vrr/spawn
2
0
Fork 0
mirror of https://github.com/OpenRouterTeam/spawn.git synced 2026-04-28 11:59:29 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix: address medium security findings from #753 (#755)

Browse source 
- Replace `echo -e` with `printf` in cli/install.sh for macOS bash 3.x compat
- Remove `-u` (nounset) from test/run.sh — use `${VAR:-}` pattern instead
- Replace `source <(curl ...)` with `eval "$(curl ...)"` in test/run.sh for curl|bash compat
- Add .gitignore patterns for sensitive files (.env, *.pem, *.key, credentials)

Refs #753

Agent: security-auditor

Co-authored-by: A <6723574+louisgv@users.noreply.github.com>
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
A 2026-02-12 15:48:52 -08:00 committed by GitHub
parent 4bd5f2205f
commit 4e33cc39cd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 17 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
cli/install.sh
View file

@ -21,9 +21,9 @@ YELLOW='\033[1;33m'
BOLD='\033[1m'
NC='\033[0m'
log_info() { echo -e "${GREEN}[spawn]${NC} $1"; }
log_warn() { echo -e "${YELLOW}[spawn]${NC} $1"; }
log_error() { echo -e "${RED}[spawn]${NC} $1"; }
log_info() { printf "${GREEN}[spawn]${NC} %s\n" "$1"; }
log_warn() { printf "${YELLOW}[spawn]${NC} %s\n" "$1"; }
log_error() { printf "${RED}[spawn]${NC} %s\n" "$1"; }
# --- Helper: compare semver strings ---
# Returns 0 (true) if $1 >= $2