Usage in Deno
import * as mod from "node:sea";
All symbols are not supported.
This feature allows the distribution of a Node.js application conveniently to a system that does not have Node.js installed.
Node.js supports the creation of single executable applications by allowing
the injection of a blob prepared by Node.js, which can contain a bundled script,
into the node
binary. During start up, the program checks if anything has been
injected. If the blob is found, it executes the script in the blob. Otherwise
Node.js operates as it normally does.
The single executable application feature currently only supports running a
single embedded script using the CommonJS
module system.
Users can create a single executable application from their bundled script
with the node
binary itself and any tool which can inject resources into the
binary.
Here are the steps for creating a single executable application using one such tool, postject:
- Create a JavaScript file:
echo 'console.log(`Hello, ${process.argv[2]}!`);' > hello.js
- Create a configuration file building a blob that can be injected into the
single executable application (see
Generating single executable preparation blobs
for details):
echo '{ "main": "hello.js", "output": "sea-prep.blob" }' > sea-config.json
- Generate the blob to be injected:
node --experimental-sea-config sea-config.json
- Create a copy of the
node
executable and name it according to your needs:- On systems other than Windows:
cp $(command -v node) hello
- On Windows:
node -e "require('fs').copyFileSync(process.execPath, 'hello.exe')"
The .exe
extension is necessary.
5. Remove the signature of the binary (macOS and Windows only):
- On macOS:
codesign --remove-signature hello
- On Windows (optional): signtool can be used from the installed Windows SDK. If this step is skipped, ignore any signature-related warning from postject.
signtool remove /s hello.exe
- Inject the blob into the copied binary by running
postject
with the following options:hello
/hello.exe
- The name of the copy of thenode
executable created in step 4.NODE_SEA_BLOB
- The name of the resource / note / section in the binary where the contents of the blob will be stored.sea-prep.blob
- The name of the blob created in step 1.--sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2
- The fuse used by the Node.js project to detect if a file has been injected.--macho-segment-name NODE_SEA
(only needed on macOS) - The name of the segment in the binary where the contents of the blob will be stored. To summarize, here is the required command for each platform:- On Linux:
npx postject hello NODE_SEA_BLOB sea-prep.blob \ --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2
- On Windows - PowerShell:
npx postject hello.exe NODE_SEA_BLOB sea-prep.blob ` --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2
- On Windows - Command Prompt:
npx postject hello.exe NODE_SEA_BLOB sea-prep.blob ^ --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2
- On macOS:
npx postject hello NODE_SEA_BLOB sea-prep.blob \ --sentinel-fuse NODE_SEA_FUSE_fce680ab2cc467b6e072b8b5df1996b2 \ --macho-segment-name NODE_SEA
- Sign the binary (macOS and Windows only):
- On macOS:
codesign --sign - hello
- On Windows (optional): A certificate needs to be present for this to work. However, the unsigned binary would still be runnable.
signtool sign /fd SHA256 hello.exe
- Run the binary:
- On systems other than Windows
$ ./hello world
Hello, world!
- On Windows
$ .\hello.exe world
Hello, world!