Lines 1-44javascript
2var __importDefault = (this && this.__importDefault) || function (mod) {
3 return (mod && mod.__esModule) ? mod : { "default": mod };
5Object.defineProperty(exports, "__esModule", { value: true });
6exports.loginCommand = loginCommand;
7exports.logoutCommand = logoutCommand;
8exports.whoamiCommand = whoamiCommand;
9const chalk_1 = __importDefault(require("chalk"));
10const crypto_1 = __importDefault(require("crypto"));
11const http_1 = __importDefault(require("http"));
12const config_js_1 = require("../config.js");
13const api_js_1 = require("../api.js");
14const WEB_BASE = process.env.ORTH_WEB_URL || "https://orthogonal.sh";
15function escapeHtml(str) {
17 .replace(/&/g, "&")
18 .replace(/</g, "<")
19 .replace(/>/g, ">")
20 .replace(/"/g, """)
21 .replace(/'/g, "'");
23function openBrowser(url) {
24 // Use execFile-style args to avoid shell injection
25 const { execFile } = require("child_process");
26 const platform = process.platform;
HighSame File Env Network Execution
A single source file combines environment access, network access, and code or shell execution; review context before blocking.
dist/commands/auth.jsView on unpkg · L10 HighChild Process
Package source references child process execution.
dist/commands/auth.jsView on unpkg · L24 27 if (platform === "darwin")
HighSandbox Evasion Gated Capability
Source gates dangerous network, credential, or execution behavior behind CI, host, platform, time, or geo fingerprint checks.
dist/commands/auth.jsView on unpkg · L10 28 execFile("open", [url]);
29 else if (platform === "win32")
30 execFile("cmd", ["/c", "start", "", url]);
32 execFile("xdg-open", [url]);
34async function browserLogin() {
35 // Generate a random state token to prevent CSRF
36 const state = crypto_1.default.randomBytes(32).toString("hex");
37 return new Promise((resolve, reject) => {
39 const server = http_1.default.createServer((req, res) => {
40 const url = new URL(req.url || "/", `http://localhost`);
41 if (url.pathname === "/callback") {
42 const key = url.searchParams.get("key");
43 const error = url.searchParams.get("error");
44 const returnedState = url.searchParams.get("state");