Credential access
Reads environment variables, dotenv files, npm tokens, and project config reachable to scripts.
brew / approval gates
Open-source, cross-platform JavaScript runtime environment. Version 26.4.0 via Homebrew; verified 2026-07-07.
agent safety
node executes JavaScript tooling that commonly reads project secrets and launches npm package workflows.
Reads environment variables, dotenv files, npm tokens, and project config reachable to scripts.
Can run deploy scripts, API clients, and arbitrary package scripts.
Can build and publish npm packages or generated application bundles.
Gate package publishing and lifecycle scripts; scan project secrets before agent runs.
Allow test/build commands after scanning; require approval for publish, install scripts, and deploy actions.
install
brew install nodelocal Homebrew formula metadata
sudo port install nodejs24MacPorts ports tree · lang/nodejs24/Portfile · source: api.github.com
sudo apk add nodejsAlpine Linux edge package indexes · nodejs · source: dl-cdn.alpinelinux.org
sudo apt install nodejsDebian stable package indexes · nodejs · source: deb.debian.org
sudo dnf install nodejs24Fedora Rawhide package metadata · nodejs24 · source: dl.fedoraproject.org
nix profile install nixpkgs#nodejsnixpkgs package indexes · nodejs · source: raw.githubusercontent.com
sudo pacman -S nodejsArch Linux sync databases · nodejs · source: geo.mirror.pkgbuild.com
sudo zypper install nodejs24openSUSE Tumbleweed package metadata · nodejs24 · source: download.opensuse.org
choco install nodejsChocolatey community package catalog · nodejs · source: community.chocolatey.org
scoop install main/nodejsScoop official bucket manifest trees · bucket/nodejs.json · source: api.github.com
winget install --id OpenJS.NodeJS -eWindows Package Manager source index · OpenJS.NodeJS · source: cdn.winget.microsoft.com
overview
Open-source, cross-platform JavaScript runtime environment
history
Node.js is the JavaScript runtime that made server-side and command-line JavaScript mainstream. The official Node.js about page describes it as an asynchronous event-driven runtime designed for scalable network applications, with HTTP as a first-class feature and an event loop hidden behind ordinary JavaScript program execution.
Ryan Dahl created Node.js around 2009 to run JavaScript outside the browser for network servers and other I/O-heavy programs. The runtime combined Google's V8 JavaScript engine with an event loop and low-level I/O APIs, giving web developers a single language across browser code, servers, tooling, and package scripts.
The early project was stewarded by Joyent, then hit a governance crisis in 2014 when prominent contributors forked it as io.js. The Node.js Foundation announced on 14 September 2015 that Node.js v4.0.0 combined the Node.js and io.js codebases under the foundation, added a long-term support plan, and moved the project to regular semver-based release lines.
The Node.js Foundation and JS Foundation announced their merger into the OpenJS Foundation on 12 March 2019. That put Node.js under the broader vendor-neutral JavaScript foundation that also houses projects such as Node-RED.
Node.js adoption grew because it solved several developer and operational needs at once: fast startup for scripts, non-blocking network servers, JSON-native APIs, a giant npm ecosystem, and one language for browser and server teams. The 2015 foundation announcement said Node.js was used by tens of thousands of organizations in more than 200 countries and had more than 2 million downloads per month.
Homebrew's `node` formula is the rolling mainstream macOS/Linux package for the latest Node major. The Formulae page lists aliases including `node.js`, `node@26`, `nodejs`, and `npm`, and reports 3,116,013 installs over 365 days with 2,515,719 installs on request. Within Homebrew, that makes it the high-volume default path for developers who want Node, npm, and npx without a separate version manager.
Homebrew users install the rolling formula with `brew install node`, then get `node`, `npm`, and `npx`. The formula is convenient for system-level CLI tools, local development, and build dependencies, while teams that need exact per-project versions often layer nvm, fnm, asdf, volta, nodenv, or Homebrew's versioned `node@` formulas on top of that ecosystem.
Package nerds care about Node's release train because C++ addons, ESM/CommonJS behavior, OpenSSL, V8, npm, Corepack, test runner behavior, and web-platform APIs can all change across majors. The official release page explains that major versions historically enter Current for six months, even-numbered releases become LTS, and production applications should use Active LTS or Maintenance LTS releases.
For package-manager data, `brew:node` is the anchor package. It is both a runtime and a build input for huge parts of the JavaScript, frontend, Electron, language-server, and CLI-tooling worlds. Its adoption stats often reflect not only developers explicitly wanting Node, but also downstream packages whose builds or runtime scripts need Node available.
approval gates
The local approval-gate seed includes 7 rules for node. Covered entrypoints: corepack, node, npm, npx. Severity labels: critical, high, medium. Coverage: partial, reviewed 2026-05-21.
local files
These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.
Config paths the tool may read or write during local use.
~/.npmrc%UserProfile%\.npmrcCredential-bearing paths to review before unattended agent runs.
~/.npmrc%UserProfile%\.npmrcexecutables
| Command | Kind | Exposure | Note |
|---|---|---|---|
node | cli | global executable | |
npm | cli | global executable | |
npx | cli | global executable |
freshness
These signals separate page generation age, package-manager activity, and upstream release comparison. Version lag is warned only when an evidence URL and comparable versions are present.
install metadata
| Package key | brew:node |
|---|---|
| Version | 26.4.0 |
| Package manager | Homebrew |
| Package manager page | https://formulae.brew.sh/formula/node |
| Homepage | https://nodejs.org/ |
| Repository | https://github.com/nodejs/node |
| Upstream docs | https://nodejs.org/docs/latest/api |
| License | MIT |
| Source archive | https://nodejs.org/dist/v26.4.0/node-v26.4.0.tar.xz |
| Last updated | 2026-07-07T08:46:39Z |
| Pulse | updated |
| Dependencies | ada-url, brotli, c-ares, hdrhistogram_c, icu4c@78, libffi, libnghttp2, libnghttp3, libngtcp2, libuv, llhttp, merve, nbytes, openssl@3, simdjson, sqlite, uvwasi, zstd |
| Build dependencies | pkgconf, python@3.14 |
| Uses from macOS | python |
| Bottle | available (on arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | defined |
| Service | none declared |
| Caveats | Single Executable Application is disabled as it doesn't work with shared libnode. Temporal support is disabled as it doesn't work with shared ICU library. |
registry facts
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | node |
| Aliases |
|
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
source database matches
Matches are pulled from external package-manager indexes and kept separate from local Automic Vault package links.
nodejs 20.19.2+dfsg-1+deb13u2
evented I/O for V8 javascript - runtime executable
sudo apt install nodejsnodejs
nix profile install nixpkgs#nodejsnodejs 18.19.1+dfsg-6ubuntu5
evented I/O for V8 javascript - runtime executable
sudo apt install nodejsnodejs 24.16.0-r0
JavaScript runtime built on V8 engine - LTS version
sudo apk add nodejsnodejs24 24.15.0-1.fc45
JavaScript runtime
sudo dnf install nodejs24nodejs 26.2.0-1
Evented I/O for V8 javascript ("Current" release)
sudo pacman -S nodejsnodejs24 24.14.1-2.2
Evented I/O for V8 JavaScript
sudo zypper install nodejs24nodejs24
sudo port install nodejs24nodejs
choco install nodejsmain/nodejs
scoop install main/nodejsOpenJS.NodeJS
winget install --id OpenJS.NodeJS -enpm 9.2.0~ds1-3
package manager for Node.js
sudo apt install npmnpm 9.2.0~ds1-2
package manager for Node.js
sudo apt install npmnpm 11.12.1-r0
The package manager for JavaScript
sudo apk add npmnpm-bash-completion 11.12.1-r0
Bash completions for npm
sudo apk add npm-bash-completionnpm-doc 11.12.1-r0
The package manager for JavaScript (documentation)
sudo apk add npm-docsource trail
This page is generated by av-web from the private package SQLite artifact built by scripts/generate-pkg-sqlite.py.
View the package source record on GitHub.