You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current bin links on Windows use a cmd, and and a ps1 script, this has a few side effects which aren't that nice to users of node on Windows:
When launched by the cmd launcher script, you will get the dreaded ye olde "Terminate batch job (Y/N)" prompt, which is quite annoying.
Scripts are not callable via ExecuteProcess, requiring a shell to execute them, which can often be a source of security vulnerabilities in the form of shell injection attacks, and is not convenient, nor consistent with the behavior on POSIX operating systems.
When a parent process invokes such a script and later tries to kill it via TerminateProcess, only the shell will be killed, leaving an orphaned node process, which is, again, unlike what happens on POSIX operating systems when launched via a script with a shebang.
The Python ecosystem has developed a cleaver workaround for this issues by using a launcher executable that is appended with the path to the script it should execute.
This solves the problems in the following way:
It is an exe, so no "Terminate batch job (Y/N)" even in cmd.
It is an exe, so callable via regular ExecuteProcess.
It establishes a job around the child so that the child is killed on TerminateProcess of the launcher.
It also includes some other handling for other edge cases/behaviors so everything is seamless.
Is there an existing issue for this?
Current Behavior
The current bin links on Windows use a cmd, and and a ps1 script, this has a few side effects which aren't that nice to users of node on Windows:
ExecuteProcess
, requiring a shell to execute them, which can often be a source of security vulnerabilities in the form of shell injection attacks, and is not convenient, nor consistent with the behavior on POSIX operating systems.TerminateProcess
, only the shell will be killed, leaving an orphaned node process, which is, again, unlike what happens on POSIX operating systems when launched via a script with a shebang.The Python ecosystem has developed a cleaver workaround for this issues by using a launcher executable that is appended with the path to the script it should execute.
This solves the problems in the following way:
ExecuteProcess
.TerminateProcess
of the launcher.It also includes some other handling for other edge cases/behaviors so everything is seamless.
The code for that is available here https://github.com/pypa/distlib/tree/master/PC (PSF licensed AFAIK)
Note that this effects npm (& Yarn/pnpm) itself, as well as any bin links for anything it installs.
Expected Behavior
For bin links in Windows to be as seamless as in POSIX operating system or when using Python & pip.
Steps To Reproduce
ExecuteProcess
such a bin link via thePATH
. E.g. fry toExecuteProcess
npm itself.TerminateProcess
on the resulting PID, the script will be left running.Environment
The text was updated successfully, but these errors were encountered: