Mirrors/node
1
0
Fork 0
mirror of https://github.com/nodejs/node.git synced 2025-12-28 07:50:41 +00:00
Code Issues Actions 16 Packages Projects Releases Wiki Activity
Node.js JavaScript runtime 🐢🚀
44,961 Commits 59 Branches 914 Tags 2.4 GiB
JavaScript 62.4%
C++ 23%
Python 10.1%
C 2.8%
HTML 0.6%
Other 0.9%
6cf64af44d
Go to file
Anna Henningsen 6cf64af44d
repl: do not cause side effects in tab completion 
A number of recent changes to the REPL tab completion logic have
introduced the ability for completion to cause side effects,
specifically, calling arbitrary functions or variable
assignments/updates.

This was first introduced in 07220230d9 and the problem exacerbated in
8ba66c5e7b. Our team noticed this because our tests started failing
when attempting to update to Node.js 20.19.5.

Some recent commits, such as 1093f38c43 or 69453378fc, have
messages or PR descriptions that imply the intention to avoid side
effects, which I can can generally be agreed upon is in line with the
expectations that a user has of autocomplete functionality.
However, some of the tests introduced in those commts specifically
verify that side effects *can* happen under specific circunmstances.
I am assuming here that this is unintentional, and the corresponding
tests have been removed/replaced in this commit.

Fixes: https://github.com/nodejs/node/issues/59731
Fixes: https://github.com/nodejs/node/issues/58903
Refs: https://github.com/nodejs/node/pull/58709
Refs: https://github.com/nodejs/node/pull/58775
Refs: https://github.com/nodejs/node/pull/57909
Refs: https://github.com/nodejs/node/pull/58891
PR-URL: https://github.com/nodejs/node/pull/59774
Reviewed-By: Ruben Bridgewater <ruben@bridgewater.de>
Reviewed-By: Michaël Zasso <targos@protonmail.com>
Reviewed-By: Dario Piotrowicz <dario.piotrowicz@gmail.com>
2025-09-08 13:54:45 +00:00
.configurations
.github meta: bump codecov/codecov-action 2025-09-05 08:03:11 +02:00
android-patches
benchmark benchmark: sqlite prevent create both tables on prepare selects 2025-09-03 19:18:05 +00:00
deps deps: update histogram to 0.11.9 2025-09-08 13:34:18 +00:00
doc doc: update OpenSSL default security level to 2 2025-09-08 07:57:40 +00:00
lib repl: do not cause side effects in tab completion 2025-09-08 13:54:45 +00:00
src quic: reduce boilerplate and other minor cleanups 2025-09-07 19:29:02 -07:00
test repl: do not cause side effects in tab completion 2025-09-08 13:54:45 +00:00
tools tools: add v8windbg target 2025-09-07 21:39:13 +00:00
typings worker: optimize cpu profile implement 2025-09-01 16:25:48 +00:00
.clang-format
.cpplint
.devcontainer.json meta: update devcontainer to the latest schema 2025-08-23 14:20:51 +00:00
.editorconfig
.gitattributes
.gitignore meta: update devcontainer to the latest schema 2025-08-23 14:20:51 +00:00
.gitpod.yml
.mailmap meta: add mailmap entry for aditi-1400 2025-08-03 15:24:00 +00:00
.nycrc
.yamllint.yaml
android_configure.py
android-configure build: drop support for python 3.8 2025-01-24 10:44:05 +00:00
BSDmakefile
BUILD.gn
BUILDING.md doc: update BUILDING to reflect Clang 19 changes 2025-09-08 09:38:51 +00:00
CHANGELOG.md 2025-09-03, Version 20.19.5 'Iron' (LTS) 2025-09-03 20:15:16 +02:00
CODE_OF_CONDUCT.md
codecov.yml
common.gypi deps: V8: cherry-pick 6b1b9bca2a8 2025-08-28 06:48:11 +00:00
configure build: drop support for python 3.8 2025-01-24 10:44:05 +00:00
configure.py quic: multiple fixups and updates 2025-09-07 19:29:01 -07:00
CONTRIBUTING.md
eslint.config.mjs meta: enable jsdoc/check-tag-names rule 2025-07-18 09:28:21 +00:00
glossary.md doc: add WDYT to glossary 2025-08-01 06:19:44 +00:00
GOVERNANCE.md doc: clarify details of TSC public and private meetings 2025-07-07 21:25:26 +00:00
LICENSE doc: run license-builder 2025-08-06 00:30:52 +00:00
Makefile build,deps,tools: prepare to update to OpenSSL 3.5 2025-07-26 22:40:19 +00:00
node.gni build: fix node_use_sqlite for GN builds 2025-08-09 00:22:24 +00:00
node.gyp quic: multiple fixups and updates 2025-09-07 19:29:01 -07:00
node.gypi quic: multiple fixups and updates 2025-09-07 19:29:01 -07:00
onboarding.md doc: improve onboarding instructions 2025-07-24 08:59:03 +00:00
pyproject.toml build: drop support for python 3.8 2025-01-24 10:44:05 +00:00
README.md doc: add Miles Guicent as triager 2025-08-31 17:39:23 +00:00
SECURITY.md doc: clarify experimental platform vulnerability policy 2025-08-25 10:35:13 +00:00
tsconfig.json
unofficial.gni build: fix node_use_sqlite for GN builds 2025-08-09 00:22:24 +00:00
vcbuild.bat tools: add v8windbg target 2025-09-07 21:39:13 +00:00

README.md

Node.js

Node.js is an open-source, cross-platform JavaScript runtime environment.

For information on using Node.js, see the Node.js website.

The Node.js project uses an open governance model. The OpenJS Foundation provides support for the project.

Contributors are expected to act in a collaborative manner to move the project forward. We encourage the constructive exchange of contrary opinions and compromise. The TSC reserves the right to limit or block contributors who repeatedly act in ways that discourage, exhaust, or otherwise negatively affect other participants.

This project has a Code of Conduct.

Table of contents

Support

Looking for help? Check out the instructions for getting support.

Release types

  • Current: Under active development. Code for the Current release is in the branch for its major version number (for example, v22.x). Node.js releases a new major version every 6 months, allowing for breaking changes. This happens in April and October every year. Releases appearing each October have a support life of 8 months. Releases appearing each April convert to LTS (see below) each October.
  • LTS: Releases that receive Long Term Support, with a focus on stability and security. Every even-numbered major version will become an LTS release. LTS releases receive 12 months of Active LTS support and a further 18 months of Maintenance. LTS release lines have alphabetically-ordered code names, beginning with v4 Argon. There are no breaking changes or feature additions, except in some special circumstances.
  • Nightly: Code from the Current branch built every 24-hours when there are changes. Use with caution.

Current and LTS releases follow semantic versioning. A member of the Release Team signs each Current and LTS release. For more information, see the Release README.

Download

Binaries, installers, and source tarballs are available at https://nodejs.org/en/download/.

Current and LTS releases

https://nodejs.org/download/release/

The latest directory is an alias for the latest Current release. The latest-codename directory is an alias for the latest release from an LTS line. For example, the latest-hydrogen directory contains the latest Hydrogen (Node.js 18) release.

Nightly releases

https://nodejs.org/download/nightly/

Each directory and filename includes the version (e.g., v22.0.0), followed by the UTC date (e.g., 20240424 for April 24, 2024), and the short commit SHA of the HEAD of the release (e.g., ddd0a9e494). For instance, a full directory name might look like v22.0.0-nightly20240424ddd0a9e494.

API documentation

Documentation for the latest Current release is at https://nodejs.org/api/. Version-specific documentation is available in each release directory in the docs subdirectory. Version-specific documentation is also at https://nodejs.org/download/docs/.

Verifying binaries

Download directories contain a SHASUMS256.txt.asc file with SHA checksums for the files and the releaser PGP signature.

You can get a trusted keyring from nodejs/release-keys, e.g. using curl:

curl -fsLo "/path/to/nodejs-keyring.kbx" "https://github.com/nodejs/release-keys/raw/HEAD/gpg/pubring.kbx"

Alternatively, you can import the releaser keys in your default keyring, see Release keys for commands to how to do that.

Then, you can verify the files you've downloaded locally (if you're using your default keyring, pass --keyring="${GNUPGHOME:-~/.gnupg}/pubring.kbx"):

curl -fsO "https://nodejs.org/dist/${VERSION}/SHASUMS256.txt.asc" \
&& gpgv --keyring="/path/to/nodejs-keyring.kbx" --output SHASUMS256.txt < SHASUMS256.txt.asc \
&& shasum --check SHASUMS256.txt --ignore-missing

Building Node.js

See BUILDING.md for instructions on how to build Node.js from source and a list of supported platforms.

Security

For information on reporting security vulnerabilities in Node.js, see SECURITY.md.

Contributing to Node.js

Current project team members

For information about the governance of the Node.js project, see GOVERNANCE.md.

TSC (Technical Steering Committee)

TSC voting members

TSC regular members

TSC emeriti members

TSC emeriti members

Collaborators

Emeriti

Collaborator emeriti

Collaborators follow the Collaborator Guide in maintaining the Node.js project.

Triagers

Triagers follow the Triage Guide when responding to new issues.

Release keys

Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys):

You can use the keyring the project maintains at https://github.com/nodejs/release-keys/raw/refs/heads/main/gpg-only-active-keys/pubring.kbx. Alternatively, you can import them from a public key server. Have in mind that the project cannot guarantee the availability of the server nor the keys on that server.

gpg --keyserver hkps://keys.openpgp.org --recv-keys 5BE8A3F6C8A5C01D106C0AD820B1A390B168D356 # Antoine du Hamel
gpg --keyserver hkps://keys.openpgp.org --recv-keys DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 # Juan José Arboleda
gpg --keyserver hkps://keys.openpgp.org --recv-keys CC68F5A3106FF448322E48ED27F5E38D5B0A215F # Marco Ippolito
gpg --keyserver hkps://keys.openpgp.org --recv-keys 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 # Michaël Zasso
gpg --keyserver hkps://keys.openpgp.org --recv-keys 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 # Rafael Gonzaga
gpg --keyserver hkps://keys.openpgp.org --recv-keys C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C # Richard Lau
gpg --keyserver hkps://keys.openpgp.org --recv-keys 108F52B48DB57BB0CC439B2997B01419BD92F80A # Ruy Adorno
gpg --keyserver hkps://keys.openpgp.org --recv-keys A363A499291CBBC940DD62E41F10027AF002F8B0 # Ulises Gascón

See Verifying binaries for how to use these keys to verify a downloaded file.

Other keys used to sign some previous releases

The project maintains a keyring able to verify all past releases of Node.js at https://github.com/nodejs/release-keys/raw/refs/heads/main/gpg/pubring.kbx.

Security release stewards

When possible, the commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to prioritize security releases. Security release stewards manage security releases on a rotation basis as outlined in the security release process.

License

Node.js is available under the MIT License. Node.js also includes external libraries that are available under a variety of licenses. See LICENSE for the full license text.