daohualiuxiang
/
node
mirror of https://github.com/nodejs/node.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Node.js JavaScript runtime 🐢🚀
42,166 Commits
54 Branches
866 Tags
2 GiB
JavaScript 60.7%
C++ 23.4%
Python 11.1%
C 3%
HTML 0.7%
Other 1%
 
 
 
 
 
 
Go to file
Michael Dawson 01f751b529
test: increase key size for ca2-cert.pem 
Refs: https://github.com/nodejs/node/pull/44498
Refs: https://github.com/nodejs/node/issues/53382

Key sizes were increased to 2048 in PR 44498 including
the configuration file for the generation of ca2-cert.pem.
However, it seems like updating ca2-cert.pem and related files
themselves were missed as they were not updated in the PR and
the ca2-cert.pem reported as being associated with a 1024 bit key.
I believe that was the cause of some of the failures mentioned in
https://github.com/nodejs/node/issues/53382 as OpenSSL 3.2
increased the default security level from 1 to 2 and that
would mean that certificates associated with keys of 1024 bits
would no longer be accepted.

This PR updates the key size for ca2-cert.pem. It was not
necessary to change the config, only run the generation for
the ca2-cert.pem and related files.

Signed-off-by: Michael Dawson <midawson@redhat.com>
PR-URL: https://github.com/nodejs/node/pull/54599
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: James M Snell <jasnell@gmail.com>
 		2024-08-29 23:59:18 +00:00
.devcontainer meta: remove `initializeCommand` from devcontainer 2024-05-26 12:34:11 +00:00
.github meta: remind users to use a supported version in bug reports 2024-08-23 12:29:47 +00:00
android-patches build: rewritten the Android build system 2022-09-12 08:10:29 +00:00
benchmark benchmark: fix benchmark for file path and URL conversion 2024-08-25 13:41:13 +00:00
deps deps: update nghttp2 to 1.63.0 2024-08-29 10:15:03 +00:00
doc doc: fix typo in styleText description 2024-08-29 19:42:53 +00:00
lib vm: introduce vanilla contexts via vm.constants.DONT_CONTEXTIFY 2024-08-29 09:05:03 +00:00
src vm: introduce vanilla contexts via vm.constants.DONT_CONTEXTIFY 2024-08-29 09:05:03 +00:00
test test: increase key size for ca2-cert.pem 2024-08-29 23:59:18 +00:00
tools vm: introduce vanilla contexts via vm.constants.DONT_CONTEXTIFY 2024-08-29 09:05:03 +00:00
typings typings: provide internal types for wasi bindings 2024-08-24 16:59:17 +00:00
.clang-format
.cpplint tools: move cpplint configuration to .cpplint 2019-04-08 08:30:29 -04:00
.editorconfig tools: move ESLint to tools/eslint 2024-06-19 19:54:08 +00:00
.gitattributes doc: add .gitattributes for md files 2024-04-24 08:15:07 +03:00
.gitignore tools: update ESLint to v9 and use flat config 2024-05-23 19:45:18 +00:00
.gitpod.yml doc,tools: switch to `@node-core/utils` 2023-09-25 11:48:03 +00:00
.mailmap meta: change email address of anonrig 2024-07-14 16:28:34 +02:00
.nycrc test: add windows and C++ coverage 2020-10-21 19:41:08 -07:00
.yamllint.yaml build: extend yamllint configuration 2022-02-14 19:09:26 +01:00
BSDmakefile build: replace which with command -v 2020-11-19 19:33:28 +01:00
BUILD.gn build: add GN build files 2023-11-11 09:51:05 +00:00
BUILDING.md build: update required python version to 3.8 2024-08-23 21:20:32 +00:00
CHANGELOG.md 2024-08-22, Version 22.7.0 (Current) 2024-08-22 11:14:41 -03:00
CODE_OF_CONDUCT.md tools: avoid unnecessary escaping in markdown formatter 2021-10-31 09:36:05 -07:00
CONTRIBUTING.md doc, meta: use markdown rather than HTML in CONTRIBUTING.md 2024-06-08 19:16:44 +00:00
GOVERNANCE.md doc: make docs more welcoming and descriptive for newcomers 2024-05-06 00:07:10 +02:00
LICENSE doc: run license-builder 2024-08-28 00:29:41 +00:00
Makefile build: don't clean obj.target directory if it doesn't exist 2024-08-24 14:17:44 +00:00
README.md doc: replace v19 mention in Current release 2024-08-15 20:40:25 +00:00
SECURITY.md doc: fix minor grammar and style issues in SECURITY.md 2024-05-28 17:40:22 +00:00
android-configure build: update required python version to 3.8 2024-08-23 21:20:32 +00:00
android_configure.py build: exit on unsupported host OS for Android 2024-05-25 07:39:56 +00:00
codecov.yml build: update gcovr to 7.2 and codecov config 2024-07-27 21:52:23 +00:00
common.gypi deps: V8: cherry-pick e74d0f437fcd 2024-08-29 03:25:50 +00:00
configure build: update required python version to 3.8 2024-08-23 21:20:32 +00:00
configure.py build: update required python version to 3.8 2024-08-23 21:20:32 +00:00
eslint.config.mjs meta: reword linter messages 2024-07-22 00:21:42 +02:00
glossary.md doc, meta: add PTAL to glossary 2024-07-14 17:53:46 +00:00
node.gni build: fix arm64 host cross-compilation in GN 2024-03-06 11:11:52 +09:00
node.gyp build: disable ICF for mksnapshot 2024-08-16 16:04:25 +02:00
node.gypi build: add `--without-amaro` build flag 2024-08-02 10:37:36 +00:00
onboarding.md doc: clarify what moderation issues are for 2024-03-08 19:01:00 +00:00
pyproject.toml build: update required python version to 3.8 2024-08-23 21:20:32 +00:00
suppressions.supp build,tools: add test-ubsan ci 2024-03-15 17:49:51 +00:00
tsconfig.json lib: fix `internalBinding` typings 2023-09-23 10:48:34 +00:00
unofficial.gni build: disable ICF for mksnapshot 2024-08-16 16:04:25 +02:00
vcbuild.bat build: support `lint-js-fix` in `vcbuild.bat` 2024-08-06 05:57:35 +00:00

README.md

Node.js

Node.js is an open-source, cross-platform JavaScript runtime environment.

For information on using Node.js, see the Node.js website.

The Node.js project uses an open governance model. The OpenJS Foundation provides support for the project.

Contributors are expected to act in a collaborative manner to move the project forward. We encourage the constructive exchange of contrary opinions and compromise. The TSC reserves the right to limit or block contributors who repeatedly act in ways that discourage, exhaust, or otherwise negatively affect other participants.

This project has a Code of Conduct.

Table of contents

Support

Looking for help? Check out the instructions for getting support.

Release types

  • Current: Under active development. Code for the Current release is in the branch for its major version number (for example, v22.x). Node.js releases a new major version every 6 months, allowing for breaking changes. This happens in April and October every year. Releases appearing each October have a support life of 8 months. Releases appearing each April convert to LTS (see below) each October.
  • LTS: Releases that receive Long Term Support, with a focus on stability and security. Every even-numbered major version will become an LTS release. LTS releases receive 12 months of Active LTS support and a further 18 months of Maintenance. LTS release lines have alphabetically-ordered code names, beginning with v4 Argon. There are no breaking changes or feature additions, except in some special circumstances.
  • Nightly: Code from the Current branch built every 24-hours when there are changes. Use with caution.

Current and LTS releases follow semantic versioning. A member of the Release Team signs each Current and LTS release. For more information, see the Release README.

Download

Binaries, installers, and source tarballs are available at https://nodejs.org/en/download/.

Current and LTS releases

https://nodejs.org/download/release/

The latest directory is an alias for the latest Current release. The latest-codename directory is an alias for the latest release from an LTS line. For example, the latest-hydrogen directory contains the latest Hydrogen (Node.js 18) release.

Nightly releases

https://nodejs.org/download/nightly/

Each directory name and filename contains a date (in UTC) and the commit SHA at the HEAD of the release.

API documentation

Documentation for the latest Current release is at https://nodejs.org/api/. Version-specific documentation is available in each release directory in the docs subdirectory. Version-specific documentation is also at https://nodejs.org/download/docs/.

Verifying binaries

Download directories contain a SHASUMS256.txt file with SHA checksums for the files.

To download SHASUMS256.txt using curl:

curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt

To check that a downloaded file matches the checksum, run it through sha256sum with a command such as:

grep node-vx.y.z.tar.gz SHASUMS256.txt | sha256sum -c -

For Current and LTS, the GPG detached signature of SHASUMS256.txt is in SHASUMS256.txt.sig. You can use it with gpg to verify the integrity of SHASUMS256.txt. You will first need to import the GPG keys of individuals authorized to create releases.

See Release keys for commands to import active release keys.

Next, download the SHASUMS256.txt.sig for the release:

curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt.sig

Then use gpg --verify SHASUMS256.txt.sig SHASUMS256.txt to verify the file's signature.

Building Node.js

See BUILDING.md for instructions on how to build Node.js from source and a list of supported platforms.

Security

For information on reporting security vulnerabilities in Node.js, see SECURITY.md.

Contributing to Node.js

Current project team members

For information about the governance of the Node.js project, see GOVERNANCE.md.

TSC (Technical Steering Committee)

TSC voting members

TSC regular members

TSC emeriti members

TSC emeriti members

Collaborators

Emeriti

Collaborator emeriti

Collaborators follow the Collaborator Guide in maintaining the Node.js project.

Triagers

Triagers follow the Triage Guide when responding to new issues.

Release keys

Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys):

To import the full set of trusted release keys (including subkeys possibly used to sign releases):

gpg --keyserver hkps://keys.openpgp.org --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C # Beth Griggs
gpg --keyserver hkps://keys.openpgp.org --recv-keys 141F07595B7B3FFE74309A937405533BE57C7D57 # Bryan English
gpg --keyserver hkps://keys.openpgp.org --recv-keys 74F12602B6F1C4E913FAA37AD3A89613643B6201 # Danielle Adams
gpg --keyserver hkps://keys.openpgp.org --recv-keys DD792F5973C6DE52C432CBDAC77ABFA00DDBF2B7 # Juan José Arboleda
gpg --keyserver hkps://keys.openpgp.org --recv-keys CC68F5A3106FF448322E48ED27F5E38D5B0A215F # Marco Ippolito
gpg --keyserver hkps://keys.openpgp.org --recv-keys 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 # Michaël Zasso
gpg --keyserver hkps://keys.openpgp.org --recv-keys 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 # Rafael Gonzaga
gpg --keyserver hkps://keys.openpgp.org --recv-keys C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C # Richard Lau
gpg --keyserver hkps://keys.openpgp.org --recv-keys 108F52B48DB57BB0CC439B2997B01419BD92F80A # Ruy Adorno
gpg --keyserver hkps://keys.openpgp.org --recv-keys A363A499291CBBC940DD62E41F10027AF002F8B0 # Ulises Gascón

See Verifying binaries for how to use these keys to verify a downloaded file.

Other keys used to sign some previous releases

Security release stewards

When possible, the commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to prioritize security releases. Security release stewards manage security releases on a rotation basis as outlined in the security release process.

License

Node.js is available under the MIT license. Node.js also includes external libraries that are available under a variety of licenses. See LICENSE for the full license text.