Automic VaultAutomic Vault

brew / approval gates

Install node with Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper

Open-source, cross-platform JavaScript runtime environment. Version 26.4.0 via Homebrew; verified 2026-07-07.

agent safety

Agent safety answer

node executes JavaScript tooling that commonly reads project secrets and launches npm package workflows.

Credential access

Reads environment variables, dotenv files, npm tokens, and project config reachable to scripts.

Remote mutation

Can run deploy scripts, API clients, and arbitrary package scripts.

Publish/artifact risk

Can build and publish npm packages or generated application bundles.

Recommended control

Gate package publishing and lifecycle scripts; scan project secrets before agent runs.

Agent-use guidance

Allow test/build commands after scanning; require approval for publish, install scripts, and deploy actions.

install

Additional install commands

macOS

Homebrewverified · 100%
brew install node

local Homebrew formula metadata

MacPortsverified · 94%
sudo port install nodejs24

MacPorts ports tree · lang/nodejs24/Portfile · source: api.github.com

Linux

Alpine Linux apkverified · 92%
sudo apk add nodejs

Alpine Linux edge package indexes · nodejs · source: dl-cdn.alpinelinux.org

Debian aptverified · 92%
sudo apt install nodejs

Debian stable package indexes · nodejs · source: deb.debian.org

Fedora dnfverified · 92%
sudo dnf install nodejs24

Fedora Rawhide package metadata · nodejs24 · source: dl.fedoraproject.org

Nixverified · 92%
nix profile install nixpkgs#nodejs

nixpkgs package indexes · nodejs · source: raw.githubusercontent.com

Arch Linux pacmanverified · 92%
sudo pacman -S nodejs

Arch Linux sync databases · nodejs · source: geo.mirror.pkgbuild.com

openSUSE zypperverified · 92%
sudo zypper install nodejs24

openSUSE Tumbleweed package metadata · nodejs24 · source: download.opensuse.org

Windows

Chocolateyverified · 92%
choco install nodejs

Chocolatey community package catalog · nodejs · source: community.chocolatey.org

Scoopverified · 92%
scoop install main/nodejs

Scoop official bucket manifest trees · bucket/nodejs.json · source: api.github.com

Windows Package Managerverified · 92%
winget install --id OpenJS.NodeJS -e

Windows Package Manager source index · OpenJS.NodeJS · source: cdn.winget.microsoft.com

overview

Package summary

Open-source, cross-platform JavaScript runtime environment

Commands and aliases

  • node
  • npm
  • npx

history

Project history and usage

Node.js is the JavaScript runtime that made server-side and command-line JavaScript mainstream. The official Node.js about page describes it as an asynchronous event-driven runtime designed for scalable network applications, with HTTP as a first-class feature and an event loop hidden behind ordinary JavaScript program execution.

Project history

Ryan Dahl created Node.js around 2009 to run JavaScript outside the browser for network servers and other I/O-heavy programs. The runtime combined Google's V8 JavaScript engine with an event loop and low-level I/O APIs, giving web developers a single language across browser code, servers, tooling, and package scripts.

The early project was stewarded by Joyent, then hit a governance crisis in 2014 when prominent contributors forked it as io.js. The Node.js Foundation announced on 14 September 2015 that Node.js v4.0.0 combined the Node.js and io.js codebases under the foundation, added a long-term support plan, and moved the project to regular semver-based release lines.

The Node.js Foundation and JS Foundation announced their merger into the OpenJS Foundation on 12 March 2019. That put Node.js under the broader vendor-neutral JavaScript foundation that also houses projects such as Node-RED.

Adoption history

Node.js adoption grew because it solved several developer and operational needs at once: fast startup for scripts, non-blocking network servers, JSON-native APIs, a giant npm ecosystem, and one language for browser and server teams. The 2015 foundation announcement said Node.js was used by tens of thousands of organizations in more than 200 countries and had more than 2 million downloads per month.

Homebrew's `node` formula is the rolling mainstream macOS/Linux package for the latest Node major. The Formulae page lists aliases including `node.js`, `node@26`, `nodejs`, and `npm`, and reports 3,116,013 installs over 365 days with 2,515,719 installs on request. Within Homebrew, that makes it the high-volume default path for developers who want Node, npm, and npx without a separate version manager.

How it is used

Homebrew users install the rolling formula with `brew install node`, then get `node`, `npm`, and `npx`. The formula is convenient for system-level CLI tools, local development, and build dependencies, while teams that need exact per-project versions often layer nvm, fnm, asdf, volta, nodenv, or Homebrew's versioned `node@` formulas on top of that ecosystem.

Package nerds care about Node's release train because C++ addons, ESM/CommonJS behavior, OpenSSL, V8, npm, Corepack, test runner behavior, and web-platform APIs can all change across majors. The official release page explains that major versions historically enter Current for six months, even-numbered releases become LTS, and production applications should use Active LTS or Maintenance LTS releases.

Why package nerds care

For package-manager data, `brew:node` is the anchor package. It is both a runtime and a build input for huge parts of the JavaScript, frontend, Electron, language-server, and CLI-tooling worlds. Its adoption stats often reflect not only developers explicitly wanting Node, but also downstream packages whose builds or runtime scripts need Node available.

Timeline

  • 2009: Ryan Dahl creates Node.js and presents the early runtime publicly.
  • 2014: io.js fork forms during the Node.js governance dispute.
  • 2015-09-14: Node.js v4.0.0 reunifies Node.js and io.js under the Node.js Foundation and introduces the modern LTS direction.
  • 2019-03-12: Node.js Foundation and JS Foundation announce the OpenJS Foundation merger.
  • 2026: Homebrew's rolling `node` formula tracks Node 26.x and lists node@24, node@22, node@20, and node@18 as adjacent versioned formulas.

Related projects

  • npm
  • npx
  • Corepack
  • V8
  • libuv
  • OpenJS Foundation
  • io.js

approval gates

Human review metadata for risky commands

The local approval-gate seed includes 7 rules for node. Covered entrypoints: corepack, node, npm, npx. Severity labels: critical, high, medium. Coverage: partial, reviewed 2026-05-21.

Example gated actions

  • Execute inline JavaScript supplied on the command line.
  • Load custom import hooks or require hooks before executing code.
  • Publish a package to the npm registry.
  • Install npm packages into a global executable location.
  • Remove package versions from the npm registry.
  • Download and execute a package by name.
  • Download and activate a package-manager shim.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.npmrc
Windows
%UserProfile%\.npmrc

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.npmrc
Windows
%UserProfile%\.npmrc

executables

Installed executables

CommandKindExposureNote
nodecliglobal executable
npmcliglobal executable
npxcliglobal executable

freshness

Version and freshness

These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.

page generated2026-07-08
manager version26.4.0
manager updated2026-07-07
local dataok
upstreamnot checked
latest detectednot detected

https://nodejs.org/

  • infoRelease/tag comparison is only available for GitHub repositories.https://nodejs.org/none confidence

install metadata

Package metadata

Package keybrew:node
Version26.4.0
Package managerHomebrew
Package manager pagehttps://formulae.brew.sh/formula/node
Homepagehttps://nodejs.org/
Repositoryhttps://github.com/nodejs/node
Upstream docshttps://nodejs.org/docs/latest/api
LicenseMIT
Source archivehttps://nodejs.org/dist/v26.4.0/node-v26.4.0.tar.xz
Last updated2026-07-07T08:46:39Z
Pulseupdated
Dependenciesada-url, brotli, c-ares, hdrhistogram_c, icu4c@78, libffi, libnghttp2, libnghttp3, libngtcp2, libuv, llhttp, merve, nbytes, openssl@3, simdjson, sqlite, uvwasi, zstd
Build dependenciespkgconf, python@3.14
Uses from macOSpython
Bottleavailable (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-installdefined
Servicenone declared
CaveatsSingle Executable Application is disabled as it doesn't work with shared libnode. Temporal support is disabled as it doesn't work with shared ICU library.

registry facts

Source database details

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenode
Aliases
  • node.js
  • node@26
  • nodejs
  • npm
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

source database matches

Other package-manager records

Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.

Debian apt95%

nodejs 20.19.2+dfsg-1+deb13u2

evented I/O for V8 javascript - runtime executable

https://nodejs.org/

sudo apt install nodejs
  • Section: web
  • Architecture: amd64
  • 3 dependencies
  • 1 provides
  • 3 optional deps
  • normalized package name match
  • Matched by: Node
Debian stable package indexes · deb.debian.org · Debian stable package indexes: nodejs from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

nodejs

nix profile install nixpkgs#nodejs
  • normalized package name match
  • Matched by: Node
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: nodejs from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
Ubuntu apt95%

nodejs 18.19.1+dfsg-6ubuntu5

evented I/O for V8 javascript - runtime executable

https://nodejs.org/

sudo apt install nodejs
  • Section: universe/web
  • Architecture: amd64
  • 2 dependencies
  • 1 provides
  • 3 optional deps
  • normalized package name match
  • Matched by: Node
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: nodejs from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

nodejs 24.16.0-r0

JavaScript runtime built on V8 engine - LTS version

https://nodejs.org/

sudo apk add nodejs
  • License: MIT
  • Architecture: x86_64
  • Source Package: nodejs
  • 1 dependencies
  • 1 provides
  • normalized package name match
  • Matched by: Node
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: nodejs from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
dnf95%

nodejs24 24.15.0-1.fc45

JavaScript runtime

https://nodejs.org

sudo dnf install nodejs24
  • License: Apache-2.0 AND Artistic-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC0-1.0 AND ISC AND MIT
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: nodejs24
  • 6 dependencies
  • 4 provides
  • normalized package name match
  • Matched by: Node
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: nodejs24 from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

nodejs 26.2.0-1

Evented I/O for V8 javascript ("Current" release)

https://nodejs.org/

sudo pacman -S nodejs
  • License: MIT
  • Architecture: x86_64
  • 13 dependencies
  • 1 optional deps
  • normalized package name match
  • Matched by: Node
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: nodejs from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

nodejs24 24.14.1-2.2

Evented I/O for V8 JavaScript

https://nodejs.org

sudo zypper install nodejs24
  • License: MIT
  • Category: Development/Languages/NodeJS
  • Architecture: x86_64
  • Source Package: nodejs24
  • 18 dependencies
  • 3 provides
  • normalized package name match
  • Matched by: Node
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: nodejs24 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

nodejs24

sudo port install nodejs24
  • normalized package name match
  • Matched by: Node
MacPorts ports tree · api.github.com · MacPorts ports tree: lang/nodejs24/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

nodejs

choco install nodejs
  • normalized package name match
  • Matched by: Node
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: nodejs from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','nexus-repository'
Scoop95%

main/nodejs

scoop install main/nodejs
  • normalized package name match
  • Matched by: Node
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/nodejs.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

OpenJS.NodeJS

winget install --id OpenJS.NodeJS -e
  • normalized package name match
  • Matched by: Node
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: OpenJS.NodeJS from https://cdn.winget.microsoft.com/cache/source.msix
Debian apt92%

npm 9.2.0~ds1-3

package manager for Node.js

https://docs.npmjs.com/

sudo apt install npm
  • Section: web
  • Architecture: all
  • 32 dependencies
  • 32 provides
  • 3 optional deps
  • installed executable or alias match
  • Matched by: npm
Debian stable package indexes · deb.debian.org · Debian stable package indexes: npm from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt92%

npm 9.2.0~ds1-2

package manager for Node.js

https://docs.npmjs.com/

sudo apt install npm
  • Section: universe/web
  • Architecture: all
  • 32 dependencies
  • 32 provides
  • 3 optional deps
  • installed executable or alias match
  • Matched by: npm
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: npm from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk92%

npm 11.12.1-r0

The package manager for JavaScript

https://www.npmjs.com/

sudo apk add npm
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • 1 dependencies
  • 1 provides
  • installed executable or alias match
  • Matched by: npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk92%

npm-bash-completion 11.12.1-r0

Bash completions for npm

https://www.npmjs.com/

sudo apk add npm-bash-completion
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • installed executable or alias match
  • Matched by: npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk92%

npm-doc 11.12.1-r0

The package manager for JavaScript (documentation)

https://www.npmjs.com/

sudo apk add npm-doc
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • installed executable or alias match
  • Matched by: npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

source trail

Generated from repository data

This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.

Used sources

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment