
 		for (const key of Object.keys(source)) {
-			// Skip keys that can affect the prototype of objects to avoid prototype pollution vulnerabilities
-			if (key === "__proto__" || key === "constructor") {
-				continue;
-			}
-
 			const sourceKeyIsArray = Array.isArray(source[key]);
 			const targetHasThisKey = target.hasOwnProperty(key);
 
@@ -321,6 +316,21 @@ export class Util {
 		}
 	}
 
+	/**
+	 * Fairly aggressive sanitize removing anything but ASCII, numbers and a few needed chars that have no action:
+	 * - semicolons (:), dots (.), underscores (_) for paths/URLs
+	 * - dashes (-) & forward slashes (/) for packages and paths/URLs
+	 * - at (@), non-leading tilde (~) for package scope & version
+	 * @remarks
+	 * Most shells should be UTF-enabled, but current usage is very limited thus no need for `\p{L}`
+	 */
+	public static sanitizeShellArg(arg: string): string {
+		return arg
+			.replace(/[^a-z0-9@:_~\^\/\.\-]/gi, '') // remove unsafe chars
+			.replace(/\^(?!\d)/g, '') // keep only ^<digit>
+			.replace(/^~/, ''); // remove leading ~
+	}
+
 	/**
 	 * Execute synchronous command with options
 	 * @param command Command to be executed
@@ -353,29 +363,18 @@ export class Util {
 	}
 
 	/**
-     * Execute synchronous command with options using spawnSync
-     * @param command Command to be executed
-     * @param args Command arguments
-     * @param options Command options
-     * @throws {Error} On non-zero exit code. Error has 'status', 'signal', 'output', 'stdout', 'stderr'
-     */
-	public static spawnSync(command: string, args: string[], options?: SpawnSyncOptions) {
-		try {
-			return spawnSync(command, args, options);
-		} catch (error) {
-			// Handle potential process interruption
-			// Check if the error output ends with "^C"
-			if (error.stderr && error.stderr.toString().endsWith() === "^C") {
-				return process.exit();
-			}
-
-			// Handle specific exit codes for different signals
-			if (error.status === 3221225786 || error.status > 128) {
-				return process.exit();
-			}
-
-			throw error;
-		}
+	 * Execute synchronous command with options using spawnSync
+	 * @param command Command to be executed
+	 * NOTE: `spawn` without `shell` (unsafe) is **not** equivalent to `exec` & requires direct path to run the correct process on win,
+	 * e.g. `npm.cmd` but that is also blocked in node@24+ for security reasons
+	 * Do not call with/add commands that are not known binaries without validating first
+	 * @param args Command arguments
+	 * @param options Command options
+	 * @returns {SpawnSyncReturns} object with status and stdout
+	 * @remarks Consuming code MUST handle the result and check for failure status!
+	 */
+	public static spawnSync(command: 'node' | 'git', args: string[], options?: Omit<SpawnSyncOptions, 'shell'>) {
+		return spawnSync(command, args, options);
 	}
 
 	/**
@@ -388,8 +387,7 @@ export class Util {
 			const options: any = { cwd: path.join(parentRoot, projectName), stdio: [process.stdin, "ignore", "ignore"] };
 			Util.execSync("git init", options);
 			Util.execSync("git add .", options);
-			const commitMessage = `"Initial commit for project: ${projectName}"`;
-			Util.spawnSync('git', ['commit', '-m', commitMessage], options);
+			Util.execSync("git commit -m " + "\"Initial commit for project\"", options);
 			Util.log(Util.greenCheck() + " Git Initialized and Project '" + projectName + "' Committed");
 		} catch (error) {
 			Util.error("Git initialization failed. Install Git in order to automatically commit the project.", "yellow");

packages/igx-templates/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@igniteui/angular-templates",
-  "version": "21.1.1491",
+  "version": "21.1.1492",
   "description": "Templates for Ignite UI for Angular projects and components",
   "repository": {
     "type": "git",
@@ -12,7 +12,7 @@
   "author": "Infragistics",
   "license": "MIT",
   "dependencies": {
-    "@igniteui/cli-core": "~14.9.1",
+    "@igniteui/cli-core": "~14.9.2",
     "typescript": "~5.5.4"
   }
 }