Prerequisites
Please answer the following questions for yourself before submitting an issue.
Current Behavior
Since I updated to node 24, I get warnings:
(node:79383) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
Failure Information (for bugs)
Steps to Reproduce
❯ pnpm install
Lockfile is up to date, resolution step is skipped
Already up to date
. prepare$ husky
└─ Done in 50ms
Done in 1.8s using pnpm v10.22.0
❯ si
📦 pnpm install
(node:80559) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
(Use `node --trace-deprecation ...` to show where the warning was created)
Lockfile is up to date, resolution step is skipped
Already up to date
. prepare$ husky
└─ Done in 52ms
Done in 2.4s using pnpm v10.22.0
(node:80551) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
(Use `node --trace-deprecation ...` to show where the warning was created)
❯ NODE_OPTIONS='--trace-deprecation' si
📦 pnpm install
(node:80765) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
at normalizeSpawnArguments (node:child_process:644:15)
at spawn (node:child_process:789:13)
at runCommand (file:///home/ptandler/.local/share/mise/installs/npm-swpm/2.6.0/lib/node_modules/swpm/src/helpers/cmds.js:61:19)
at file:///home/ptandler/.local/share/mise/installs/npm-swpm/2.6.0/lib/node_modules/swpm/src/cli/swpm.js:69:1
Lockfile is up to date, resolution step is skipped
Already up to date
. prepare$ husky
└─ Done in 45ms
Done in 1.7s using pnpm v10.22.0
(node:80757) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
at normalizeSpawnArguments (node:child_process:644:15)
at spawnSync (node:child_process:870:8)
at spreadCommand (file:///home/ptandler/.local/share/mise/installs/npm-swpm/2.6.0/lib/node_modules/swpm/src/helpers/cmds.js:80:19)
at file:///home/ptandler/.local/share/mise/installs/npm-swpm/2.6.0/lib/node_modules/swpm/src/alias/si.js:4:1
at ModuleJob.run (node:internal/modules/esm/module_job:377:25)
at async onImport.tracePromise.__proto__ (node:internal/modules/esm/loader:671:26)
at async asyncRunEntryPointWithESMLoader (node:internal/modules/run_main:101:5)
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.
- swpm Version: 2.6.0
- node Version: 24.11.1
- Package Manager: pnpm
- Package Manager Version: 10.22.0
- Operating System: Ubuntu 22.04
Prerequisites
Please answer the following questions for yourself before submitting an issue.
Current Behavior
Since I updated to node 24, I get warnings:
(node:79383) [DEP0190] DeprecationWarning: Passing args to a child process with shell option true can lead to security vulnerabilities, as the arguments are not escaped, only concatenated.
Failure Information (for bugs)
Steps to Reproduce
Context
Please provide any relevant information about your setup. This is important in case the issue is not reproducible except for under certain conditions.