AVG virus scan software --> trojan horse detected node module './url-state-machine'

[Guenthmn2]

Note Before you submit your issue, make sure that:

• You're using the latest version of Salesforce CLI.
• You've searched both open and closed issues for related posts.
• You've used the doctor command to diagnose common issues.
• You understand that GitHub Issues don't adhere to any agreement or SLA.
  • If you require immediate assistance, use official channels such as Salesforce Customer Support.

Summary

During my last CLI (Version 2.65.8-23a374a) update my Mac AVG virus scan software detected a --> trojan horse in the node module './url-state-machine' and quarantined the file.

Now in VS code, many commands are not working as './url-state-machine' is missing i.e

03:17:26.313 sf org:login:web --alias ccipss --instance-url https://test.salesforce.com --set-default node:internal/modules/cjs/loader:1225 const err = new Error(message); ^ Error: Cannot find module './url-state-machine'

Steps To Reproduce

On Mac install AVG Virus scan update to CLI (Version 2.65.8-23a374a)

Expected result

complete sf update without error and be able to execute org:login:web --alias ccipss --instance-url https://test.salesforce.com --set-default

Actual result

Error 1: MacBook-Air-3:~ user$ sf update @salesforce/cli: Updating CLI... already on version 2.65.8-23a374a NOTE: This error can be ignored in CI and may be silenced in the future

• Set the SF_HIDE_RELEASE_NOTES env var to "true" to skip this script

Class extends value undefined is not a constructor or null node:internal/modules/cjs/loader:1225 const err = new Error(message); ^

Error: Cannot find module './url-state-machine' Require stack:

• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL-impl.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/public-api.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/node-fetch/lib/index.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/request.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/transport.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/deviceOauthService.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/index.js at Module._resolveFilename (node:internal/modules/cjs/loader:1225:15) at Module._load (node:internal/modules/cjs/loader:1051:27) at Module.require (node:internal/modules/cjs/loader:1311:19) at require (node:internal/modules/helpers:179:18) at Object. (/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL-impl.js:2:13) at Module._compile (node:internal/modules/cjs/loader:1469:14) at Module._extensions..js (node:internal/modules/cjs/loader:1548:10) at Module.load (node:internal/modules/cjs/loader:1288:32) at Module._load (node:internal/modules/cjs/loader:1104:12) at Module.require (node:internal/modules/cjs/loader:1311:19) { code: 'MODULE_NOT_FOUND', requireStack: [ '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL-impl.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/public-api.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/node-fetch/lib/index.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/request.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/transport.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/deviceOauthService.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/index.js' ] }

Node.js v20.17.0

Error 2: Starting SFDX: Authorize an Org

03:17:26.313 sf org:login:web --alias ccipss --instance-url https://test.salesforce.com --set-default node:internal/modules/cjs/loader:1225 const err = new Error(message); ^

Error: Cannot find module './url-state-machine' Require stack:

• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL-impl.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/public-api.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/node-fetch/lib/index.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/request.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/transport.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/deviceOauthService.js
• /Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/index.js at Module._resolveFilename (node:internal/modules/cjs/loader:1225:15) at Module._load (node:internal/modules/cjs/loader:1051:27) at Module.require (node:internal/modules/cjs/loader:1311:19) at require (node:internal/modules/helpers:179:18) at Object. (/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL-impl.js:2:13) at Module._compile (node:internal/modules/cjs/loader:1469:14) at Module._extensions..js (node:internal/modules/cjs/loader:1548:10) at Module.load (node:internal/modules/cjs/loader:1288:32) at Module._load (node:internal/modules/cjs/loader:1104:12) at Module.require (node:internal/modules/cjs/loader:1311:19) { code: 'MODULE_NOT_FOUND', requireStack: [ '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL-impl.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/URL.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/whatwg-url/lib/public-api.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/node-fetch/lib/index.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/request.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@jsforce/jsforce-node/lib/transport.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/deviceOauthService.js', '/Users/user/.local/share/sf/client/2.65.8-23a374a/node_modules/@salesforce/core/lib/index.js' ] }

Node.js v20.17.0 03:17:27.233 sf org:login:web --alias ccipss --instance-url https://test.salesforce.com --set-default ended with exit code 1

Additional information

System Information

bash shell

MacBook-Air-3:~ user$ sf version --verbose --json
{
  "architecture": "darwin-x64",
  "cliVersion": "@salesforce/cli/2.65.8",
  "nodeVersion": "node-v20.17.0",
  "osVersion": "Darwin 24.1.0",
  "rootPath": "/Users/user/.local/share/sf/client/2.65.8-23a374a",
  "shell": "bash",
  "pluginVersions": [
    "@oclif/plugin-autocomplete 3.2.7 (core)",
    "@oclif/plugin-commands 4.1.5 (core)",
    "@oclif/plugin-help 6.2.16 (core)",
    "@oclif/plugin-not-found 3.2.24 (core)",
    "@oclif/plugin-plugins 5.4.15 (core)",
    "@oclif/plugin-search 1.2.13 (core)",
    "@oclif/plugin-update 4.6.8 (core)",
    "@oclif/plugin-version 2.2.15 (core)",
    "@oclif/plugin-warn-if-update-available 3.1.20 (core)",
    "@oclif/plugin-which 3.2.16 (core)",
    "@salesforce/cli 2.65.8 (core)",
    "apex 3.5.5 (core)",
    "api 1.3.1 (core)",
    "auth 3.6.70 (core)",
    "data 3.9.0 (core)",
    "deploy-retrieve 3.15.4 (core)",
    "info 3.4.15 (core)",
    "limits 3.3.37 (core)",
    "marketplace 1.3.2 (core)",
    "org 5.0.2 (core)",
    "packaging 2.8.12 (core)",
    "schema 3.3.39 (core)",
    "settings 2.4.2 (core)",
    "sobject 1.4.44 (core)",
    "telemetry 3.6.18 (core)",
    "templates 56.3.26 (core)",
    "trust 3.7.38 (core)",
    "user 3.6.0 (core)",
    "@salesforce/sfdx-scanner 4.7.0 (user) published 13 days ago (Tue Oct 29 2024)"
  ]

[github-actions[bot]]

Thank you for filing this issue. We appreciate your feedback and will review the issue as soon as possible. Remember, however, that GitHub isn't a mechanism for receiving support under any agreement or SLA. If you require immediate assistance, contact Salesforce Customer Support.

[Guenthmn2]

I know, I had to fully uninstall remove the CLI, and reinstall and it is now working correctly, but you should investigate the issue with the flagged node module

[cristiand391]

it's coming from the whatwg-url dependency, see maintainer's comment: https://github.com/jsdom/whatwg-url/issues/280#issuecomment-2468813145