Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. For more information on using Node.js, see the Node.js Website.
The Node.js project is supported by the Node.js Foundation. Contributions, policies, and releases are managed under an open governance model.
This project is bound by a Code of Conduct.
- Support
- Release Types
- Building Node.js
- Security
- Current Project Team Members
- Contributing to Node.js
Node.js contributors have limited availability to address general support questions. Please make sure you are using a currently-supported version of Node.js.
When looking for support, please first search for your question in these venues:
If you didn't find an answer in one of the official resources above, you can search these unofficial resources:
- Questions tagged 'node.js' on StackOverflow
- #node.js channel on chat.freenode.net. See http://nodeirc.info/ for more information.
- Node.js Discord Community
- Node.js Slack Community: Visit nodeslackers.com to register.
GitHub issues are meant for tracking enhancements and bugs, not general support.
Remember, libre != gratis; the open source license grants you the freedom to use and modify, but not commitments of other people's time. Please be respectful, and set your expectations accordingly.
The Node.js project maintains multiple types of releases:
- Current: Released from active development branches of this repository, versioned by SemVer and signed by a member of the Release Team. Code for Current releases is organized in this repository by major version number. For example: v4.x. The major version number of Current releases will increment every 6 months allowing for breaking changes to be introduced. This happens in April and October every year. Current release lines beginning in October each year have a maximum support life of 8 months. Current release lines beginning in April each year will convert to LTS (see below) after 6 months and receive further support for 30 months.
- LTS: Releases that receive Long-term Support, with a focus on stability and security. Every second Current release line (major version) will become an LTS line and receive 18 months of Active LTS support and a further 12 months of Maintenance. LTS release lines are given alphabetically ordered codenames, beginning with v4 Argon. LTS releases are less frequent and will attempt to maintain consistent major and minor version numbers, only incrementing patch version numbers. There are no breaking changes or feature additions, except in some special circumstances.
- Nightly: Versions of code in this repository on the current Current branch, automatically built every 24-hours where changes exist. Use with caution.
More information can be found in the LTS README.
Binaries, installers, and source tarballs are available at https://nodejs.org.
Current and LTS releases are available at https://nodejs.org/download/release/, listed under their version strings. The latest directory is an alias for the latest Current release. The latest LTS release from an LTS line is available in the form: latest-codename. For example: https://nodejs.org/download/release/latest-argon.
Nightly builds are available at https://nodejs.org/download/nightly/, listed under their version string which includes their date (in UTC time) and the commit SHA at the HEAD of the release.
API documentation is available in each release and nightly directory under docs. https://nodejs.org/api/ points to the API documentation of the latest stable version.
Current, LTS, and Nightly download directories all contain a SHASUMS256.txt file that lists the SHA checksums for each file available for download.
The SHASUMS256.txt can be downloaded using curl.
$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txtTo check that a downloaded file matches the checksum, run
it through sha256sum with a command such as:
$ grep node-vx.y.z.tar.gz SHASUMS256.txt | sha256sum -c -Current and LTS releases (but not Nightlies) also have the GPG detached
signature of SHASUMS256.txt available as SHASUMS256.txt.sig. You can use gpg
to verify that SHASUMS256.txt has not been tampered with.
To verify SHASUMS256.txt has not been altered, you will first need to import all of the GPG keys of individuals authorized to create releases. They are listed at the bottom of this README under Release Team. Use a command such as this to import the keys:
$ gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545DSee the bottom of this README for a full script to import active release keys.
Next, download the SHASUMS256.txt.sig for the release:
$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt.sigAfter downloading the appropriate SHASUMS256.txt and SHASUMS256.txt.sig files,
you can then use gpg --verify SHASUMS256.txt.sig SHASUMS256.txt to verify
that the file has been signed by an authorized member of the Node.js team.
Once verified, use the SHASUMS256.txt file to get the checksum for the binary verification command above.