Apparently newlines are always converted to \n instead of os.EOL. Fixed in the second commit.

Windows has a separate issue with executing shx. Still looking into the correct fix.

It turns out that Windows poses an extra issue. node_modules/.bin/ is populated with .bat files, but .bat and .cmd files require a shell. This is a major use case, so I think we have no choice but to enable the shell option on Windows and to resort to meta-character-escaping. I'll investigate and add a section to the doc.

Currently investigating Windows behavior on branch dns-cmd-on-win (which is not intended to be submitted, but it's easier to experiment with appveyor than to experiment locally).

would this fix the security issue described here? embarklabs/embark#1329

Hi all! I would like to clarify: this pull request adds a new feature to our module. It is not a security fix.

shell.exec() is working as intended, and it is the dependent module's responsibility to use this method securely. Please see our security guidelines, and feel free to respond to #945 (comment) if you have further questions regarding Snyk or Github/WhiteSource's vulnerability reports.

Thank you for the clarification @nfischer and your hard work!

Codecov Report

Merging #866 into master will increase coverage by 0.07%.
The diff coverage is 100%.

@@            Coverage Diff             @@
##           master     #866      +/-   ##
==========================================
+ Coverage   97.14%   97.22%   +0.07%     
==========================================
  Files          34       35       +1     
  Lines        1298     1332      +34     
==========================================
+ Hits         1261     1295      +34     
  Misses         37       37

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 05374a7...186412d. Read the comment docs.