Error when running npm script with Yarn: "ERR spawn EINVAL

Question

I'm encountering an error when trying to run an npm script that involves Yarn. Here's the sequence of events:

1. I've initialized a project with create-react-app.
2. Added the following script to my package.json file

"scripts": {
    "lint": "yarn add -D prettier && yarn add -D babel-eslint && npx install-peerdeps --dev eslint-config-airbnb && yarn add -D eslint-config-prettier eslint-plugin-prettier"
}

3. When I run npm run lint, I'm prompted whether to use Yarn, to which I respond with "y".
4. However, I'm getting the following error: "ERR spawn EINVAL".

I tried installing Yarn globally using npm install -g yarn, but the issue persists.I've checked for any relevant configuration settings or environment variables, but couldn't find any apparent cause for the error.

My environment: Windows 11

> node --version  
v20.12.2

> npm --v
10.5.0

> yarn --v
yarn install v1.22.22

Answer 1

The error was caused by a security update in Node.js.

From that blog:

It is important to note that there has been a breaking change for Windows users who utilize child_process.spawn and child_process.spawnSync. Node.js will now error with EINVAL if a .bat or .cmd file is passed to child_process.spawn and child_process.spawnSync without the shell option set. If the input to spawn/spawnSync is sanitized, users can now pass { shell: true } as an option to prevent the occurrence of EINVALs errors.

Since the command you run (install-peerdeps) called the spawn method without that option set (link to code), the script failed with that error.

That blog also introduced a workaround, although it is not recommended, and I am not sure if this works with npx:

While it is possible to also pass --security-revert=CVE-2024-27980 to revert the security patch, we strongly advise against doing so.

If you really need the peer dependencies to be installed automatically, you may need to write your own script or switch your package manager to npm which supports this starting from v7.