Package node: Information

  • Default inline alert: Version in the repository: 20.12.1-alt1

Source package: node
Version: 20.12.0-alt1
Latest version according to Repology
Build time:  Mar 31, 2024, 07:36 PM in the task #343964
Report package bug
Home page: http://nodejs.org/

License: MIT
Summary: Evented I/O for V8 Javascript
Description: 
Node.js is a server-side JavaScript environment that uses an asynchronous
event-driven model.  Node's goal is to provide an easy way to build scalable
network programs.

List of rpms provided by this srpm:
node (x86_64, ppc64le, i586, aarch64)
node-debuginfo (x86_64, ppc64le, i586, aarch64)
node-devel (x86_64, ppc64le, i586, aarch64)
node-doc (noarch)
npm (noarch)

Maintainer: Vitaly Lipatov



    1. /proc
    2. curl
    3. gcc-c++
    4. gyp >= 0.14.0
    5. python3-devel
    6. python3-module-simplejson
    7. libbrotli-devel
    8. rpm-build-intro >= 2.1.14
    9. rpm-macros-features
    10. rpm-macros-nodejs
    11. libcares-devel >= 1.27.0
    12. zlib-devel >= 1.3.0.1
    13. libicu-devel >= 7.4
    14. libnghttp2-devel >= 1.60.0
    15. libuv-devel >= 1.48.0
    16. openssl
    17. openssl-devel >= 3.0.8

Last changed


March 28, 2024 Vitaly Lipatov 20.12.0-alt1
- 2024-03-26, Version 20.12.0 'Iron' (LTS), @richardlau
- set npm >= 10.5.0, c-ares >= 1.27.0, zlib >= 1.3.01
- set libnghttp2 >= 1.60.0, libicu >= 7.4
March 1, 2024 Vitaly Lipatov 20.11.1-alt2
- fix npm config get user-agent output again (ALT bug 43430)
Feb. 18, 2024 Vitaly Lipatov 20.11.1-alt1
- new version 20.11.1 (with rpmrb script)
- enable build npm subpackage
- CVE-2024-21892: Code injection and privilege escalation through Linux capabilities- (High)
- CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks- (High)
- CVE-2024-21896: Path traversal by monkey-patching Buffer internals- (High)
- CVE-2024-22017: setuid() does not drop all privileges due to io_uring - (High)
- CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) - (Medium)
- CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization - (Medium)
- CVE-2024-21890: Improper handling of wildcards in --allow-fs-read and --allow-fs-write (Medium)
- CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding - (Medium)
- libuv >= 1.48.0