Closed cliffAtOsaic closed 1 month ago
A recent security update in Node prevents execution of shell/batch scripts. See https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2.
The fix is to call spawnSync with the parameter { shell: true } on Windows.
spawnSync
{ shell: true }
I am working on a fix for this; only putting it here to document the issue.
https://github.com/TypeFox/npm-dependency-graph/issues/42 https://github.com/nodejs/node/issues/52681
> npx yarn-audit-fix Resolve bins Error: spawnSync npm.cmd EINVAL at Object.spawnSync (node:internal/child_process:1124:20) at Object.spawnSync (node:child_process:876:24) ... at ModuleJob.run (node:internal/modules/esm/module_job:222:25) at async ModuleLoader.import (node:internal/modules/esm/loader:316:24) { errno: -4071, code: 'EINVAL', syscall: 'spawnSync npm.cmd', path: 'npm.cmd', spawnargs: [ '--version' ] } Failure! { error: Error: spawnSync npm.cmd EINVAL at Object.spawnSync (node:internal/child_process:1124:20) at Object.spawnSync (node:child_process:876:24) ... at ModuleJob.run (node:internal/modules/esm/module_job:222:25) at async ModuleLoader.import (node:internal/modules/esm/loader:316:24) { errno: -4071, code: 'EINVAL', syscall: 'spawnSync npm.cmd', path: 'npm.cmd', spawnargs: [ '--version' ] }, status: null, signal: null, output: null, pid: 0, stdout: null, stderr: null } node:internal/modules/run_main:129 triggerUncaughtException( ^ { error: Error: spawnSync npm.cmd EINVAL at Object.spawnSync (node:internal/child_process:1124:20) at Object.spawnSync (node:child_process:876:24) ... at ModuleJob.run (node:internal/modules/esm/module_job:222:25) at async ModuleLoader.import (node:internal/modules/esm/loader:316:24) { errno: -4071, code: 'EINVAL', syscall: 'spawnSync npm.cmd', path: 'npm.cmd', spawnargs: [ '--version' ] }, status: null, signal: null, output: null, pid: 0, stdout: null, stderr: null } Node.js v20.15.1
Test cases are actually failing with this error which is good. Tests are working :)
Description
A recent security update in Node prevents execution of shell/batch scripts. See https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2.
The fix is to call
spawnSync
with the parameter{ shell: true }
on Windows.I am working on a fix for this; only putting it here to document the issue.
Related issues
https://github.com/TypeFox/npm-dependency-graph/issues/42 https://github.com/nodejs/node/issues/52681
Console output