You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Nov 20, 2025. It is now read-only.
Would it be possible to reconsider the use of exec so that the authentication does nit require spawn of processes? The permission model will be eventually opted in by many to reduce risks of running malicious executables in case of any dependency was compromised.
file:///app/dist/modules/google-cloud/subscriber.js:83
throw error;
^
Error: Access to this API has been restricted. Use --allow-child-process to manage permissions.
cloud-sql-proxy {"severity":"INFO","timestamp":"2025-11-20T16:20:09.699Z","message":"Authorizing with Application Default Credentials"}
cloud-sql-proxy {"severity":"INFO","timestamp":"2025-11-20T16:20:14.203Z","message":"[xxxxxxxxxxxxx] Listening on 127.0.0.1:5432"}
at ChildProcess.spawn (node:internal/child_process:396:28)
at spawn (node:child_process:796:9)
at Object.execFile (node:child_process:349:17)
at exec (node:child_process:236:25)
at /app/node_modules/.pnpm/google-auth-library@10.5.0/node_modules/google-auth-library/build/src/auth/googleauth.js:606:38
at new Promise (<anonymous>)
at GoogleAuth.getDefaultServiceProjectId (/app/node_modules/.pnpm/google-auth-library@10.5.0/node_modules/google-auth-library/build/src/auth/googleauth.js:605:16)
at GoogleAuth.findAndCacheProjectId (/app/node_modules/.pnpm/google-auth-library@10.5.0/node_modules/google-auth-library/build/src/auth/googleauth.js:160:34)
at process.processTicksAndRejections (node:internal/process/task_queues:103:5) {
code: 'ERR_ACCESS_DENIED',
permission: 'ChildProcess',
resource: '/bin/sh'
}
Node.js v24.11.1
Link to the code that reproduces this issue. A link to a public Github Repository or gist with a minimal reproduction.
A step-by-step description of how to reproduce the issue, based on the linked reproduction.
git clone git@github.com:ik-southpole/google-auth-library-nodejs.git google-auth-library-nodejs-with-permission
cd google-auth-library-nodejs-with-permission
npm i
npm start
A clear and concise description of what the bug is, and what you expected to happen.
Expected google-auth-library to work in more restricted node environment.
A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **
The lib should not require spawning processes unless there is a reason.
Please make sure you have searched for information in the following guides.
Currently the library makes use of
execwhich will spawn a child process. This will not work in a node process with permissions enforced.Would it be possible to reconsider the use of
execso that the authentication does nit require spawn of processes? The permission model will be eventually opted in by many to reduce risks of running malicious executables in case of any dependency was compromised.Link to the code that reproduces this issue. A link to a public Github Repository or gist with a minimal reproduction.
https://github.com/ik-southpole/google-auth-library-nodejs
A step-by-step description of how to reproduce the issue, based on the linked reproduction.
A clear and concise description of what the bug is, and what you expected to happen.
Expected google-auth-library to work in more restricted node environment.
A clear and concise description WHY you expect this behavior, i.e., was it a recent change, there is documentation that points to this behavior, etc. **
The lib should not require spawning processes unless there is a reason.