Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Warning about electron's removal of Node.js vm module

See original GitHub issue

Hi, I am using bytenode to encrypt my electron application source code and it works very well, here is the version I am currently using.

"bytenode": "^1.1.7"
"electron": "^12.0.0"

When I packaged the app, electron gave me a warning that

The vm module of Node.js is deprecated in the renderer process and will be removed.

This is electron’s Release Notes Persisted.

I would like to ask if electron really removed the vm module of Node.js in the renderer process, will it be affected if I continue to use bytenode？

Issue Analytics

State:
Created 3 years ago
Comments:13 (1 by maintainers)

Top GitHub Comments

4reactions

OsamaAbbascommented, Mar 6, 2021

Bytenode depends on vm in order to work. So removing it may break bytenode.

I can think of a workaround if vm is removed, but I need to try it first to make sure it works.

3reactions

OsamaAbbascommented, Dec 10, 2022

I can think of a workaround if vm is removed, but I need to try it first to make sure it works.

@OsamaAbbas What was your idea for the work around?

I tried to remember it but could not!

Almost a year ago I was not able to remember what the workaround that I had to restore bytenode functionality if electron goes with removing vm module.

Strangely enough, I remembered it suddenly yesterday, so I wanted to record it here before I forget it again!

Depending on how electron would remove the support for vm in the renderer process, we have two options:

Just replace require('vm'); with require('node:vm');. This trivial solution works for now and it does not trigger the deprecation warning. ( This is because of how they are intercepting the require request, they only look for vm specifically. See it here reset-search-paths.ts#L10 ).
If electron decides to take a more radical approach by blocking every possible way to reach to the vm module (which seems unreasonable and hopefully unlikely), the other option will be creating a custom vm module. It’s a hacky solution and I have not try this workaround (fully) yet, but it should work.