Safe ways to do things in bash (2023) (github.com)

The article explains Shellharden’s methodology for writing bash “safely,” arguing that correct bash scripting is achievable through a finite set of rewrites. It focuses first on the core rule to always quote variable expansions and command substitutions to prevent word splitting and pathname globbing. It also covers related style/syntax guidance such as preferring $(cmd) over backticks, using braces for certain substitution cases (like numbered positional parameters), and notes that scripts often require more than simply removing vulnerabilities—they may need to be rewritten differently.