DEV.co
Open-Source DevOps · amoffat

sh

sh is a Python library that lets you call system commands (like git, ls, or curl) directly as Python functions instead of using subprocess. It works on Unix-like systems (Linux, macOS, BSD) and supports Python 3.8–3.14, making shell scripting and system automation more Pythonic.

Source: GitHub — github.com/amoffat/sh
7.2k
GitHub stars
505
Forks
Python
Primary language
MIT
License (OSI-approved)

Key facts

Objective fields from the source. Values we can't verify are shown as “Unknown” rather than guessed.

FieldValue
Repositoryamoffat/sh
Owneramoffat
Primary languagePython
LicenseMIT — OSI-approved
Stars7.2k
Forks505
Open issues1
Latest release2.3.0 (2026-06-09)
Last updated2026-06-11
Sourcehttps://github.com/amoffat/sh

What sh is

sh is a subprocess wrapper that dynamically creates Python functions for arbitrary system binaries, allowing natural syntax like `git('status')` instead of `subprocess.run()`. It handles process launching, output capture, streaming, and error handling on Unix platforms only; Windows is unsupported.

Quickstart

Get the sh source

Clone the repository and explore it locally.

terminalbash
git clone https://github.com/amoffat/sh.gitcd sh# follow the project's README for install & configuration

Need it deployed, integrated, or customized instead? DEV.co ships production installs.

Best use cases

DevOps & Infrastructure Automation

Ideal for scripts that orchestrate multiple system tools (git, docker, curl, etc.). Cleaner syntax reduces boilerplate compared to subprocess calls.

Development Tool Wrappers

Build Python CLI wrappers around native tools—testing frameworks, build systems, deployment pipelines—where command invocation is the primary logic.

System Administration & Monitoring

Monitor, query, and control system state via native commands (ps, systemctl, netstat) with Pythonic error handling and output parsing.

Implementation considerations

  • Verify Unix-like OS support before adoption; no Windows compatibility.
  • Error handling: sh raises exceptions on non-zero exit codes; wrap calls with try-except and plan recovery paths.
  • Output handling: understand streaming vs. capture modes to avoid buffering surprises or large output memory bloat.
  • Command injection risk: validate any dynamic parts of command names or arguments if sourced externally.
  • Dependency injection: ensure target system binaries (git, docker, etc.) are present and in PATH at runtime.

When to avoid it — and what to weigh

  • Windows Deployment Required — sh explicitly does not support Windows. If cross-platform is mandatory, subprocess or platform-specific alternatives are necessary.
  • Performance-Critical Binary Calls — sh incurs dynamic lookup and function generation overhead. For frequent, latency-sensitive subprocess calls, direct subprocess.run() may be more efficient.
  • Untrusted or User-Supplied Commands — sh's dynamic command invocation can increase attack surface if user input maps directly to system executables. Requires careful input validation and sandboxing.
  • Minimal Dependencies & Embedded Contexts — Adding a third-party dependency where subprocess suffices may complicate packaging, container images, or embedded use cases.

License & commercial use

MIT License. Permissive, OSI-approved. Allows commercial use, modification, and distribution with attribution and no liability.

MIT is a standard permissive OSI license. Commercial use is permitted. Ensure attribution as required by MIT terms. No warranty or liability indemnification is provided by the licensor.

DEV.co evaluation signals

Editorial assessment — not user reviews. Directional, with an explicit confidence level.

SignalAssessment
MaintenanceActive
DocumentationStrong
License clarityClear
Deployment complexityLow
DEV.co fitStrong
Assessment confidenceHigh
Security considerations

sh wraps system command execution. Key risks: (1) Command injection if user input is interpolated into command names or arguments—use explicit argument passing, not string concatenation. (2) PATH traversal—verify target binaries are from trusted sources. (3) Privilege escalation—subprocess runs with caller's permissions; avoid sudo/setuid patterns without isolation. (4) No built-in secret redaction—credentials in command output may leak to logs. Follow subprocess security best practices (input validation, least privilege, output sanitization).

Alternatives to consider

subprocess (stdlib)

Built-in, no dependency, broader platform support. Less syntactic sugar; requires more boilerplate but more explicit and portable.

invoke

Task-runner library with command execution, Pythonic syntax, and better composability for build/deployment workflows. Heavier-weight than sh.

Popen / subprocess.run (direct)

Lower-level, maximum control, no third-party overhead. Steeper learning curve but more testable and portable.

Software development agency

Build on sh with DEV.co software developers

Evaluate sh for your DevOps workflows. It's lightweight, well-maintained, and ideal for teams automating Unix-based infrastructure. Review the docs, test on a non-Windows platform, and plan for input validation if handling user commands.

Talk to DEV.co

Related open-source tools

Surfaced by semantic similarity across the DEV.co open-source index.

Related on DEV.co

Explore the category and the services that help you build with it.

sh FAQ

Does sh work on Windows?
No. sh explicitly does not support Windows. It relies on Unix system calls. Use subprocess or Windows-native alternatives on Windows.
How do I handle command-not-found errors?
sh raises an exception (typically `CommandNotFound` or subprocess error) when the binary is not in PATH. Catch with try-except and provide fallback logic.
Can I stream large command output without loading it all into memory?
Yes. sh supports streaming and iterator modes for large outputs. Refer to the documentation on `_iter` and streaming parameters.
Is sh safe for untrusted input?
No. Always validate and sanitize input before passing to sh commands. Avoid string interpolation; use explicit argument passing to prevent command injection.

Software developers & web developers for hire

From first prototype to production, DEV.co delivers software development services around tools like sh. Our software development agency staffs experienced software developers and web developers for custom software development, web development, integrations, and ongoing support across open-source devops and beyond.

Ready to Simplify Your System Automation?

Evaluate sh for your DevOps workflows. It's lightweight, well-maintained, and ideal for teams automating Unix-based infrastructure. Review the docs, test on a non-Windows platform, and plan for input validation if handling user commands.