DEP0190:使用 shell 选项 true 将 args 传递给 node:child_process execFile/spawn

¥DEP0190: Passing args to node:child_process execFile/spawn with shell option true

类型：仅文档

¥Type: Documentation-only

当使用选项 { shell: true } 将 args 数组传递给 child_process.execFile 或 child_process.spawn 时，值不会被转义，只会以空格分隔，这可能导致 shell 注入。

¥When an args array is passed to child_process.execFile or child_process.spawn with the option { shell: true }, the values are not escaped, only space-separated, which can lead to shell injection.