@tauri-apps/plugin-shell
Access the system shell. Allows you to spawn child processes and manage files and URLs using their default application.
This API has a scope configuration that forces you to restrict the programs and arguments that can be used.
On the configuration object, open: true means that the open API can be used with any URL,
as the argument is validated with the ^((mailto:\w+)|(tel:\w+)|(https?://\w+)).+ regex.
You can change that regex by changing the boolean value to a string, e.g. open: ^https://github.com/.
The plugin permissions object has a scope field that defines an array of CLIs that can be used.
Each CLI is a configuration object { name: string, cmd: string, sidecar?: bool, args?: boolean | Arg[] }.
name: the unique identifier of the command, passed to the Command.create function. If it’s a sidecar, this must be the value defined ontauri.conf.json > bundle > externalBin.cmd: the program that is executed on this configuration. If it’s a sidecar, this value is ignored.sidecar: whether the object configures a sidecar or a system program.args: the arguments that can be passed to the program. By default no arguments are allowed.truemeans that any argument list is allowed.falsemeans that no arguments are allowed.- otherwise an array can be configured. Each item is either a string representing the fixed argument value
or a
{ validator: string }that defines a regex validating the argument value.
CLI: git commit -m "the commit message"
Capability:
{ "permissions": [ { "identifier": "shell:allow-execute", "allow": [ { "name": "run-git-commit", "cmd": "git", "args": ["commit", "-m", { "validator": "\\S+" }] } ] } ]}Usage:
import { Command } from '@tauri-apps/plugin-shell'Command.create('run-git-commit', ['commit', '-m', 'the commit message'])Trying to execute any API with a program not configured on the scope results in a promise rejection due to denied access.
© 2025 Tauri Contributors. CC-BY / MIT