mjeffryes
commented
8 months ago I think we're probably hoping to move to https://nodejs.org/api/single-executable-applications.html but will probably wait to see if it stabilizes for NodeJS 22.
Open aureq opened 8 months ago
mjeffryes
commented
8 months ago I think we're probably hoping to move to https://nodejs.org/api/single-executable-applications.html but will probably wait to see if it stabilizes for NodeJS 22.
lukehoban
commented
6 months ago I think we're probably hoping to move to https://nodejs.org/api/single-executable-applications.html but will probably wait to see if it stabilizes for NodeJS 22.
Unfortunately, this is not stable yet - still at:
Stability: 1.1 - Active development
Also, there is no support for cross-compilation built in, and the current features are very low level, and would require us having a lot of complex logic for platform specific signing/etc.
I suspect we cannot move to this in the near term unfortunately.
I think there are a few near term options:
vercel/pkg and use that instead in the interim.All that said, we support Node 18 until April 2025, and I think the answer may have to be that authoring MLC's in Node requires Node 18 for now, until either (a) Ndoe SEA support becomes mature enough to move to or (b) we get closer to Node 18 leaving support, in which case we'll have no choice but to do one of (1) or (2) above.
theplatformer
commented
6 months ago https://github.com/yao-pkg/pkg is the most active and maintained fork, and currently has support for Node 20.11.1 as well as the updated 18.19.1.
That is likely the best short-term drop-in replacement, but the maintainer has already said there are no plans to keep maintaining it long term beyond the immediate needs from the community. They are also looking at Node SEA along with Deno and Bun as the better alternatives going forward.
https://github.com/yao-pkg/pkg/issues/5#issuecomment-1770129393
pierskarsenbarg
commented
6 months ago Unfortunately (and much to my disappointment) Bun won't work with Pulumi at the moment due to this issue: https://github.com/oven-sh/bun/issues/8823
There are other changes we need in our codebase as well, but my understanding is that we need http2 and grpc to work first
What happened?
As of January 2024,
vercel/pkghas been officially deprecated. Additionally, there's a recent security issue (local privilege escalation) that's unresolved https://github.com/vercel/pkg/security/advisories/GHSA-22r3-9w55-cj54This package is used as part of Pulumi CrossCode / Multi Language components.
With the current deprecation, users and customers who wrote MLC in TypeScript won't be able to upgrade above NodeJS 18 (latest officially working version).
Example
n/a
Output of
pulumi aboutn/a
Additional context
No response
Contributing
Vote on this issue by adding a 👍 reaction. To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).