search

mateodelnorte / meta

tool for turning many repos into a meta repo. why choose many repos or a monolithic repo, when you can have both with a meta repo?
MIT License
2.06k stars 100 forks source link

meta git commands fail with Error: spawn EINVAL on latest Node versions in Windows #334

Open ocsurfnut opened 7 months ago

ocsurfnut commented 7 months ago

🐛 Bug Report

╰─❯ meta git pull
Error: spawn EINVAL
    at ChildProcess.spawn (node:internal/child_process:421:11)
    at spawn (node:child_process:761:9)
    at Command.executeSubCommand (C:\Users\WISMITH\AppData\Roaming\npm\node_modules\meta\node_modules\commander\index.js:565:12)
    at Command.parse (C:\Users\WISMITH\AppData\Roaming\npm\node_modules\meta\node_modules\commander\index.js:489:17)
    at exports.run (C:\Users\WISMITH\AppData\Roaming\npm\node_modules\meta\index.js:47:11)
    at Object.<anonymous> (C:\Users\WISMITH\AppData\Roaming\npm\node_modules\meta\bin\meta:8:15)
    at Module._compile (node:internal/modules/cjs/loader:1369:14)
    at Module._extensions..js (node:internal/modules/cjs/loader:1427:10)
    at Module.load (node:internal/modules/cjs/loader:1206:32)
    at Module._load (node:internal/modules/cjs/loader:1022:12) {
  errno: -4071,
  code: 'EINVAL',
  syscall: 'spawn'

To Reproduce

Steps to reproduce the behavior:

Start with

╰─❯ node --version
v20.12.2

on a Windows machine

then execute meta git ...

Expected behavior

Command processes as normal.

ocsurfnut commented 7 months ago

This is due to Node patching CVE-2024-27980 on Windows: https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2

It can be worked around by adding { shell: true } to any spawn() commands. Since you've got a super old version of commander.js forked, you could add here: https://github.com/mateodelnorte/commander.js/blob/master/index.js#L563 and https://github.com/mateodelnorte/commander.js/blob/master/index.js#L565 .

Made that change locally in node_modules/commander and resolved the issue for me. I would contribute, but I cannot push a branch to your fork.

Incidentally, any plans to update to latest commander.js?

turejaku commented 5 months ago

Hello,

I'm currently experiencing the same issue. Is there any chance to fix it in the near future?

Sumant-HSV commented 4 months ago

Kindly Fix this

ddc-aaroncope commented 2 months ago

knock knock...anyone maintaining this repo any longer? image

navy1978 commented 1 month ago

Hi, it seems this can be easily fixed :" users can now pass { shell: true } as an option to prevent the occurrence of EINVALs errors."

https://nodejs.org/en/blog/vulnerability/april-2024-security-releases-2

can you please fix it? Or can we create a PR for this?