Automic VaultAutomic Vault

brew / 审批门

使用 Homebrew, apk, chocolatey, apt, dnf, MacPorts, Nix, pacman, scoop, winget, zypper 安装 node

查看 node 的安装路径、可执行文件、元数据以及面向 AI 代理工作流的安全说明。

代理安全

代理安全回答

node executes JavaScript tooling that commonly reads project secrets and launches npm package workflows.

凭据访问

Reads environment variables, dotenv files, npm tokens, and project config reachable to scripts.

远程变更

Can run deploy scripts, API clients, and arbitrary package scripts.

发布/制品风险

Can build and publish npm packages or generated application bundles.

推荐控制

Gate package publishing and lifecycle scripts; scan project secrets before agent runs.

代理使用指南

Allow test/build commands after scanning; require approval for publish, install scripts, and deploy actions.

安装

其他安装命令

macOS

Homebrew已验证 · 100%
brew install node

local Homebrew formula metadata

MacPorts已验证 · 94%
sudo port install nodejs24

MacPorts ports tree · lang/nodejs24/Portfile · 来源: api.github.com

Linux

Alpine Linux apk已验证 · 92%
sudo apk add nodejs

Alpine Linux edge package indexes · nodejs · 来源: dl-cdn.alpinelinux.org

Debian apt已验证 · 92%
sudo apt install nodejs

Debian stable package indexes · nodejs · 来源: deb.debian.org

Fedora dnf已验证 · 92%
sudo dnf install nodejs24

Fedora Rawhide package metadata · nodejs24 · 来源: dl.fedoraproject.org

Nix已验证 · 92%
nix profile install nixpkgs#nodejs

nixpkgs package indexes · nodejs · 来源: raw.githubusercontent.com

Arch Linux pacman已验证 · 92%
sudo pacman -S nodejs

Arch Linux sync databases · nodejs · 来源: geo.mirror.pkgbuild.com

openSUSE zypper已验证 · 92%
sudo zypper install nodejs24

openSUSE Tumbleweed package metadata · nodejs24 · 来源: download.opensuse.org

Windows

Chocolatey已验证 · 92%
choco install nodejs

Chocolatey community package catalog · nodejs · 来源: community.chocolatey.org

Scoop已验证 · 92%
scoop install main/nodejs

Scoop official bucket manifest trees · bucket/nodejs.json · 来源: api.github.com

Windows Package Manager已验证 · 92%
winget install --id OpenJS.NodeJS -e

Windows Package Manager source index · OpenJS.NodeJS · 来源: cdn.winget.microsoft.com

概览

软件包摘要

Open-source, cross-platform JavaScript runtime environment

命令和别名

  • node
  • npm
  • npx

历史

项目历史与用法

Node.js is the JavaScript runtime that made server-side and command-line JavaScript mainstream. The official Node.js about page describes it as an asynchronous event-driven runtime designed for scalable network applications, with HTTP as a first-class feature and an event loop hidden behind ordinary JavaScript program execution.

项目历史

Ryan Dahl created Node.js around 2009 to run JavaScript outside the browser for network servers and other I/O-heavy programs. The runtime combined Google's V8 JavaScript engine with an event loop and low-level I/O APIs, giving web developers a single language across browser code, servers, tooling, and package scripts.

The early project was stewarded by Joyent, then hit a governance crisis in 2014 when prominent contributors forked it as io.js. The Node.js Foundation announced on 14 September 2015 that Node.js v4.0.0 combined the Node.js and io.js codebases under the foundation, added a long-term support plan, and moved the project to regular semver-based release lines.

The Node.js Foundation and JS Foundation announced their merger into the OpenJS Foundation on 12 March 2019. That put Node.js under the broader vendor-neutral JavaScript foundation that also houses projects such as Node-RED.

采用历史

Node.js adoption grew because it solved several developer and operational needs at once: fast startup for scripts, non-blocking network servers, JSON-native APIs, a giant npm ecosystem, and one language for browser and server teams. The 2015 foundation announcement said Node.js was used by tens of thousands of organizations in more than 200 countries and had more than 2 million downloads per month.

Homebrew's `node` formula is the rolling mainstream macOS/Linux package for the latest Node major. The Formulae page lists aliases including `node.js`, `node@26`, `nodejs`, and `npm`, and reports 3,116,013 installs over 365 days with 2,515,719 installs on request. Within Homebrew, that makes it the high-volume default path for developers who want Node, npm, and npx without a separate version manager.

使用方式

Homebrew users install the rolling formula with `brew install node`, then get `node`, `npm`, and `npx`. The formula is convenient for system-level CLI tools, local development, and build dependencies, while teams that need exact per-project versions often layer nvm, fnm, asdf, volta, nodenv, or Homebrew's versioned `node@` formulas on top of that ecosystem.

Package nerds care about Node's release train because C++ addons, ESM/CommonJS behavior, OpenSSL, V8, npm, Corepack, test runner behavior, and web-platform APIs can all change across majors. The official release page explains that major versions historically enter Current for six months, even-numbered releases become LTS, and production applications should use Active LTS or Maintenance LTS releases.

为什么软件包爱好者会关心

For package-manager data, `brew:node` is the anchor package. It is both a runtime and a build input for huge parts of the JavaScript, frontend, Electron, language-server, and CLI-tooling worlds. Its adoption stats often reflect not only developers explicitly wanting Node, but also downstream packages whose builds or runtime scripts need Node available.

时间线

  • 2009: Ryan Dahl creates Node.js and presents the early runtime publicly.
  • 2014: io.js fork forms during the Node.js governance dispute.
  • 2015-09-14: Node.js v4.0.0 reunifies Node.js and io.js under the Node.js Foundation and introduces the modern LTS direction.
  • 2019-03-12: Node.js Foundation and JS Foundation announce the OpenJS Foundation merger.
  • 2026: Homebrew's rolling `node` formula tracks Node 26.x and lists node@24, node@22, node@20, and node@18 as adjacent versioned formulas.

Related projects

  • npm
  • npx
  • Corepack
  • V8
  • libuv
  • OpenJS Foundation
  • io.js

审批门

高风险命令的人工审核元数据

本地审批门种子包含 7 条适用于 node 的规则。覆盖的入口点:corepack, node, npm, npx。严重级别:严重, 高, 中。覆盖状态:partial,审核于 2026-05-21。

受控操作示例

  • Execute inline JavaScript supplied on the command line.
  • Load custom import hooks or require hooks before executing code.
  • Publish a package to the npm registry.
  • Install npm packages into a global executable location.
  • Remove package versions from the npm registry.
  • Download and execute a package by name.
  • Download and activate a package-manager shim.

local files

Configuration and credential file locations

These source-backed paths show where this package keeps local settings or durable credentials. Automic Vault can use them as review targets for secret scanning, migration, and command approval.

Configuration files

Config paths the tool may read or write during local use.

Unix
~/.npmrc
Windows
%UserProfile%\.npmrc

Credential files

Credential-bearing paths to review before unattended agent runs.

Unix
~/.npmrc
Windows
%UserProfile%\.npmrc

可执行文件

已安装的可执行文件

命令类型暴露范围备注
nodecli全局可执行文件
npmcli全局可执行文件
npxcli全局可执行文件

新鲜度

版本和新鲜度

这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。

页面生成时间2026-07-10
管理器版本26.5.0
管理器更新时间2026-07-08
本地数据OK
上游not checked
检测到的最新版本未检测到

https://nodejs.org/

  • 信息Release/tag comparison is only available for GitHub repositories.https://nodejs.org/none 置信度

安装元数据

软件包元数据

软件包键brew:node
版本26.5.0
软件包管理器Homebrew
软件包管理器页面https://formulae.brew.sh/formula/node
主页https://nodejs.org/
仓库https://github.com/nodejs/node
上游文档https://nodejs.org/docs/latest/api
许可证MIT
源码归档https://nodejs.org/dist/v26.5.0/node-v26.5.0.tar.xz
最后更新2026-07-08T22:59:49Z
Pulseupdated
依赖ada-url, brotli, c-ares, hdrhistogram_c, icu4c@78, libffi, libnghttp2, libnghttp3, libngtcp2, libuv, llhttp, merve, nbytes, openssl@3, simdjson, sqlite, uvwasi, zstd
构建依赖pkgconf, python@3.14
macOS 提供的库python
Bottle可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux)
Homebrew post-install已定义
服务未声明
注意事项Single Executable Application is disabled as it doesn't work with shared libnode. Temporal support is disabled as it doesn't work with shared ICU library.

注册表事实

源数据库详情

Source DatabaseHomebrew formula API
Taphomebrew/core
Full Namenode
Aliases
  • node.js
  • node@26
  • nodejs
  • npm
Version Scheme0
Revision0
Head VersionHEAD
Bottle Stable Root URLhttps://ghcr.io/v2/homebrew/core
Deprecatedno
Disabledno
Keg Onlyno
URL Keys
  • head
  • stable

源数据库匹配

其他软件包管理器记录

匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。

Debian apt95%

nodejs 20.19.2+dfsg-1+deb13u2

evented I/O for V8 javascript - runtime executable

https://nodejs.org/

sudo apt install nodejs
  • Section: web
  • Architecture: amd64
  • 3 依赖
  • 1 提供
  • 3 可选依赖
  • normalized package name match
  • 匹配方式:Node
Debian stable package indexes · deb.debian.org · Debian stable package indexes: nodejs from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Nix95%

nodejs

nix profile install nixpkgs#nodejs
  • normalized package name match
  • 匹配方式:Node
nixpkgs package indexes · raw.githubusercontent.com · nixpkgs package indexes: nodejs from https://raw.githubusercontent.com/NixOS/nixpkgs/master/pkgs/top-level/all-packages.nix
Ubuntu apt95%

nodejs 18.19.1+dfsg-6ubuntu5

evented I/O for V8 javascript - runtime executable

https://nodejs.org/

sudo apt install nodejs
  • Section: universe/web
  • Architecture: amd64
  • 2 依赖
  • 1 提供
  • 3 可选依赖
  • normalized package name match
  • 匹配方式:Node
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: nodejs from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk95%

nodejs 24.16.0-r0

JavaScript runtime built on V8 engine - LTS version

https://nodejs.org/

sudo apk add nodejs
  • License: MIT
  • Architecture: x86_64
  • Source Package: nodejs
  • 1 依赖
  • 1 提供
  • normalized package name match
  • 匹配方式:Node
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: nodejs from https://dl-cdn.alpinelinux.org/alpine/edge/main/x86_64/APKINDEX.tar.gz
dnf95%

nodejs24 24.15.0-1.fc45

JavaScript runtime

https://nodejs.org

sudo dnf install nodejs24
  • License: Apache-2.0 AND Artistic-2.0 AND BSD-2-Clause AND BSD-3-Clause AND BlueOak-1.0.0 AND CC-BY-3.0 AND CC0-1.0 AND ISC AND MIT
  • Category: Unspecified
  • Architecture: x86_64
  • Source Package: nodejs24
  • 6 依赖
  • 4 提供
  • normalized package name match
  • 匹配方式:Node
Fedora Rawhide package metadata · dl.fedoraproject.org · Fedora Rawhide package metadata: nodejs24 from https://dl.fedoraproject.org/pub/fedora/linux/development/rawhide/Everything/x86_64/os/repodata/e5ca8ce900cd68f5419e1c39ae517343100b306336cbaeb70a3c153121d95094-primary.xml.zst
pacman95%

nodejs 26.2.0-1

Evented I/O for V8 javascript ("Current" release)

https://nodejs.org/

sudo pacman -S nodejs
  • License: MIT
  • Architecture: x86_64
  • 13 依赖
  • 1 可选依赖
  • normalized package name match
  • 匹配方式:Node
Arch Linux sync databases · geo.mirror.pkgbuild.com · Arch Linux sync databases: nodejs from https://geo.mirror.pkgbuild.com/extra/os/x86_64/extra.db.tar.gz
zypper95%

nodejs24 24.14.1-2.2

Evented I/O for V8 JavaScript

https://nodejs.org

sudo zypper install nodejs24
  • License: MIT
  • Category: Development/Languages/NodeJS
  • Architecture: x86_64
  • Source Package: nodejs24
  • 18 依赖
  • 3 提供
  • normalized package name match
  • 匹配方式:Node
openSUSE Tumbleweed package metadata · download.opensuse.org · openSUSE Tumbleweed package metadata: nodejs24 from https://download.opensuse.org/tumbleweed/repo/oss/repodata/be8d3611d25469107f32075a1697e69ec57a2b850b42348a658cc671ad5ec2b50760d02c3e59524d50da9a11d5be799bdaffba2e166e8ca8858512e3c0bd665d-primary.xml.zst
MacPorts95%

nodejs24

sudo port install nodejs24
  • normalized package name match
  • 匹配方式:Node
MacPorts ports tree · api.github.com · MacPorts ports tree: lang/nodejs24/Portfile from https://api.github.com/repos/macports/macports-ports/git/trees/master?recursive=1
Chocolatey95%

nodejs

choco install nodejs
  • normalized package name match
  • 匹配方式:Node
Chocolatey community package catalog · community.chocolatey.org · Chocolatey community package catalog: nodejs from http://community.chocolatey.org/api/v2/Packages?$filter=IsLatestVersion&$select=Id&$top=1000&$skiptoken='11','nexus-repository'
Scoop95%

main/nodejs

scoop install main/nodejs
  • normalized package name match
  • 匹配方式:Node
Scoop official bucket manifest trees · api.github.com · Scoop official bucket manifest trees: bucket/nodejs.json from https://api.github.com/repos/ScoopInstaller/Main/git/trees/master?recursive=1
winget95%

OpenJS.NodeJS

winget install --id OpenJS.NodeJS -e
  • normalized package name match
  • 匹配方式:Node
Windows Package Manager source index · cdn.winget.microsoft.com · Windows Package Manager source index: OpenJS.NodeJS from https://cdn.winget.microsoft.com/cache/source.msix
Debian apt92%

npm 9.2.0~ds1-3

package manager for Node.js

https://docs.npmjs.com/

sudo apt install npm
  • Section: web
  • Architecture: all
  • 32 依赖
  • 32 提供
  • 3 可选依赖
  • installed executable or alias match
  • 匹配方式:npm
Debian stable package indexes · deb.debian.org · Debian stable package indexes: npm from https://deb.debian.org/debian/dists/stable/main/binary-amd64/Packages.xz
Ubuntu apt92%

npm 9.2.0~ds1-2

package manager for Node.js

https://docs.npmjs.com/

sudo apt install npm
  • Section: universe/web
  • Architecture: all
  • 32 依赖
  • 32 提供
  • 3 可选依赖
  • installed executable or alias match
  • 匹配方式:npm
Ubuntu 24.04 LTS package indexes · archive.ubuntu.com · Ubuntu 24.04 LTS package indexes: npm from https://archive.ubuntu.com/ubuntu/dists/noble/universe/binary-amd64/Packages.gz
apk92%

npm 11.12.1-r0

The package manager for JavaScript

https://www.npmjs.com/

sudo apk add npm
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • 1 依赖
  • 1 提供
  • installed executable or alias match
  • 匹配方式:npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk92%

npm-bash-completion 11.12.1-r0

Bash completions for npm

https://www.npmjs.com/

sudo apk add npm-bash-completion
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • installed executable or alias match
  • 匹配方式:npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm-bash-completion from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz
apk92%

npm-doc 11.12.1-r0

The package manager for JavaScript (documentation)

https://www.npmjs.com/

sudo apk add npm-doc
  • License: Artistic-2.0
  • Architecture: x86_64
  • Source Package: npm
  • installed executable or alias match
  • 匹配方式:npm
Alpine Linux edge package indexes · dl-cdn.alpinelinux.org · Alpine Linux edge package indexes: npm-doc from https://dl-cdn.alpinelinux.org/alpine/edge/community/x86_64/APKINDEX.tar.gz

来源线索

由仓库数据生成

此页面由 av-webscripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。

使用的来源

  • Geiger risk classifier
  • Nucleus package database
  • approval-gate seed metadata
  • av.db category and tag curation
  • cross-ecosystem install command graph
  • curated agent safety answer
  • curated configuration and credential file locations
  • curated package history
  • external package-manager database matches
  • package relationship graph
  • package version freshness
  • package-page enrichment