Automic VaultAutomic Vault

brew / 承認ゲート

node を Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper でインストール

node のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。

エージェント安全性

エージェント安全性の回答

node executes JavaScript tooling that commonly reads project secrets and launches npm package workflows.

認証情報アクセス

Reads environment variables, dotenv files, npm tokens, and project config reachable to scripts.

リモート変更

Can run deploy scripts, API clients, and arbitrary package scripts.

公開/成果物リスク

Can build and publish npm packages or generated application bundles.

推奨コントロール

Gate package publishing and lifecycle scripts; scan project secrets before agent runs.

エージェント利用ガイダンス

Allow test/build commands after scanning; require approval for publish, install scripts, and deploy actions.

インストール

追加のインストールコマンド

macOS

Homebrew確認済み · 100%
brew install node

local Homebrew formula metadata

MacPorts確認済み · 94%
sudo port install nodejs24

MacPorts ports tree · lang/nodejs24/Portfile · ソース: api.github.com

Linux

Alpine Linux apk確認済み · 92%
sudo apk add nodejs

Alpine Linux edge package indexes · nodejs · ソース: dl-cdn.alpinelinux.org

Debian apt確認済み · 92%
sudo apt install nodejs

Debian stable package indexes · nodejs · ソース: deb.debian.org

Fedora dnf確認済み · 92%
sudo dnf install nodejs24

Fedora Rawhide package metadata · nodejs24 · ソース: dl.fedoraproject.org

Nix確認済み · 92%
nix profile install nixpkgs#nodejs

nixpkgs package indexes · nodejs · ソース: raw.githubusercontent.com

Arch Linux pacman確認済み · 92%
sudo pacman -S nodejs

Arch Linux sync databases · nodejs · ソース: geo.mirror.pkgbuild.com

openSUSE zypper確認済み · 92%
sudo zypper install nodejs24

openSUSE Tumbleweed package metadata · nodejs24 · ソース: download.opensuse.org

概要

パッケージ概要

Open-source, cross-platform JavaScript runtime environment

コマンドとエイリアス

  • node
  • npm
  • npx

履歴

プロジェクトの歴史と使われ方

Node.js is the JavaScript runtime that made server-side and command-line JavaScript mainstream. The official Node.js about page describes it as an asynchronous event-driven runtime designed for scalable network applications, with HTTP as a first-class feature and an event loop hidden behind ordinary JavaScript program execution.

プロジェクトの歴史

Ryan Dahl created Node.js around 2009 to run JavaScript outside the browser for network servers and other I/O-heavy programs. The runtime combined Google's V8 JavaScript engine with an event loop and low-level I/O APIs, giving web developers a single language across browser code, servers, tooling, and package scripts.

The early project was stewarded by Joyent, then hit a governance crisis in 2014 when prominent contributors forked it as io.js. The Node.js Foundation announced on 14 September 2015 that Node.js v4.0.0 combined the Node.js and io.js codebases under the foundation, added a long-term support plan, and moved the project to regular semver-based release lines.

The Node.js Foundation and JS Foundation announced their merger into the OpenJS Foundation on 12 March 2019. That put Node.js under the broader vendor-neutral JavaScript foundation that also houses projects such as Node-RED.

採用の歴史

Node.js adoption grew because it solved several developer and operational needs at once: fast startup for scripts, non-blocking network servers, JSON-native APIs, a giant npm ecosystem, and one language for browser and server teams. The 2015 foundation announcement said Node.js was used by tens of thousands of organizations in more than 200 countries and had more than 2 million downloads per month.

Homebrew's `node` formula is the rolling mainstream macOS/Linux package for the latest Node major. The Formulae page lists aliases including `node.js`, `node@26`, `nodejs`, and `npm`, and reports 3,116,013 installs over 365 days with 2,515,719 installs on request. Within Homebrew, that makes it the high-volume default path for developers who want Node, npm, and npx without a separate version manager.

使われ方

Homebrew users install the rolling formula with `brew install node`, then get `node`, `npm`, and `npx`. The formula is convenient for system-level CLI tools, local development, and build dependencies, while teams that need exact per-project versions often layer nvm, fnm, asdf, volta, nodenv, or Homebrew's versioned `node@` formulas on top of that ecosystem.

Package nerds care about Node's release train because C++ addons, ESM/CommonJS behavior, OpenSSL, V8, npm, Corepack, test runner behavior, and web-platform APIs can all change across majors. The official release page explains that major versions historically enter Current for six months, even-numbered releases become LTS, and production applications should use Active LTS or Maintenance LTS releases.

パッケージ好きにとっての重要性

For package-manager data, `brew:node` is the anchor package. It is both a runtime and a build input for huge parts of the JavaScript, frontend, Electron, language-server, and CLI-tooling worlds. Its adoption stats often reflect not only developers explicitly wanting Node, but also downstream packages whose builds or runtime scripts need Node available.

タイムライン

  • 2009: Ryan Dahl creates Node.js and presents the early runtime publicly.
  • 2014: io.js fork forms during the Node.js governance dispute.
  • 2015-09-14: Node.js v4.0.0 reunifies Node.js and io.js under the Node.js Foundation and introduces the modern LTS direction.
  • 2019-03-12: Node.js Foundation and JS Foundation announce the OpenJS Foundation merger.
  • 2026: Homebrew's rolling `node` formula tracks Node 26.x and lists node@24, node@22, node@20, and node@18 as adjacent versioned formulas.

Related projects

  • npm
  • npx
  • Corepack
  • V8
  • libuv
  • OpenJS Foundation
  • io.js

承認ゲート

危険なコマンドの人手レビュー用メタデータ

ローカルの承認ゲートシードには node 用のルールが 7 件含まれます。対象エントリポイント: corepack, node, npm, npx。重大度ラベル: 重大, 高, 中。カバレッジ: partial、レビュー日: 2026-05-21。

ゲート対象アクション例

  • Execute inline JavaScript supplied on the command line.
  • Load custom import hooks or require hooks before executing code.
  • Publish a package to the npm registry.
  • Install npm packages into a global executable location.
  • Remove package versions from the npm registry.
  • Download and execute a package by name.
  • Download and activate a package-manager shim.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.npmrc
Windows
%UserProfile%\.npmrc

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.npmrc
Windows
%UserProfile%\.npmrc

実行可能ファイル

インストールされる実行可能ファイル

コマンド種類公開範囲メモ
nodecliグローバル実行可能ファイル
npmcliグローバル実行可能ファイル
npxcliグローバル実行可能ファイル

鮮度

バージョンと鮮度

これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。

ページ生成日2026-07-10
マネージャ版26.5.0
マネージャ更新日2026-07-08
ローカルデータOK
上流not checked
検出された最新未検出

https://nodejs.org/

  • 情報Release/tag comparison is only available for GitHub repositories.https://nodejs.org/信頼度 none

インストールメタデータ

パッケージメタデータ

パッケージキーbrew:node
バージョン26.5.0
パッケージマネージャHomebrew
パッケージマネージャページhttps://formulae.brew.sh/formula/node
ホームページhttps://nodejs.org/
リポジトリhttps://github.com/nodejs/node
上流ドキュメントhttps://nodejs.org/docs/latest/api
ライセンスMIT
ソースアーカイブhttps://nodejs.org/dist/v26.5.0/node-v26.5.0.tar.xz
最終更新2026-07-08T22:59:49Z
Pulseupdated
依存関係ada-url, brotli, c-ares, hdrhistogram_c, icu4c@78, libffi, libnghttp2, libnghttp3, libngtcp2, libuv, llhttp, merve, nbytes, openssl@3, simdjson, sqlite, uvwasi, zstd
ビルド依存関係pkgconf, python@3.14
macOS 提供ライブラリpython
Bottle利用可能 (対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install定義済み
サービス宣言なし
注意点Single Executable Application is disabled as it doesn't work with shared libnode. Temporal support is disabled as it doesn't work with shared ICU library.

レジストリ情報

ソースデータベース詳細

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenode
Aliases
  • node.js
  • node@26
  • nodejs
  • npm
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

ソースデータベース一致

他のパッケージマネージャ記録

一致は外部パッケージマネージャインデックスから取得され、ローカルの Automic Vault パッケージリンクとは分けて表示されます。

Debian apt95%

nodejs 20.19.2+dfsg-1+deb13u2

evented I/O for V8 javascript - runtime executable

https://nodejs.org/

sudo apt install nodejs
  • Section: web
  • Architecture: amd64
  • 3 依存関係
  • 1 提供
  • 3 任意依存関係
  • normalized package name match
  • 一致条件: Node
Debian stable package indexes · deb.debian.org · Debian stable package indexes: nodejs from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

nodejs

nix profile install nixpkgs#nodejs
  • normalized package name match
  • 一致条件: Node
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: nodejs from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
Ubuntu apt95%

nodejs 18.19.1+dfsg-6ubuntu5

evented I/O for V8 javascript - runtime executable

https://nodejs.org/

sudo apt install nodejs
  • Section: universe/web
  • Architecture: amd64
  • 2 依存関係
  • 1 提供
  • 3 任意依存関係
  • normalized package name match
  • 一致条件: Node
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: nodejs from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

nodejs 24.16.0-r0

JavaScript runtime built on V8 engine - LTS version

https://nodejs.org/

sudo apk add nodejs
  • License: MIT
  • Architecture: x86_64
  • Source Package: nodejs
  • 1 依存関係
  • 1 提供
  • normalized package name match
  • 一致条件: Node
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: nodejs from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
dnf95%

nodejs24 24.15.0-1.fc45

JavaScript runtime

https://nodejs.org

sudo dnf install nodejs24
  • License: Apache-2.0 AND Artistic-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC0-1.0 AND ISC AND MIT
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: nodejs24
  • 6 依存関係
  • 4 提供
  • normalized package name match
  • 一致条件: Node
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: nodejs24 from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

nodejs 26.2.0-1

Evented I/O for V8 javascript ("Current" release)

https://nodejs.org/

sudo pacman -S nodejs
  • License: MIT
  • Architecture: x86_64
  • 13 依存関係
  • 1 任意依存関係
  • normalized package name match
  • 一致条件: Node
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: nodejs from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

nodejs24 24.14.1-2.2

Evented I/O for V8 JavaScript

https://nodejs.org

sudo zypper install nodejs24
  • License: MIT
  • Category: Development/Languages/NodeJS
  • Architecture: x86_64
  • Source Package: nodejs24
  • 18 依存関係
  • 3 提供
  • normalized package name match
  • 一致条件: Node
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: nodejs24 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

nodejs24

sudo port install nodejs24
  • normalized package name match
  • 一致条件: Node
MacPorts ports tree · api.github.com · MacPorts ports tree: lang/nodejs24/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

nodejs

choco install nodejs
  • normalized package name match
  • 一致条件: Node
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: nodejs from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','nexus-repository'
Scoop95%

main/nodejs

scoop install main/nodejs
  • normalized package name match
  • 一致条件: Node
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/nodejs.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

OpenJS.NodeJS

winget install --id OpenJS.NodeJS -e
  • normalized package name match
  • 一致条件: Node
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: OpenJS.NodeJS from https://cdn.winget.microsoft.com/cache/source.msix
Debian apt92%

npm 9.2.0~ds1-3

package manager for Node.js

https://docs.npmjs.com/

sudo apt install npm
  • Section: web
  • Architecture: all
  • 32 依存関係
  • 32 提供
  • 3 任意依存関係
  • installed executable or alias match
  • 一致条件: npm
Debian stable package indexes · deb.debian.org · Debian stable package indexes: npm from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt92%

npm 9.2.0~ds1-2

package manager for Node.js

https://docs.npmjs.com/

sudo apt install npm
  • Section: universe/web
  • Architecture: all
  • 32 依存関係
  • 32 提供
  • 3 任意依存関係
  • installed executable or alias match
  • 一致条件: npm
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: npm from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk92%

npm 11.12.1-r0

The package manager for JavaScript

https://www.npmjs.com/

sudo apk add npm
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • 1 依存関係
  • 1 提供
  • installed executable or alias match
  • 一致条件: npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk92%

npm-bash-completion 11.12.1-r0

Bash completions for npm

https://www.npmjs.com/

sudo apk add npm-bash-completion
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • installed executable or alias match
  • 一致条件: npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk92%

npm-doc 11.12.1-r0

The package manager for JavaScript (documentation)

https://www.npmjs.com/

sudo apk add npm-doc
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • installed executable or alias match
  • 一致条件: npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

ソース経路

リポジトリデータから生成

このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。

使用ソース

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment