You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The standalone binaries of Marp CLI are currently produced by Vercel's pkg. However, due to the discontinuation of the pkg project in favor of Node.js's efforts, we must consider migrating.
pkg has been deprecated with 5.8.1 as the last release. There are a number of successful forked versions of pkg already with various feature additions. Further, we’re excited about Node.js 21’s support for single executable applications. Thank you for the support and contributions over the years. The repository will remain open and archived.
but pkg does not work with latest version of node.js and i am facing problems with the node.js inbuilt single executable application feature plz help if anyone know the correct way , i got stuck when it told to remove es module to common js
Node.js SEA is still primitive, and it would take much longer time to make stable use. Meanwhile, we should switch pkg into well-maintained community fork @yao-pkg/pkg.
I could not find out a specific patch for the elevation of privilege vulnerability CVE-2024-24828, so I cannot say for certain that the forked pkg ensures the safety. However, yao-pkg/pkg#55 looks a good patch for known CVE. (yao-pkg/pkg#51 (comment))
Node.js v19.7 and later include experimental support for single executable applications.
The standalone binaries of Marp CLI are currently produced by Vercel's pkg. However, due to the discontinuation of the pkg project in favor of Node.js's efforts, we must consider migrating.
pkg is still working but using compiled binary would be dangerous, due to the elevation of privilege vulnerability. (CVE-2024-24828)
The text was updated successfully, but these errors were encountered: