The latest versions of Node include a security vulnerability fix which now requires calling spawn() with shell: true on Windows (Node security release blog).
node-pre-gyp info using node-pre-gyp@1.0.11
node-pre-gyp info using node@20.13.0 | win32 | x64
node-pre-gyp ERR! UNCAUGHT EXCEPTION
node-pre-gyp ERR! stack Error: spawn EINVAL
node-pre-gyp ERR! stack at ChildProcess.spawn (node:internal/child_process:421:11)
node-pre-gyp ERR! stack at Object.spawn (node:child_process:761:9)
node-pre-gyp ERR! stack at module.exports.run_gyp (C:\Users\circleci\project\node_modules\@mapbox\node-pre-gyp\lib\util\compile.js:80:18)
node-pre-gyp ERR! stack at C:\Users\circleci\project\node_modules\@mapbox\node-pre-gyp\lib\configure.js:44:15
node-pre-gyp ERR! stack at handle_gyp_opts (C:\Users\circleci\project\node_modules\@mapbox\node-pre-gyp\lib\util\handle_gyp_opts.js:101:10)
node-pre-gyp ERR! stack at configure (C:\Users\circleci\project\node_modules\@mapbox\node-pre-gyp\lib\configure.js:12:3)
node-pre-gyp ERR! stack at self.commands.<computed> [as configure] (C:\Users\circleci\project\node_modules\@mapbox\node-pre-gyp\lib\node-pre-gyp.js:86:37)
node-pre-gyp ERR! stack at run (C:\Users\circleci\project\node_modules\@mapbox\node-pre-gyp\lib\main.js:81:30)
node-pre-gyp ERR! stack at Object.<anonymous> (C:\Users\circleci\project\node_modules\@mapbox\node-pre-gyp\lib\main.js:125:1)
node-pre-gyp ERR! stack at Module._compile (node:internal/modules/cjs/loader:1358:14)
I'm currently working around this by using patch-package with the following patch:
The latest versions of Node include a security vulnerability fix which now requires calling
spawn()
withshell: true
on Windows (Node security release blog).I'm currently working around this by using patch-package with the following patch: