Lua JLS

by SPYLv0.8.2

Last updated Jun 8, 2026

Lua 5.4, modules and JLS APIs

Install with winget

$ winget install --id JavaLikeScript.LuaJLS --exact --version 0.8.2

Run in Command Prompt, PowerShell, or Windows Terminal. Prompts for any agreements.

Built by Pckgr

For Intune admins

Stop chasing app updates. Pckgr patches them for you.

Automated application patching for Microsoft Intune. Pckgr keeps a curated library of 1,000+ apps continuously up-to-date in your tenant via Microsoft Graph - no manual repackaging, no chasing vendor sites.

Start free 30-day trial

No credit card required.

About

Lua 5.4 standalone interpreter and a set of modules including cjson, xml2lua, zlib, lpeg, luv, openssl, lfs, luasocket, llthreads, lua-child, luaunit, luacov, webview, serial, jls

Installers · v0.8.2

Architecture	Type	Scope	Install	Download
x64	ZIP archive	-		Direct

Copy a command tailored to that specific architecture, type, and scope - useful when winget would otherwise pick a different default.

Security

13 known CVEs via NVD

high7.5Patched in wingetCVE-2021-45985affects before 5.4.4Apr 9, 2023
In Lua 5.4.3, an erroneous finalizer called during a tail call leads to a heap-based buffer over-read.
Patch Vendor advisory
high7.5Patched in wingetCVE-2022-33099affects >=5.4.2 and <=5.4.4Jul 1, 2022
An issue in the component luaG_runerror of Lua v5.4.4 and below leads to a heap-buffer overflow when a recursive error occurs.
Patch Vendor advisory
critical9.1Patched in wingetCVE-2022-28805affects before 5.4.5Apr 7, 2022
singlevar in lparser.c in Lua from (including) 5.4.0 up to (excluding) 5.4.4 lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.
Patch
medium6.3Patched in wingetCVE-2021-44964affects >=5.4.0 and <=5.4.3Mar 14, 2022
Use after free in garbage collector and finalizer of lgc.c in Lua interpreter 5.4.0~5.4.3 allows attackers to perform Sandbox Escape via a crafted script file.
Vendor advisory
medium5.5Patched in wingetCVE-2021-44647affects v5.4.3Jan 11, 2022
Lua v5.4.3 and above are affected by SEGV by type confusion in funcnamefromcode function in ldebug.c which can cause a local denial of service.
Patch Vendor advisory
medium5.5Patched in wingetCVE-2021-43519affects before 5.3.5, 5.4.4Nov 9, 2021
Stack overflow in lua_resume of ldo.c in Lua Interpreter 5.1.0~5.4.4 allows attackers to perform a Denial of Service via a crafted script file.
Patch Vendor advisory
medium5.3Patched in wingetCVE-2020-24371affects v5.4.0Aug 17, 2020
lgc.c in Lua 5.4.0 mishandles the interaction between barriers and the sweep phase, leading to a memory access violation involving collectgarbage.
Patch Vendor advisory
medium5.3Patched in wingetCVE-2020-24370affects v5.3.0Aug 17, 2020
ldebug.c in Lua 5.4.0 allows a negation overflow and segmentation fault in getlocal and setlocal, as demonstrated by getlocal(3,2^31).
Patch Vendor advisory

Showing 8 of 13. Source: NVD, updated just now. Patch status is best-effort: NVD's fix version is compared against the latest version in winget, but the two version formats don't always align. Confirm with the vendor advisory before treating any specific build as safe.

See a CVE that affects your fleet? Push the patched version to Intune in one click with Pckgr - automated patching is the only way to keep up.

Related apps

Python 3.12Python Software Foundation
Python.Python.3.12v3.12.10
Python is a programming language that lets you work more quickly and integrate your systems more effectively.
Roblox Studio Mod ManagerMaximumADHD
MaximumADHD.RobloxStudioModManagerv2026.03.18
An open-source custom bootstrapper for Roblox Studio that allows you to override files in Roblox Studio's directory, opt into development branches of Roblox, and experiment with Fast Flags.
Python 3.14Python Software Foundation
Python.Python.3.14v3.14.6
A programming language that lets you work more quickly and integrate your systems more effectively.
Python 3.13Python Software Foundation
Python.Python.3.13v3.13.14
Python is a programming language that lets you work more quickly and integrate your systems more effectively.
Ruby 3.4 with MSYS2RubyInstaller Team
RubyInstallerTeam.RubyWithDevKit.3.4v3.4.9-1
A Ruby language execution environment with a MSYS2 installation.
Python Install ManagerPython Software Foundation
Python.PythonInstallManagerv26.2.240.0
Install, manage, and launch Python on Windows.

More from SPYL or browse lua, lua5.4, lua54.

Frequently asked questions

How do I install Lua JLS on Windows?

Open Windows Terminal, PowerShell, or Command Prompt and run: winget install --id JavaLikeScript.LuaJLS --exact --version 0.8.2. winget downloads the installer from SPYL and runs it. Requires Windows 10 (1809+) or Windows 11.

How do I install Lua JLS silently for unattended deployment?

Add --silent and accept the agreements upfront: winget install --id JavaLikeScript.LuaJLS --exact 0.8.2 --silent --accept-package-agreements --accept-source-agreements. This is the variant Intune, Configuration Manager, and other deployment tools should use.

How do I uninstall Lua JLS via winget?

Run: winget uninstall --id JavaLikeScript.LuaJLS --exact. Add --silent for unattended uninstalls. winget will use the registered uninstaller from Lua JLS's Apps & Features entry.

Is Lua JLS free?

Lua JLS is distributed under MIT. Refer to the publisher (https://github.com/javalikescript/luajls) for the full license terms - Wingetly itself does not charge for installation.

Does Lua JLS work on Windows 10?

Yes, as long as your Windows 10 build supports winget (1809 or newer). winget ships with App Installer on Windows 10/11 and pulls Lua JLS directly from the publisher.

How do I keep Lua JLS up to date?

Run winget upgrade --id JavaLikeScript.LuaJLS --exact, or winget upgrade --all to update everything winget tracks. We index 2 versions of Lua JLS from microsoft/winget-pkgs.

Recent versions

0.8.2latest
0.7.3