Node.js 是一个基于 Chrome V8 引擎的 JavaScript 运行环境。
Node.js 使用了一个事件驱动、非阻塞式 I/O 模型,使其轻量又高效。
Node.js 的包管理器 npm,是全球最大的开源库生态系统。
Node.js 项目由 Node.js 基金会 提供支持。贡献、策略和发布都是在一个开放的治理模型下进行管理的。
这个项目受到行为准则的约束。
Node.js 贡献者在解决一般支持问题方面的可用性有限。请确保您使用的是目前支持的node.js版本。
在寻找支持的时候,请首先在这些地点搜索你的问题:
- Node.js 网站
- Node.js Help
- Open or closed issues in the Node.js GitHub organization
- StackOverflow 上的 'node.js' 问题标记
如果你没有在上面的某个地点找到答案,你可以:
- 加入这个非官方的 chat.freenode.net 上的 node.js 频道. 查看 http://nodeirc.info/ 获得更多信息。
GitHub的问题是为了追踪增强和bug,而不是一般的支持。
记住,自由!=免费;开放源码许可授予您使用和修改的自由,但他人的时间的不是义务的 。请尊重他人,并相应地设定你的期望。
Node.js 项目维护多种发行类型:
-
Current: 从这个存储库的活动开发分支中发布出来,由 SemVer 进行版本控制,并由发布团队的成员签署。当前版本的代码是由这个存储库中主版本号组织的。例如:v4.x。当前版本的主版本号将每6个月增加一次,以允许对将要引入的更改进行修改。这发生在每年的4月和10月。目前的发行版从每年10月开始,每年最多支持8个月。目前每年4月开始的发行版将在6个月后转换为LTS(见下文),并获得30个月的进一步支持。
-
LTS: 获得长期支持的发行版,主要关注稳定性和安全性。每一秒的当前发行版(主要版本)将成为LTS系列,并接受18个月的 活动LTS 支持和12个月的 维护。LTS的发行版以字母顺序排列的代号,从 v4 氩开始。LTS版本不太频繁,并且会尝试保持一致的主要和次要版本号,只增加补丁版本号。除了在某些特殊情况下,没有任何更改或特性添加。
-
Nightly: 这个存储库中的当前的 Current分支上的的代码版本,每24小时自动构建一次变更。请谨慎使用。
更多信息请参阅LTS README.
二进制文件, 安装程序, 和 源 tarball 可用都是可用的,请访问 https://nodejs.org.
https://nodejs.org/download/release/ 上的Current 和 LTS 版本都是可用的, 在它们的版本字符串中列出。 latest 目录是最新 Current版本的别名。最新的LTS版本 LTS系列最新的LTS版本可以在表单中找到:latest-代号. 例如: https://nodejs.org/download/release/latest-argon.
https://nodejs.org/download/nightly/上的 Nightly 构建是可用的,在发布头部列出包含日期(UTC时间)和提交SHA的版本字符串
每一个发布版本和每夜版本的 docs 目录下的API 文档 都是可用的。https://nodejs.org/api/ 指向最新稳定版本的 API文档。
Current, LTS 和 Nightly 下载目录都包含一个 SHASUMS256.txt 文件,这个文件列出了可供下载的每个文件的SHA校验和。
可以使用 curl 下载 SHASUMS256.txt 文件。
$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt
要检查下载的文件是否与校验和匹配,可以通过 sha256sum
运行它,并使用如下命令:
$ grep node-vx.y.z.tar.gz SHASUMS256.txt | sha256sum -c -
("node-vx.y.z.tar.gz"是你下载的文件的名称)
另外,Current和LTS发行版(非每夜)具有 SHASUMS256.txt 的 GPG 分离签名作为 SHASUMS256.txt.sig。您可以使用 gpg
来验证 SHASUMS256.txt 是否被篡改过。
为了验证 SHASUMS256.txt 没有被更改,您首先需要导入个人授权的所有GPG密钥来创建发布。他们被罗列在Release Team下面的README的底部。使用这样的命令来导入密钥:
$ gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
(请参阅这个README的底部,以获得一个完整的脚本,以导入活动 发布keys)
接下来,下载 SHASUMS256.txt.sig 用于发布:
$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt.sig
下载适当的 SHASUMS256.txt 和 SHASUMS256.txt.sig 文件之后,你可以使用gpg --verify SHASUMS256.txt.sig SHASUMS256.txt
来验证该文件已由 Node.js 团队的授权成员签署。
一旦验证了,使用 SHASUMS256.txt 文件来获得上面的二进制验证命令的校验和。
查看 BUILDING.md 获得关于如何从源代码构建 Node.js 的说明。该文档还包含一个官方支持的平台列表。
Node.js 中的所有安全漏洞都被认真对待,应该通过电子邮件 security@nodejs.org 来报告。这将交付给负责处理安全问题的项目团队的一个小团队。在被安全团队处理之前,请不要公开地安全漏洞。
你的电子邮件将在24小时内得到确认,你将在48小时内收到一封更详细的回复邮件,表明下一步将处理你的报告。
没有严格的规则来确定一个bug是否值得作为安全问题报告。一般规则是任何值得报告的问题都必须允许攻击者破坏 Node.js 应用程序或它的系统的机密性、完整性或可用性,然而攻击者还没有能力。
为了说明这一点,下面是一些过去问题的例子,以及安全团队对他们的看法。然而,当有疑问的时候,请给我们发一份报告。
-
#14519: Internal domain function can be used to cause segfaults. Causing program termination using either the public JavaScript APIs or the private bindings layer APIs requires the ability to execute arbitrary JavaScript code, which is already the highest level of privilege possible.
-
#12141: buffer: zero fill Buffer(num) by default. The buffer constructor behaviour was documented, but found to be prone to mis-use. It has since been changed, but despite much debate, was not considered misuse prone enough to justify fixing in older release lines and breaking our API stability contract.
-
CVE-2016-7099: Fix invalid wildcard certificate validation check. This is a high severity defect that would allow a malicious TLS server to serve an invalid wildcard certificate for its hostname and be improperly validated by a Node.js client.
-
#5507: Fix a defect that makes the CacheBleed Attack possible. Many, though not all, OpenSSL vulnerabilities in the TLS/SSL protocols also effect Node.js.
-
CVE-2016-2216: Fix defects in HTTP header parsing for requests and responses that can allow response splitting. While the impact of this vulnerability is application and network dependent, it is remotely exploitable in the HTTP protocol.
When in doubt, please do send us a report.
The Node.js project team comprises a group of core collaborators and a sub-group that forms the Technical Steering Committee (TSC) which governs the project. For more information about the governance of the Node.js project, see GOVERNANCE.md.
- addaleax - Anna Henningsen <anna@addaleax.net> (she/her)
- ChALkeR - Сковорода Никита Андреевич <chalkerx@gmail.com> (he/him)
- cjihrig - Colin Ihrig <cjihrig@gmail.com>
- evanlucas - Evan Lucas <evanlucas@me.com> (he/him)
- fhinkel - Franziska Hinkelmann <franziska.hinkelmann@gmail.com> (she/her)
- Fishrock123 - Jeremiah Senkpiel <fishrock123@rocketmail.com>
- indutny - Fedor Indutny <fedor.indutny@gmail.com>
- jasnell - James M Snell <jasnell@gmail.com> (he/him)
- joshgav - Josh Gavant <josh.gavant@outlook.com>
- joyeecheung - Joyee Cheung <joyeec9h3@gmail.com> (she/her)
- mcollina - Matteo Collina <matteo.collina@gmail.com> (he/him)
- mhdawson - Michael Dawson <michael_dawson@ca.ibm.com> (he/him)
- mscdex - Brian White <mscdex@mscdex.net>
- MylesBorins - Myles Borins <myles.borins@gmail.com> (he/him)
- ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
- rvagg - Rod Vagg <rod@vagg.org>
- targos - Michaël Zasso <targos@protonmail.com> (he/him)
- thefourtheye - Sakthipriyan Vairamani <thechargingvolcano@gmail.com> (he/him)
- trevnorris - Trevor Norris <trev.norris@gmail.com>
- Trott - Rich Trott <rtrott@gmail.com> (he/him)
- bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
- chrisdickinson - Chris Dickinson <christopher.s.dickinson@gmail.com>
- isaacs - Isaac Z. Schlueter <i@izs.me>
- nebrius - Bryan Hughes <bryan@nebri.us>
- orangemocha - Alexis Campailla <orangemocha@nodejs.org>
- piscisaureus - Bert Belder <bertbelder@gmail.com>
- shigeki - Shigeki Ohtsu <ohtsu@ohtsu.org> (he/him)
- abouthiroppy - Yuta Hiroto <hello@about-hiroppy.com> (he/him)
- addaleax - Anna Henningsen <anna@addaleax.net> (she/her)
- ak239 - Aleksei Koziatinskii <ak239spb@gmail.com>
- andrasq - Andras <andras@kinvey.com>
- AndreasMadsen - Andreas Madsen <amwebdk@gmail.com> (he/him)
- AnnaMag - Anna M. Kedzierska <anna.m.kedzierska@gmail.com>
- apapirovski - Anatoli Papirovski <apapirovski@mac.com> (he/him)
- aqrln - Alexey Orlenko <eaglexrlnk@gmail.com> (he/him)
- bengl - Bryan English <bryan@bryanenglish.com> (he/him)
- benjamingr - Benjamin Gruenbaum <benjamingr@gmail.com>
- bmeck - Bradley Farias <bradley.meck@gmail.com>
- bmeurer - Benedikt Meurer <benedikt.meurer@gmail.com>
- bnoordhuis - Ben Noordhuis <info@bnoordhuis.nl>
- brendanashworth - Brendan Ashworth <brendan.ashworth@me.com>
- BridgeAR - Ruben Bridgewater <ruben@bridgewater.de>
- bzoz - Bartosz Sosnowski <bartosz@janeasystems.com>
- calvinmetcalf - Calvin Metcalf <calvin.metcalf@gmail.com>
- ChALkeR - Сковорода Никита Андреевич <chalkerx@gmail.com> (he/him)
- chrisdickinson - Chris Dickinson <christopher.s.dickinson@gmail.com>
- cjihrig - Colin Ihrig <cjihrig@gmail.com>
- claudiorodriguez - Claudio Rodriguez <cjrodr@yahoo.com>
- danbev - Daniel Bevenius <daniel.bevenius@gmail.com>
- DavidCai1993 - David Cai <davidcai1993@yahoo.com> (he/him)
- edsadr - Adrian Estrada <edsadr@gmail.com> (he/him)
- eljefedelrodeodeljefe - Robert Jefe Lindstaedt <robert.lindstaedt@gmail.com>
- estliberitas - Alexander Makarenko <estliberitas@gmail.com>
- eugeneo - Eugene Ostroukhov <eostroukhov@google.com>
- evanlucas - Evan Lucas <evanlucas@me.com> (he/him)
- fhinkel - Franziska Hinkelmann <franziska.hinkelmann@gmail.com> (she/her)
- firedfox - Daniel Wang <wangyang0123@gmail.com>
- Fishrock123 - Jeremiah Senkpiel <fishrock123@rocketmail.com>
- gabrielschulhof - Gabriel Schulhof <gabriel.schulhof@intel.com>
- geek - Wyatt Preul <wpreul@gmail.com>
- gibfahn - Gibson Fahnestock <gibfahn@gmail.com> (he/him)
- gireeshpunathil - Gireesh Punathil <gpunathi@in.ibm.com> (he/him)
- guybedford - Guy Bedford <guybedford@gmail.com> (he/him)
- hashseed - Yang Guo <yangguo@chromium.org> (he/him)
- iarna - Rebecca Turner <me@re-becca.org>
- imran-iq - Imran Iqbal <imran@imraniqbal.org>
- imyller - Ilkka Myller <ilkka.myller@nodefield.com>
- indutny - Fedor Indutny <fedor.indutny@gmail.com>
- italoacasas - Italo A. Casas <me@italoacasas.com> (he/him)
- JacksonTian - Jackson Tian <shyvo1987@gmail.com>
- jasnell - James M Snell <jasnell@gmail.com> (he/him)
- jasongin - Jason Ginchereau <jasongin@microsoft.com>
- jbergstroem - Johan Bergström <bugs@bergstroem.nu>
- jhamhader - Yuval Brik <yuval@brik.org.il>
- jkrems - Jan Krems <jan.krems@gmail.com> (he/him)
- joaocgreis - João Reis <reis@janeasystems.com>
- joshgav - Josh Gavant <josh.gavant@outlook.com>
- joyeecheung - Joyee Cheung <joyeec9h3@gmail.com> (she/her)
- julianduque - Julian Duque <julianduquej@gmail.com> (he/him)
- JungMinu - Minwoo Jung <minwoo@nodesource.com> (he/him)
- kfarnung - Kyle Farnung <kfarnung@microsoft.com> (he/him)
- kunalspathak - Kunal Pathak <kunal.pathak@microsoft.com>
- lance - Lance Ball <lball@redhat.com>
- lpinca - Luigi Pinca <luigipinca@gmail.com> (he/him)
- lucamaraschi - Luca Maraschi <luca.maraschi@gmail.com> (he/him)
- maclover7 - Jon Moss <me@jonathanmoss.me> (he/him)
- matthewloring - Matthew Loring <mattloring@google.com>
- mcollina - Matteo Collina <matteo.collina@gmail.com> (he/him)
- mhdawson - Michael Dawson <michael_dawson@ca.ibm.com> (he/him)
- micnic - Nicu Micleușanu <micnic90@gmail.com> (he/him)
- mikeal - Mikeal Rogers <mikeal.rogers@gmail.com>
- misterdjules - Julien Gilli <jgilli@nodejs.org>
- mscdex - Brian White <mscdex@mscdex.net>
- MylesBorins - Myles Borins <myles.borins@gmail.com> (he/him)
- not-an-aardvark - Teddy Katz <teddy.katz@gmail.com>
- ofrobots - Ali Ijaz Sheikh <ofrobots@google.com>
- orangemocha - Alexis Campailla <orangemocha@nodejs.org>
- othiym23 - Forrest L Norvell <ogd@aoaioxxysz.net> (he/him)
- phillipj - Phillip Johnsen <johphi@gmail.com>
- pmq20 - Minqi Pan <pmq2001@gmail.com>
- princejwesley - Prince John Wesley <princejohnwesley@gmail.com>
- Qard - Stephen Belanger <admin@stephenbelanger.com> (he/him)
- refack - Refael Ackermann <refack@gmail.com> (he/him)
- richardlau - Richard Lau <riclau@uk.ibm.com>
- rmg - Ryan Graham <r.m.graham@gmail.com>
- robertkowalski - Robert Kowalski <rok@kowalski.gd>
- romankl - Roman Klauke <romaaan.git@gmail.com>
- ronkorving - Ron Korving <ron@ronkorving.nl>
- RReverser - Ingvar Stepanyan <me@rreverser.com>
- rvagg - Rod Vagg <rod@vagg.org>
- saghul - Saúl Ibarra Corretgé <saghul@gmail.com>
- sam-github - Sam Roberts <vieuxtech@gmail.com>
- santigimeno - Santiago Gimeno <santiago.gimeno@gmail.com>
- sebdeckers - Sebastiaan Deckers <sebdeckers83@gmail.com>
- seishun - Nikolai Vavilov <vvnicholas@gmail.com>
- shigeki - Shigeki Ohtsu <ohtsu@ohtsu.org> (he/him)
- silverwind - Roman Reiss <me@silverwind.io>
- srl295 - Steven R Loomis <srloomis@us.ibm.com>
- stefanmb - Stefan Budeanu <stefan@budeanu.com>
- targos - Michaël Zasso <targos@protonmail.com> (he/him)
- thefourtheye - Sakthipriyan Vairamani <thechargingvolcano@gmail.com> (he/him)
- thekemkid - Glen Keane <glenkeane.94@gmail.com> (he/him)
- thlorenz - Thorsten Lorenz <thlorenz@gmx.de>
- TimothyGu - Timothy Gu <timothygu99@gmail.com> (he/him)
- tniessen - Tobias Nießen <tniessen@tnie.de>
- trevnorris - Trevor Norris <trev.norris@gmail.com>
- Trott - Rich Trott <rtrott@gmail.com> (he/him)
- tunniclm - Mike Tunnicliffe <m.j.tunnicliffe@gmail.com>
- vkurchatkin - Vladimir Kurchatkin <vladimir.kurchatkin@gmail.com>
- vsemozhetbyt - Vse Mozhet Byt <vsemozhetbyt@gmail.com> (he/him)
- watilde - Daijiro Wachi <daijiro.wachi@gmail.com> (he/him)
- whitlockjc - Jeremy Whitlock <jwhitlock@apache.org>
- XadillaX - Khaidi Chu <i@2333.moe> (he/him)
- yorkie - Yorkie Liu <yorkiefixer@gmail.com>
- yosuke-furukawa - Yosuke Furukawa <yosuke.furukawa@gmail.com>
- isaacs - Isaac Z. Schlueter <i@izs.me>
- lxe - Aleksey Smolenchuk <lxe@lxe.co>
- monsanto - Christopher Monsanto <chris@monsan.to>
- Olegas - Oleg Elifantiev <oleg@elifantiev.ru>
- petkaantonov - Petka Antonov <petka_antonov@hotmail.com>
- piscisaureus - Bert Belder <bertbelder@gmail.com>
- rlidwka - Alex Kocharin <alex@kocharin.ru>
- tellnes - Christian Tellnes <christian@tellnes.no>
Collaborators follow the COLLABORATOR_GUIDE.md in maintaining the Node.js project.
Node.js releases are signed with one of the following GPG keys:
- Colin Ihrig <cjihrig@gmail.com>
94AE36675C464D64BAFA68DD7434390BDBE9B9C5
- Evan Lucas <evanlucas@me.com>
B9AE9905FFD7803F25714661B63B535A4C206CA9
- Gibson Fahnestock <gibfahn@gmail.com>
77984A986EBC2AA786BC0F66B01FBB92821C587A
- Italo A. Casas <me@italoacasas.com>
56730D5401028683275BD23C23EFEFE93C4CFFFE
- James M Snell <jasnell@keybase.io>
71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
- Jeremiah Senkpiel <fishrock@keybase.io>
FD3A5288F042B6850C66B31F09FE44734EB7990E
- Myles Borins <myles.borins@gmail.com>
C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
- Rod Vagg <rod@vagg.org>
DD8F2338BAE7501E3DD5AC78C273792F7D83545D
The full set of trusted release keys can be imported by running:
gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E
gpg --keyserver pool.sks-keyservers.net --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
gpg --keyserver pool.sks-keyservers.net --recv-keys C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8
gpg --keyserver pool.sks-keyservers.net --recv-keys B9AE9905FFD7803F25714661B63B535A4C206CA9
gpg --keyserver pool.sks-keyservers.net --recv-keys 56730D5401028683275BD23C23EFEFE93C4CFFFE
gpg --keyserver pool.sks-keyservers.net --recv-keys 77984A986EBC2AA786BC0F66B01FBB92821C587A
See the section above on Verifying Binaries for details on what to do with these keys to verify that a downloaded file is official.
Previous releases may also have been signed with one of the following GPG keys:
- Chris Dickinson <christopher.s.dickinson@gmail.com>
9554F04D7259F04124DE6B476D5A82AC7E37093B
- Isaac Z. Schlueter <i@izs.me>
93C7E9E91B49E432C2F75674B0A78B0A6C481CF6
- Julien Gilli <jgilli@fastmail.fm>
114F43EE0176B71C7BC219DD50A3051F888C628D
- Timothy J Fontaine <tjfontaine@gmail.com>
7937DFD2AB06298B2293C3187D33FF9D0246406D