Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Link bins on Windows by using a shim/launcher executable #71

Open
1 task done
segevfiner opened this issue Dec 14, 2022 · 0 comments
Open
1 task done

Link bins on Windows by using a shim/launcher executable #71

segevfiner opened this issue Dec 14, 2022 · 0 comments
Labels
Needs Triage needs an initial review

Comments

@segevfiner
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Current Behavior

The current bin links on Windows use a cmd, and and a ps1 script, this has a few side effects which aren't that nice to users of node on Windows:

  1. When launched by the cmd launcher script, you will get the dreaded ye olde "Terminate batch job (Y/N)" prompt, which is quite annoying.
  2. Scripts are not callable via ExecuteProcess, requiring a shell to execute them, which can often be a source of security vulnerabilities in the form of shell injection attacks, and is not convenient, nor consistent with the behavior on POSIX operating systems.
  3. When a parent process invokes such a script and later tries to kill it via TerminateProcess, only the shell will be killed, leaving an orphaned node process, which is, again, unlike what happens on POSIX operating systems when launched via a script with a shebang.

The Python ecosystem has developed a cleaver workaround for this issues by using a launcher executable that is appended with the path to the script it should execute.

This solves the problems in the following way:

  1. It is an exe, so no "Terminate batch job (Y/N)" even in cmd.
  2. It is an exe, so callable via regular ExecuteProcess.
  3. It establishes a job around the child so that the child is killed on TerminateProcess of the launcher.

It also includes some other handling for other edge cases/behaviors so everything is seamless.

The code for that is available here https://github.com/pypa/distlib/tree/master/PC (PSF licensed AFAIK)

Note that this effects npm (& Yarn/pnpm) itself, as well as any bin links for anything it installs.

Expected Behavior

For bin links in Windows to be as seamless as in POSIX operating system or when using Python & pip.

Steps To Reproduce

  1. Hit Ctrl-C while running a script from cmd using a bin link created by this package.
  2. Try to ExecuteProcess such a bin link via the PATH. E.g. fry to ExecuteProcess npm itself.
  3. Launch some long running script and try to TerminateProcess on the resulting PID, the script will be left running.

Environment

  • npm: 9.2.0
  • Node: 16.19.0
  • OS: Windows 11 x64
  • platform: PC
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Needs Triage needs an initial review
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@segevfiner