Open nhh opened 3 years ago
Hi,
not exactly a solution to your problem, but Mandrel, which is a downstream distribution of the GraalVM Community Edition, does not contain a node
binary.
You can install it with
sdk install java 20.2.0.0-mandrel
The same problem here, I always have to delete those files (node
, npm
, npx
) because GraalJS is not build with ICU and fails to install some packages with npm
.
Bug report This may be a security issue because that behavior acts the same on every other distributed sdkman package. And several executables can be implicitely distributed and executed. (my guess)
When installing a sdkman package like
sdk install java 20.2.0.r11-grl
the$GRAALVM_HOME/bin
will be added to the systems$PATH
configuration. GraalVM also distributes in their/bin
folder a graaljs version of nodejs.$GRAALVM_HOME/bin/node
So when the
$GRAALVM_HOME
path is before your usual nodejs installation path, the system will execute the implicitly distributed graaljs version instead of nodejs versionThere is also this configuration in my .zshrc, which is suggested during installation.
I propose that sdkman should only prepend executables related to the installed package, like "java" instead of everything what is available in the path. (I dont know if sdkman prepends every executable, or if this is just how $PATH works)
To reproduce
$GRAALVM_HOME/bin
on the first placenode --version
Please refer to the initial discussion with the GraalVM team: https://github.com/graalvm/graaljs/issues/370
System info
SDKMAN 5.9.1+575