A utility to fetch or build patched Node binaries used by pkg to generate executables. This repo hosts prebuilt binaries in Releases.
Node | Platform | Architectures | Minimum OS version |
---|---|---|---|
8[1], 10[1], 12, 14, 16 | alpine | x64, arm64 | 3.7.3, other distros with musl libc >= 1.1.18 |
8[1], 10[1], 12, 14, 16 | linux | x64 | Enterprise Linux 7, Ubuntu 14.04, Debian jessie, other distros with glibc >= 2.17 |
8[1], 10[1], 12, 14, 16 | linux | arm64 | Enterprise Linux 8, Ubuntu 18.04, Debian buster, other distros with glibc >= 2.27 |
8[1], 10[1], 12, 14, 16 | linuxstatic | x64, arm64 | Any distro with Linux Kernel >= 2.6.32 (>= 3.10 strongly recommended) |
16 | linuxstatic | armv7[2] | Any distro with Linux Kernel >= 2.6.32 (>= 3.10 strongly recommended) |
8[1], 10[1], 12, 14, 16 | macos | x64 | 10.13 |
14, 16 | macos | arm64[3] | 11.0 |
8[1], 10[1], 12, 14, 16 | win | x64 | 8.1 |
14, 16 | win | arm64 | 10 |
[1]: end-of-life, may be removed in the next major release.
[2]: best-effort basis, not semver-protected.
[3]: mandatory code signing is enforced by Apple.
We do not expect this project to have vulnerabilities of its own. Nonetheless, as this project distributes prebuilt Node.js binaries,
Node.js security vulnerabilities affect binaries distributed by this project, as well.
Like most of you, this project does not have access to advance/private disclosures of Node.js security vulnerabilities. We can only closely monitor the public security advisories from the Node.js team. It takes time to build and release a new set of binaries, once a new Node.js version has been released.
We aim to complete the full cycle within a day, when there is a security update. Please open an issue if there is no action for a while.
It is possible for this project to fall victim to a supply chain attack.
This project deploys multiple defense measures to ensure that the safe binaries are delivered to users:
pkg-fetch
rejects the binary if it does not match the hardcoded hash.pkg-fetch
package on npm is strictly permission-controlled
Report to security@vercel.com, if you noticed a disparity between (hashes of) binaries.
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。