Impossible to install Salesforce CLI with the fix of CVE-2024-27980 on NodeJS

[gdecaen-klint]

Summary

After installing the latest LTS version of NodeJS 20.12.2, I'm unable to install Salesforce CLI with npm

Steps To Reproduce

• Install the latest LTS version of NodeJS (20.12.2)
• run the following command in powershell : npm install @salesforce/cli -g

Expected result

Salesforce CLI installed correctly.

Actual result

Impossible to install Salesforce CLI
I have the following error:

1287 error command failed
1288 error command C:\WINDOWS\system32\cmd.exe /d /s /c node ./scripts/post-install-release-notes.js
1289 error node:internal/child_process:421
1289 error throw new ErrnoException(err, 'spawn');
1289 error ^
1289 error
1289 error Error: spawn EINVAL
1289 error at ChildProcess.spawn (node:internal/child_process:421:11)
1289 error at spawn (node:child_process:761:9)
1289 error at file:///C:/Users/Guillaume/AppData/Roaming/npm/node_modules/@salesforce/cli/scripts/post-install-release-notes.js:24:17
1289 error at new Promise ()
1289 error at main (file:////npm/node_modules/@salesforce/cli/scripts/post-install-release-notes.js:14:9)
1289 error at file:///C:/Users/Guillaume/AppData/Roaming/npm/node_modules/@salesforce/cli/scripts/post-install-release-notes.js:44:7 {
1289 error errno: -4071,
1289 error code: 'EINVAL',
1289 error syscall: 'spawn'
1289 error }
1289 error
1289 error Node.js v20.12.2

System Information

Windows 11

[github-actions]

Hello @gdecaen-klint 👋 It looks like you didn't include the full Salesforce CLI version information in your issue.
Please provide the output of version --verbose --json for the CLI you're using (sf or sfdx).

A few more things to check:

• Make sure you've provided detailed steps to reproduce your issue.
  • A repository that clearly demonstrates the bug is ideal.
• Make sure you've installed the latest version of Salesforce CLI. (docs)
  • Better yet, try the rc or nightly versions. (docs)
• Try running the doctor command to diagnose common issues.
• Search GitHub for existing related issues.

Thank you!

[gdecaen-klint]

I can't provide version output as I am unable to install Salesforce CLI

[WillieRuemmele]

I was able to install with node 20.12.2, but on mac. I will try windows soon.

we're using spawn to kick off a process in that post-install script. But it in that node version, that was disallowed. We're looking at how to reenable this functionality. Using the installers, or a different node version should work as an alternative while we address this

setting SF_HIDE_RELEASE_NOTES=true should allow that script to exit before attempting to spawn and work

[git2gus]

This issue has been linked to a new work item: W-15492081

[iowillhoit]

The fix for this (and other spawn uses) was shipped in nightly last night and will be promoted to latest-rc later today.

It will be promoted to latest on April 24th.