node icon indicating copy to clipboard operation
node copied to clipboard

Published 20 hours ago verified publisher icon nodejs

A digitally signed PowerShell script does not work with non LTS Node.js version with "AllSigned" PowerShell policy

Open amit-turnkey opened this issue 5 months ago • 4 comments

Version

Non LTS version of Node.js( e.g. 22.6 )

Platform

Windows 10 64 bit and Windows server 2022 standard edition 64 bit

Subsystem

No response

What steps will reproduce the bug?

We have a PowerShell script that is digitally signed using our organization's code signing certificate. This script is responsible for launching a local Node.js service. When the PowerShell execution policy is set to "AllSigned," the script works as expected with the Long Term Support (LTS) version of Node.js. However, the script fails to run with other versions of Node.js under the "AllSigned" policy. If the PowerShell execution policy is changed from "AllSigned" to another policy, the script successfully runs with these other Node.js versions.

  • Set the PowerShell execution policy to "AllSigned."
  • Attempt to run the signed PowerShell script with a non-LTS version of Node.js installed.
  • Observe that the script fails to launch the Node.js service.
  • Change the PowerShell execution policy to something other than "AllSigned." e.g. "Remote Signed"
  • Attempt to run the script again with the same non-LTS Node.js version.
  • Observe that the script now runs successfully and the Node.js service is up and running.

How often does it reproduce? Is there a required condition?

It always failed to run with another version of node.js except LTS.

What is the expected behavior? Why is that the expected behavior?

Expected Behavior: Node.js service must be up. The signed PowerShell script should launch Node.js service with any version of Node.js when the execution policy is set to "AllSigned."

Actual Behavior: The Node.js service only runs successfully with the LTS version of Node.js when the execution policy is "AllSigned." For other versions, it fails unless the policy is changed.

What do you see instead?

Actual Behavior: The Node.js service only runs successfully with the LTS version of Node.js when the execution policy is "AllSigned." For other versions, it fails unless the policy is changed.

Additional information

Environment:

PowerShell Execution Policy: AllSigned Node.js Versions: LTS and other versions Digital Signature: Organization-based code signing certificate

amit-turnkey avatar Sep 24 '24 11:09 amit-turnkey