[[FIX]] Remove shelljs

The "shelljs" package upon which JSHint depends includes a security
vulnerability [1]. Futhermore, that package's coupling to Node.js runs
contrary to JSHint's goal to support the Rhino runtime.

Replace the package with a minimal implementation.

This commit was forcibly pushed to the main development branch in order
to correct a formatting error in the original version.

[1] #3599

Author: jugglinmike

package-lock.json

@@ -46,7 +46,6 @@
     "htmlparser2": "3.8.x",
     "lodash": "~4.17.21",
     "minimatch": "~3.0.2",
-    "shelljs": "0.3.x",
     "strip-json-comments": "1.0.x"
   },
   "devDependencies": {

package.json

@@ -3,13 +3,13 @@
 var _                 = require("lodash");
 var cli               = require("cli");
 var path              = require("path");
-var shjs              = require("shelljs");
 var minimatch         = require("minimatch");
 var htmlparser        = require("htmlparser2");
 var exit              = require("exit");
 var stripJsonComments = require("strip-json-comments");
 var JSHINT            = require("./jshint.js").JSHINT;
 var defReporter       = require("./reporters/default").reporter;
+var fsUtils           = require("./fs-utils");
 
 var OPTIONS = {
   "config": ["c", "Custom configuration file", "string", false ],
@@ -89,7 +89,7 @@ function findConfig(file) {
   else if (envs) {
     home = path.normalize(path.join(envs, ".jshintrc"));
 
-    if (shjs.test("-e", home))
+    if (fsUtils.exists(home))
       return home;
   }
 
@@ -108,7 +108,7 @@ function getHomeDir() {
 
   while (paths.length) {
     homePath = paths.shift();
-    if (homePath && shjs.test("-e", homePath)) {
+    if (fsUtils.exists(homePath)) {
       return homePath;
     }
   }
@@ -177,7 +177,7 @@ function findFile(name, cwd) {
 
   var parent = path.resolve(cwd, "../");
 
-  if (shjs.test("-e", filename)) {
+  if (fsUtils.exists(filename)) {
     findFileResults[filename] = filename;
     return filename;
   }
@@ -203,7 +203,7 @@ function loadIgnores(params) {
     return [];
   }
 
-  var lines = (file ? shjs.cat(file) : "").split("\n");
+  var lines = (file ? fsUtils.readFile(file) : "").split("\n");
   var exclude = params.exclude || "";
   lines.unshift.apply(lines, exclude.split(","));
 
@@ -237,7 +237,7 @@ function isIgnored(fp, patterns) {
       return true;
     }
 
-    if (shjs.test("-d", fp) && ip.match(/^[^\/\\]*[\/\\]?$/) &&
+    if (fsUtils.isDirectory(fp) && ip.match(/^[^\/\\]*[\/\\]?$/) &&
       fp.match(new RegExp("^" + ip + ".*"))) {
       return true;
     }
@@ -419,15 +419,15 @@ function collect(fp, files, ignores, ext) {
     return;
   }
 
-  if (!shjs.test("-e", fp)) {
+  if (!fsUtils.exists(fp)) {
     cli.error("Can't open " + fp);
     return;
   }
 
-  if (shjs.test("-d", fp)) {
-    shjs.ls(fp).forEach(function(item) {
+  if (fsUtils.isDirectory(fp)) {
+    fsUtils.readDirectory(fp).forEach(function(item) {
       var itempath = path.join(fp, item);
-      if (shjs.test("-d", itempath) || item.match(ext)) {
+      if (fsUtils.isDirectory(itempath) || item.match(ext)) {
         collect(itempath, files, ignores, ext);
       }
     });
@@ -458,8 +458,8 @@ function lint(code, results, config, data, file) {
   if (config.prereq) {
     config.prereq.forEach(function(fp) {
       fp = path.join(config.dirname, fp);
-      if (shjs.test("-e", fp))
-        buffer.push(shjs.cat(fp));
+      if (fsUtils.exists(fp))
+        buffer.push(fsUtils.readFile(fp));
     });
     delete config.prereq;
   }
@@ -529,13 +529,13 @@ var exports = {
       return {};
     }
 
-    if (!shjs.test("-e", fp)) {
+    if (!fsUtils.exists(fp)) {
       cli.error("Can't find config file: " + fp);
       exports.exit(1);
     }
 
     try {
-      var config = JSON.parse(stripJsonComments(shjs.cat(fp)));
+      var config = JSON.parse(stripJsonComments(fsUtils.readFile(fp)));
       config.dirname = path.dirname(fp);
 
       if (config['extends']) {
@@ -653,7 +653,7 @@ var exports = {
       var errors = [];
 
       try {
-        code = shjs.cat(file);
+        code = fsUtils.readFile(file);
       } catch (err) {
         cli.error("Can't open " + file);
         exports.exit(1);

src/cli.js

@@ -0,0 +1,61 @@
+"use strict";
+
+var fs = require("fs");
+
+/**
+ * Determine if a file or directory is present at the given filesystem path.
+ *
+ * @param {string} name
+ *
+ * @returns {boolean}
+ */
+exports.exists = function(name) {
+  return fs.existsSync(name);
+};
+
+/**
+ * Determine if a directory is present at the given filesystem path.
+ *
+ * @param {string} name
+ *
+ * @returns {boolean}
+ */
+exports.isDirectory = function(name) {
+  var stat;
+  try {
+    stat = fs.statSync(name);
+  } catch (error) {
+    if (error.code === "ENOENT") {
+      return false;
+    }
+
+    throw error;
+  }
+
+  return stat.isDirectory();
+};
+
+/**
+ * Read a UTF-8-encoded file.
+ *
+ * @param {string} name
+ *
+ * @returns {string}
+ */
+exports.readFile = function(name) {
+  return fs.readFileSync(name, "utf8");
+};
+
+/**
+ * Retrieve the name of the files and directories within a given directory.
+ *
+ * @param {string} name
+ *
+ * @returns {string[]}
+ */
+exports.readDirectory = function(name) {
+  return fs.readdirSync(name)
+    .filter(function(name) {
+      return name[0] !== ".";
+    });
+};