fix(server): add shell=True to npm subprocess calls for Windows compa…

[oguz-work]

…tibility

fix(server): add shell=True to npm subprocess calls for Windows compatibility

Description

Description:

This pull request introduces a small but essential fix to ensure that the Caldera server can successfully invoke npm commands on Windows environments.

📌 Problem
On Windows, subprocess.Popen() or subprocess.run() calls that execute npm commands without shell=True fail with a FileNotFoundError, even when npm is available in the system's PATH. This is due to how Windows handles executable resolution without a shell context.

🔧 Changes Made
Added shell=True to all subprocess calls that include npm in server.py.

No logic or behavior change on Unix-like systems (Linux/macOS), where this argument is harmless.

✅ Tested On
✅ Windows 10/11: npm commands now execute correctly

✅ Linux (Ubuntu 22.04): no side effects observed

🛡️ Impact
This change improves cross-platform compatibility, especially for Windows users who want to contribute to or extend Caldera without having to patch the code manually.

Type of change

Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• This change requires a documentation update

How Has This Been Tested?

Please describe the tests that you ran to verify your changes.

Checklist:

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have made corresponding changes to the documentation
• I have added tests that prove my fix is effective or that my feature works

[Copilot]

Pull Request Overview

This PR fixes Windows compatibility issues with npm subprocess calls by adding the shell=True parameter to all npm-related subprocess invocations in the server.py file.

• Adds shell=True parameter to npm subprocess calls to resolve Windows FileNotFoundError issues
• Maintains backward compatibility with Unix-like systems where the parameter is harmless
• Ensures cross-platform functionality for npm command execution

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[Copilot]

Using shell=True with asyncio.create_subprocess_shell is redundant since create_subprocess_shell already executes commands through the shell by default. Consider using asyncio.create_subprocess_exec with the command split into arguments for better security and consistency with the other subprocess calls.

Suggested change

	"npm run dev", stdout=sys.stdout, stderr=sys.stderr, cwd=MAGMA_PATH, shell=True
	"npm run dev", stdout=sys.stdout, stderr=sys.stderr, cwd=MAGMA_PATH

[Copilot]

Using shell=True with a list of arguments can lead to unexpected behavior and potential security issues. When using shell=True, the command should be passed as a string, not a list. Either change to string format or remove shell=True and handle Windows compatibility differently.

[Copilot]

Using shell=True with a list of arguments can lead to unexpected behavior and potential security issues. When using shell=True, the command should be passed as a string, not a list. Either change to string format or remove shell=True and handle Windows compatibility differently.

[sonarqubecloud]

Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 80%)

See analysis details on SonarQube Cloud