Windows Shell Hook Fix + Security
Fixed
- PowerShell npm/pnpm/yarn broken on Windows — the
foreachloop in the PowerShell hook resolved npm to its full application path (C:\Program Files\nodejs\npm.cmd). When this path contained spaces, POSIX-style quoting caused PowerShell to output a string literal instead of executing the command. Now uses bare command names, consistent with git/cargo/etc. (fixes #38) - PowerShell
_lcoff-by-one —$args[1..($args.Length)]produced an extra$nullelement. Replaced with& @argssplatting which correctly handles all argument counts. - Password shown in cleartext during
lean-ctx login— interactive password prompt now usesrpasswordto disable terminal echo, so passwords are never visible.
Improved
- Shell-aware command quoting —
shell_joinmoved frommain.rstoshell.rswith runtime shell detection. Three quoting strategies: PowerShell (& 'path'with''escaping), cmd.exe ("path"with\"escaping), and POSIX ('path'with'\''escaping). Previously used compile-timecfg!(windows)which was untestable and broke Git Bash on Windows. - 11 new unit tests for
join_command_forcovering all three shell quoting strategies with paths containing spaces, special characters, and empty arguments.
Dependencies
- Added
rpassword 7.4.0for secure password input.
Upgrade
cargo install lean-ctx # or
npm update -g lean-ctx-bin # or
brew upgrade lean-ctxFull Changelog: v3.1.1...v3.1.1