I don't think the reported issues below are actually applicable to your project (they seem to be specific to git itself), but I wanted you to know what the OWASP dependency check produces for the projects that depend on git-branch version 0.7.0:

• CVE-2014-9938: contrib/completion/git-prompt.sh in Git before 1.9.3 does not sanitize branch names in the PS1 variable, allowing a malicious repository to cause code execution.
• CVE-2010-2542: Stack-based buffer overflow in the is_git_directory function in setup.c in Git before 1.7.2.1 allows local users to gain privileges via a long gitdir: field in a .git file in a working copy.
• CVE-2008-5516: The web interface in git (gitweb) 1.5.x before 1.5.5 allows remote attackers to execute arbitrary commands via shell metacharacters related to git_search.
• CVE-2015-7082: Multiple unspecified vulnerabilities in Git before 2.5.4, as used in Apple Xcode before 7.2, have unknown impact and attack vectors. NOTE: this CVE is associated only with Xcode use cases.
• CVE-2013-0308: The imap-send command in GIT before 1.8.1.4 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
• CVE-2010-3906: Cross-site scripting (XSS) vulnerability in Gitweb 1.7.3.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) f and (2) fp parameters.
• CVE-2015-7545: The (1) git-remote-ext and (2) unspecified other remote helper programs in Git before 2.3.10, 2.4.x before 2.4.10, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 do not properly restrict the allowed protocols, which might allow remote attackers to execute arbitrary code via a URL in a (a) .gitmodules file or (b) unknown other sources in a submodule.
• CVE-2017-14867: Git before 2.10.5, 2.11.x before 2.11.4, 2.12.x before 2.12.5, 2.13.x before 2.13.6, and 2.14.x before 2.14.2 uses unsafe Perl scripts to support subcommands such as cvsserver, which allows attackers to execute arbitrary OS commands via shell metacharacters in a module name. The vulnerable code is reachable via git-shell even without CVS support.

I try to use this package to react native, but I get an error that tells me to install some packages like fs, path, os. I have try it, but I still get an error 'Attempted to assign to readonly property'

Hi,

git-branch return null when executed from a Azure Git Pipeline, I dont think it come from the git as there is no problem with another utility : git-last-commit

I'm having "fun" getting this package to initially load

// App.js
const branch = require('git-branch');
console.log('gitBranch', branch);

TypeError: util.promisify is not a function
(anonymous function)

  3 | const fs = require('fs');
  4 | const util = require('util');
  5 | const find = require('findup-sync');
> 6 | const readFile = util.promisify(fs.readFile);

tested with:
node v8.11.4 and v.9.3.0

I'm getting the following error in Node-Red:

"TypeError: util.promisify is not a function"

Was on node v7.4.0, upgraded to v8.17.0 and v10.2.0, still the same error.

Can you please help?

Dependencies include kind-of v3 and braces v2. The current release of findup-sync is 4.0.0

#12

In a git worktree, there's no .git/HEAD file, so gitHeadPath will return an error path.

Consider using find-git-root instead of findup-sync

According to the docs usage is something like this:

var branch = require('git-branch');
console.log(branch);

This worked fine in 0.1.x but in 0.2.x require('git-branch') returns a function instead of the branch as a string. What's worse, is that that function always returns "master", no matter what branch I'm in.