-
Notifications
You must be signed in to change notification settings - Fork 29.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Command run failed with error : spawn EINVAL #52554
Comments
Hi! This repo is mostly for issues regarding the NodeJS core, and we need further context/information to understand the problem. If you have an issue with VSCode or Fiori, please report it to them. Otherwise, please provide more context about the issue, such as stack traces and minimally reproducible examples. Thank you! |
This is a problem with Platform: Windows 10.0.19045 N/A Build 19045 Using Node.js v20.12.1:
Using Node.js 20.12.2:
|
Caused by 69ffc6d. @bnoordhuis @RafaelGSS Now that spawning
|
Use |
Awesome, that solves the problem for me. Thanks for the quick response @RafaelGSS ❤️ |
Thanks for the info! Sorry if I misunderstood the initial request! |
This seems like a very significant breaking behavior change to make in a patch version? My team observed this same issue from a different tool which spawns |
@ecraig12345, while the change maybe is a bit more than a patch, it has been released, so there's really nothing we can do about that specifically, but maybe we can make a sort-of note that this change occurred, so that users will understand how to continue using their projects, WDYT @RafaelGSS? I know we have the blog posts, but TBH not many end users will read all the way through the blogs to figure out this one issue, as not everyone reads the security updates Maybe a notice in the documentation? |
Summary: Node made a breaking change in a security release for 18/20 where `spawn()` no longer loads `.cmd` files by default. nodejs/node#52554. Execute command in shell. Differential Revision: D56230965
I think we can update the security release blog post to provide alternatives, then I can comment in the commit link to point to the blog post |
Great! |
According to our policy. We can only perform a breaking change in a semver-patch release if it's a security vulnerability is found. That was the case. We also provide a mechanism to revert this behaviour such as |
Added `{ shell: true }` to invocation spawn, to fix batch files no longer being directly spawnable in node. See nodejs/node#52554 (comment)
This is quite an invasisve change and because of #52017 I cannot propagate the |
If you don't have control of the process to pass the Please note, that this was a coordinated security release with other teams (Rust, PHP, ...) and per policy, we must fix it -- even if it breaks people, security is a must. We always attempt to create revert options (such as |
Version
v18.20.2
Platform
Microsoft Windows NT 10.0.19045.0 x64
Subsystem
No response
What steps will reproduce the bug?
How often does it reproduce? Is there a required condition?
everytime using npm start
What is the expected behavior? Why is that the expected behavior?
It should open the web browser with the started App
What do you see instead?
Command run failed with error : spawn EINVAL
Additional information
Happened first time after updating the node version.
Seems like a new problem after the security patch.
After downgrade it works fine.
See also: Link
The text was updated successfully, but these errors were encountered: