Use -print0/-0 or -exec + to allow for non-alphanumeric filenames. Open
find `pwd` -name '*.js' | xargs -I jsfile acorn jsfile; echo $?
- Read upRead up
- Exclude checks
Use -print0/-0 or find -exec + to allow for non-alphanumeric filenames.
Problematic code:
find . -type f | xargs md5sum
Correct code:
find . -type f -print0 | xargs -0 md5sum
find . -type f -exec md5sum {} +
Rationale:
By default, xargs
interprets spaces and quotes in an unsafe and unexpected way. Whenever it's used, it should be used with -0
or --null
to split on \0
bytes, and find
should be made to output \0
separated filenames.
POSIX does not require find or xargs to support null terminators, so you can also use find -exec +
.
Exceptions
None.
Notice
Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.
Quote this to prevent word splitting. Open
find `pwd` -name '*.js' | xargs -I jsfile acorn jsfile; echo $?
- Read upRead up
- Exclude checks
Quote this to prevent word splitting
Problematic code:
ls -l $(getfilename)
Correct code:
# getfilename outputs 1 file
ls -l "$(getfilename)"
# getfilename outputs multiple files, linefeed separated
getfilename | while IFS='' read -r line
do
ls -l "$line"
done
Rationale:
When command expansions are unquoted, word splitting and globbing will occur. This often manifests itself by breaking when filenames contain spaces.
Trying to fix it by adding quotes or escapes to the data will not work. Instead, quote the command substitution itself.
If the command substitution outputs multiple pieces of data, use a loop instead.
Exceptions
In rare cases you actually want word splitting, such as in
gcc $(pkg-config --libs openssl) client.c
This is because pkg-config
outputs -lssl -lcrypto
, which you want to break up by spaces into -lssl
and -lcrypto
. An alternative is to put the variables to an array and expand it:
args=( $(pkg-config --libs openssl) )
gcc "${args[@]}" client.c
The power of using an array becomes evident when you want to combine, for example, the command result with user-provided arguments:
compile () {
args=( $(pkg-config --libs openssl) "${@}" )
gcc "${args[@]}" client.c
}
compile -DDEBUG
+ gcc -lssl -lcrypto -DDEBUG client.c
Notice
Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.
Use $(..) instead of legacy ..
. Open
find `pwd` -name '*.js' | xargs -I jsfile acorn jsfile; echo $?
- Read upRead up
- Exclude checks
Use $(STATEMENT) instead of legacy `STATEMENT`
Problematic code
echo "Current time: `date`"
Correct code
echo "Current time: $(date)"
Rationale
Backtick command substitution `STATEMENT`
is legacy syntax with several issues.
- It has a series of undefined behaviors related to quoting in POSIX.
- It imposes a custom escaping mode with surprising results.
- It's exceptionally hard to nest.
$(STATEMENT)
command substitution has none of these problems, and is therefore strongly encouraged.
Exceptions
None.
See also
Notice
Original content from the ShellCheck https://github.com/koalaman/shellcheck/wiki.