[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-5762":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":9,"htmlUrl":10,"language":11,"languages":10,"totalLinesOfCode":10,"stars":12,"forks":13,"watchers":14,"openIssues":15,"contributorsCount":16,"subscribersCount":16,"size":16,"stars1d":16,"stars7d":16,"stars30d":17,"stars90d":16,"forks30d":16,"starsTrendScore":16,"compositeScore":18,"rankGlobal":10,"rankLanguage":10,"license":19,"archived":20,"fork":20,"defaultBranch":21,"hasWiki":22,"hasPages":20,"topics":23,"createdAt":10,"pushedAt":10,"updatedAt":27,"readmeContent":28,"aiSummary":29,"trendingCount":16,"starSnapshotCount":16,"syncStatus":30,"lastSyncTime":31,"discoverSource":32},5762,"shellharden","anordal\u002Fshellharden","anordal","The corrective bash syntax highlighter","",null,"Rust",4785,133,46,7,0,5,58.88,"Mozilla Public License 2.0",false,"master",true,[24,25,26],"lint","policy","syntax-highlighter","2026-06-12 04:00:27","\u003Cimg src=\"img\u002Flogo.png\" align=\"right\"\u002F>\n\n[![Build and test status](https:\u002F\u002Fgithub.com\u002Fanordal\u002Fshellharden\u002Factions\u002Fworkflows\u002Fbuild-and-tests.yml\u002Fbadge.svg?branch=master)](https:\u002F\u002Fgithub.com\u002Fanordal\u002Fshellharden\u002Factions\u002Fworkflows\u002Fbuild-and-tests.yml)\n\nShellharden\n===========\n\nShellharden is a syntax highlighter and a tool to semi-automate the rewriting\nof scripts to ShellCheck conformance, mainly focused on quoting.\n\nThe default mode of operation is like `cat`, but with syntax highlighting in\nforeground colors and suggestive changes in background colors:\n\n![real-world example](img\u002Fex-realworld.png)\n\nAbove: Selected portions of `xdg-desktop-menu` as highlighted by Shellharden.\nThe foreground colors are syntax highlighting, whereas the background colors\n(green and red) show characters that Shellharden would have added or removed\nif let loose with the `--transform` option.\nBelow: An artificial example that shows more tricky cases and special features.\n\n![artificial example](img\u002Fex-artificial.png)\n\nWhy\n---\n\nA variable in bash is like a hand grenade – take off its quotes, and it starts ticking. Hence, rule zero of [bash pitfalls][1]: Always use quotes.\n\nName\n----\n\nShellharden can do what Shellcheck can't: Apply the suggested changes.\n\nIn other words, harden vulnerable shellscripts.\nThe builtin assumption is that the script does not *depend* on the vulnerable behavior –\nthe user is responsible for the code review.\n\nShellharden was previously known as \"Naziquote\".\nIn the right jargon, that was the best name ever,\nbut oh so misleading and unspeakable to outsiders.\n\nI couldn't call it \"bash cleaner\" either, as that means \"poo smearer\" in Norwegian.\n\nPrior art\n---------\n\n* [Shellcheck][2] is a wonderful tool to *detect*, and give general advice, about vulnerable bash code. The only thing missing is something to say yes with, and *apply* those advice (assuming proper review of course).\n\n* I asked [this SO question][3], for a tool that could rewrite bash scripts with proper quoting. One answerer beat me to it. But if it was me, I would do a syntax highlighter in the same tool (as a way to see if the parser gets lost, and make the most out of the parser, because bash is like quantum mechanics – nobody really knows how it works).\n\nGet it\n------\n\nDistro packages:\n\n[![Packaging status](https:\u002F\u002Frepology.org\u002Fbadge\u002Fvertical-allrepos\u002Fshellharden.svg)](https:\u002F\u002Frepology.org\u002Fproject\u002Fshellharden\u002Fversions)\n\n[Official rust package](https:\u002F\u002Fcrates.io\u002Fcrates\u002Fshellharden):\n\n    cargo install shellharden\n\nBuild from source\n-----------------\n\n    cargo build --release\n\n### Install\n\n    mv target\u002Frelease\u002Fshellharden ~\u002F.local\u002Fbin\u002F\n\n### Run tests\n\n    cargo test\n\n(requires bash)\n\n### Test coverage\n\n    env RUSTFLAGS=\"-C instrument-coverage\" LLVM_PROFILE_FILE='run-%m.profraw' cargo test\n    grcov . --binary-path .\u002Ftarget\u002Fdebug\u002F -s . -t html -o .\u002Fcoverage\u002F\n    rm run-*.profraw\n    open coverage\u002Fsrc\u002Findex.html\n\n### Fuzz test\n\n    cargo install cargo-afl\n    cargo afl build --release\n    cargo afl fuzz -i moduletests\u002Foriginal -o \u002Ftmp\u002Ffuzz-shellharden target\u002Frelease\u002Fshellharden ''\n\nUsage advice\n------------\n\nDon't apply `--transform` blindly; code review is still necessary: A script that *relies* on unquoted behavior (implicit word splitting and glob expansion from variables and command substitutions) to work as intended will do none of that after getting the `--transform` treatment!\n\nIn that unlucky case, ask yourself whether the script has any business in doing that. All too often, it's just a product of classical shellscripting, and would be better off rewritten, such as by using arrays. Even in the opposite case, say the business logic involves word splitting; that can still be done without invoking globbing. In short: There is always a better way than the forbidden syntax (if not more explicit), but some times, a human must step in to rewrite. See how, in the accompanying [how to do things safely in bash](how_to_do_things_safely_in_bash.md).\n\n[1]: http:\u002F\u002Fmywiki.wooledge.org\u002FBashPitfalls\n[2]: https:\u002F\u002Fwww.shellcheck.net\u002F\n[3]: http:\u002F\u002Fstackoverflow.com\u002Fquestions\u002F41104131\u002Ftool-to-automatically-rewrite-a-bash-script-with-proper-quoting\n","Shellharden 是一个用于 Bash 脚本的语法高亮工具，能够半自动化地重写脚本以符合 ShellCheck 规范，特别关注引号的使用。它通过前景色进行语法高亮，并用背景色标记建议更改的部分，帮助开发者识别和修正潜在的安全问题。该工具基于 Rust 语言开发，支持多种安装方式，包括通过 Cargo 安装或从源码构建。适合于需要提高 Bash 脚本安全性和可维护性的场景，例如在持续集成\u002F持续部署（CI\u002FCD）流程中自动检查和修复脚本错误。",2,"2026-06-11 03:05:00","top_language"]