[MuffinFlavored]

This is like... eval? I thought eval was bad?

[ants_everywhere]

Eval with an uncanny valley shell whose commands behave similar to the way you expect, but not necessarily exactly the way you expect.

[lioeters]

Eval is bad if you're passing it untrusted input. It can be useful in some situations if you know what you're doing.

As for Bun Shell, it runs what you tell it to, just like a shell script or command line in the terminal. It's similar to running file system functions or spawning child processes. It will let you do some damage, sure, but that's your responsibility, "with great power", etc.

[voiper1]

Nope - there's at least one layer of safety:

>For security, all template variables are escaped:

>// This will run `ls 'foo.js; rm -rf /'` >const results = await $`ls ${filename}`; >console.log(results.stderr.toString()); // ls: cannot access 'foo.js; rm -rf /': No such file or directory

[seniorsassycat]

Potential User input is separated from code in the tagged template. $`rm ${"dir"}` is not the same as $`rm dir`