Automic Vault

brew-Paketinformationen

node installieren

Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für node in AI-Agent-Workflows.

Installationsbefehl Sicherheitshinweise

Installation

Mit Automic Vault installieren

Automic Vault
AV herunterladen 
sudo av install brew:node

macOS

Homebrew verifiziert · 100%
brew install node

local Homebrew formula metadata

MacPorts verifiziert · 94%
sudo port install nodejs24

MacPorts ports tree · lang/nodejs24/Portfile · Quelle: api.github.com

Linux

Alpine Linux apk verifiziert · 92%
sudo apk add nodejs

Alpine Linux edge package indexes · nodejs · Quelle: dl-cdn.alpinelinux.org

Debian apt verifiziert · 92%
sudo apt install nodejs

Debian stable package indexes · nodejs · Quelle: deb.debian.org

Fedora dnf verifiziert · 92%
sudo dnf install nodejs24

Fedora Rawhide package metadata · nodejs24 · Quelle: dl.fedoraproject.org

Nix verifiziert · 92%
nix profile install nixpkgs#nodejs

nixpkgs package indexes · nodejs · Quelle: raw.githubusercontent.com

Arch Linux pacman verifiziert · 92%
sudo pacman -S nodejs

Arch Linux sync databases · nodejs · Quelle: geo.mirror.pkgbuild.com

openSUSE zypper verifiziert · 92%
sudo zypper install nodejs24

openSUSE Tumbleweed package metadata · nodejs24 · Quelle: download.opensuse.org

Windows

Chocolatey verifiziert · 92%
choco install nodejs

Chocolatey community package catalog · nodejs · Quelle: community.chocolatey.org

Scoop verifiziert · 92%
scoop install main/nodejs

Scoop official bucket manifest trees · bucket/nodejs.json · Quelle: api.github.com

Windows Package Manager verifiziert · 92%
winget install --id OpenJS.NodeJS -e

Windows Package Manager source index · OpenJS.NodeJS · Quelle: cdn.winget.microsoft.com

Plattformhinweise

  • Es waren keine paketspezifischen Plattformhinweise vorhanden.

Überblick

Paketzusammenfassung

Automic Vault veröffentlicht paketspezifische Installationswege, Executable-Fakten und Sicherheitsmetadaten für node aus lokalen Paketdaten.

Befehle und Aliase

  • node
  • npm
  • npx

Quellzusammenfassung

Open-source, cross-platform JavaScript runtime environment

Radioisotope

Plain Text Publishing Token

`npm publish` commonly relies on an auth token stored in ~/.npmrc. Our isotope stores that token in the macOS keychain and injects it only when `npm publish` runs.

Risikoklassifikator

yellow Risiko · high Konfidenz · runtime

Warum

  • doc example: JavaScript runtime and package ecosystem

Signale

  • override:node

Installationsverhalten

  • Homebrew declares a post-install hook for this formula.
  • Homebrew bottle metadata is available for 6 platform targets.
  • Installiert mit 17 Laufzeitabhängigkeiten.
  • Build-Metadaten listen 2 Build-Abhängigkeiten.

Lokaler README-Auszug

Node Radioisotope

This radioisotope modifies the Homebrew node package, but only changes the installed npm launcher. node and npx continue to run without isotope credential injection.

Security Model

Plaintext npm publishing tokens are commonly stored in ~/.npmrc as _authToken entries. The migration stores one token in the Automic Vault isotope keychain as NODE_AUTH_TOKEN and rewrites matching npm config entries to reference ${NODE_AUTH_TOKEN}.

The post-install hook wraps /opt/node/bin/npm. The wrapper injects NODE_AUTH_TOKEN only when an npm publish invocation is detected, then execs the original npm launcher.

Caveats

  • Only one npm publishing token is supported.
  • Multiple distinct _authToken values fail migration and must be handled

manually.

  • Project-level npm configs are not migrated; only the npm user config is

inspected.

Quelle: data/radioisotopes/node/README.md

Caveats

  • We currently support one npm publishing token.
  • Existing npm config entries are rewritten to reference NODE_AUTH_TOKEN.

Approval Gates

Human review metadata for risky commands

The local approval-gate seed includes 7 rules for node. Covered entrypoints: corepack, node, npm, npx. Severity labels: critical, high, medium. Coverage: partial, geprüft 2026-05-21.

Beispiele für gated Aktionen

  • Execute inline JavaScript supplied on the command line.
  • Load custom import hooks or require hooks before executing code.
  • Publish a package to the npm registry.
  • Install npm packages into a global executable location.
  • Remove package versions from the npm registry.
  • Download and execute a package by name.
  • Download and activate a package-manager shim.

Executables

Installierte Executables

BefehlArtSichtbarkeitHinweis
nodecliglobal executable
npmcliglobal executable
npxcliglobal executable

Aktualität

Version und Aktualität

Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.

Seite generiert2026-05-26
Manager-Version26.0.0
Manager aktualisiert2026-05-08
lokale Datenok
Upstreamnot checked
neueste erkannte Versionnicht erkannt

https://nodejs.org/

  • info Release/tag comparison is only available for GitHub repositories. https://nodejs.org/ none Konfidenz

Installationsmetadaten

Paketmetadaten

Paketschlüsselbrew:node
Version26.0.0
PaketmanagerHomebrew
Paketmanager-Seitehttps://formulae.brew.sh/formula/node
Homepagehttps://nodejs.org/
Upstream-Dokumentationhttps://nodejs.org/
LizenzMIT
Quellarchivhttps://nodejs.org/dist/v26.0.0/node-v26.0.0.tar.xz
Aktualisiert2026-05-08T04:15:56Z
Pulseupdated
Abhängigkeitenada-url, brotli, c-ares, hdrhistogram_c, icu4c@78, libnghttp2, libnghttp3, libngtcp2, libuv, llhttp, merve, nbytes, openssl@3, simdjson, sqlite, uvwasi, zstd
Build-Abhängigkeitenpkgconf, python@3.14
Von macOS bereitgestellte Bibliothekenpython
Bottleverfügbar (arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installdefiniert
Dienstkeiner deklariert

Paketgraph

Links stammen aus dem lokalen Paketbeziehungsgraph, Ergänzungen, Abhängigkeitskanten, Ecosystem-Matches und Paket-Hub-Mitgliedschaft.

Verwandt

  • openssl@3Runtime dependency declared by Homebrew.
  • sqliteRuntime dependency declared by Homebrew.
  • zstdRuntime dependency declared by Homebrew.
  • libnghttp2Runtime dependency declared by Homebrew.
  • icu4c@78Runtime dependency declared by Homebrew.
  • libngtcp2Runtime dependency declared by Homebrew.
  • brotliRuntime dependency declared by Homebrew.
  • libnghttp3Runtime dependency declared by Homebrew.
  • python@3.14Build dependency declared by Homebrew.
  • pkgconfBuild dependency declared by Homebrew.
  • gemini-cliPopular package that depends on this formula.
  • opencodePopular package that depends on this formula.
  • mongoshPopular package that depends on this formula.
  • jupyterlabPopular package that depends on this formula.
  • firebase-cliPopular package that depends on this formula.
  • qwen-codePopular package that depends on this formula.
  • vercel-cliPopular package that depends on this formula.
  • bitwarden-cliPopular package that depends on this formula.
  • node@22Package name indicates the same formula family.
  • node@20Package name indicates the same formula family.
  • node@24Package name indicates the same formula family.

Auch verfügbar über

  • Es wurde kein Cross-Ecosystem-Äquivalent erfasst.

Quellspur

Aus Repository-Daten generiert

Diese Seite wird von scripts/generate-pkg-pages.py geschrieben. Deployments verweigern die Veröffentlichung, wenn www/pkg/ gegenüber lokalen Paketdaten veraltet ist.

Verwendete Quellen

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • cross-ecosystem install command graph
  • local isotope README
  • package relationship graph
  • package version freshness
  • package-page enrichment
  • radioisotope security manifest