This code appears to use child processes but doesn't sanitize the input. A project I was working on used this code for something like the following to run something in a container of the user's choosing:

docker.command('run <...> -d ' + containerName).then(...)

If the user just entered a semicolon after the container name, they could easily inject/run arbitrary commands on the host machine.

It's easy enough to only allow valid container names and nothing more in this instance, but the problem was not knowing that there was no sanitization being done behind the scenes. A more ambitious goal might be to make sure no malicious user input can get through, but until that's implemented there should at least be a note in the documentation about it.

Hello!
Could you provide a new release version with this feature: #18 (c6176d9) ? https://www.npmjs.com/package/docker-cli-js/v/2.7.1 2.7.1 seems too old.

Thanks!

I can't seem to find a way to run a docker exec command. This is what I tried:

await docker.command('--host docker exec -it mycontainer sh -c "echo Hello"', function (err, data) { console.log('data = ', data); });

--host docker is to specify that DOCKER_HOST is docker.

The output I got was data = null

Is there something I'm doing wrong, or is there no way to do a docker exec with this utility?

const inspect = await docker.command(`images -q ${imageTag}`);

results in:

{
  command: 'docker  images -q ghcr.io/trieb-work/XXXXXXXX:3.0.0-b.40',
  raw: '15e892c27a33\n',
  images: []
}

Not Work：

Success：

Using --password is now a hard error, this requires STDIN to pass in the password.

It looks like you're bringing all of lodash as a dependency, it would probably be better to just use lodash.snakecase that you are actually using.

Would add an optional second parameter to .command that has an echo parameter (default can be true, to not change behavior), that allows one to disable the terminal echo that happens.

var result = await docker.command('...', { echo:false });

I've been using the attached spawn.js
spawn.js.txt

wrapper to support similar functionality, you're welcome to utilize it...

I would like to be able to call docker run and use the output as a stream. For example: waiting for a specific log emitted by a server process.
Thank you for this wonderful library.

The usefulness of the docker run command with this library is somewhat limited by the fact that when the docker command is exec'd the no environment variables are passed through except DEBUG, HOME, and PATH.

In this function I call await docker.command('info'); and it works perfectly fine locally

export async function verifySystem() {
    const docker = new Docker();
    const result = await docker.command('info');
    if (!result.object) throw `You must install Docker to use Botfront. Please visit ${chalk.green('https://www.docker.com/products/docker-desktop')}`;
    const results = await promisify(check)({ node: '>= 8.9'});
    if (!results.versions.node.isSatisfied) {
        throw `You must upgrade your Node.js installation to use Botfront. Please visit ${chalk.green('https://nodejs.org/en/download/')}`
    };
}

Or in context: https://github.com/botfront/botfront/blob/master/cli/src/utils.js#L173

However when the package is installed from npm, the output of the Docker command is logged to the console. It can be reproduced as follows:

npm install -g botfront
botfront

➜  botfront git:(master) ✗ npm install -g botfront                                                                                                                                                                                                                                                                                              git:(master↓2|… 
/usr/local/bin/botfront -> /usr/local/lib/node_modules/botfront/bin/botfront

> [email protected] postinstall /usr/local/lib/node_modules/botfront
> echo Botfront succesfully installed. Run 'botfront' to get started.

Botfront succesfully installed. Run botfront to get started.
+ [email protected]
added 5 packages from 2 contributors and updated 115 packages in 7.033s
➜  botfront git:(master) ✗ botfront                                                                                                                                                                                                                                                                                                             git:(master↓2|… 
Client:
 Debug Mode: false

Server:
 Containers: 20
  Running: 6
  Paused: 0
  Stopped: 14
 Images: 82
 Server Version: 19.03.2
 Storage Driver: overlay2
...

Any idea why?