Current: Under active development. Code for the Current release is in the
branch for its major version number (for example,
v15.x). Node.js releases a new
major version every 6 months, allowing for breaking changes. This happens in
April and October every year. Releases appearing each October have a support
life of 8 months. Releases appearing each April convert to LTS (see below)
each October.
LTS: Releases that receive Long Term Support, with a focus on stability
and security. Every even-numbered major version will become an LTS release.
LTS releases receive 12 months of Active LTS support and a further 18 months
of Maintenance. LTS release lines have alphabetically-ordered code names,
beginning with v4 Argon. There are no breaking changes or feature additions,
except in some special circumstances.
Nightly: Code from the Current branch built every 24-hours when there are
changes. Use with caution.
Current and LTS releases follow semantic versioning. A
member of the Release Team signs each Current and LTS release.
For more information, see the
Release README.
The latest directory is an
alias for the latest Current release. The latest-codename directory is an
alias for the latest release from an LTS line. For example, the
latest-fermium directory
contains the latest Fermium (Node.js 14) release.
Each directory name and filename contains a date (in UTC) and the commit
SHA at the HEAD of the release.
API documentation
Documentation for the latest Current release is at https://nodejs.org/api/.
Version-specific documentation is available in each release directory in the
docs subdirectory. Version-specific documentation is also at
https://nodejs.org/download/docs/.
Verifying binaries
Download directories contain a SHASUMS256.txt file with SHA checksums for the
files.
For Current and LTS, the GPG detached signature of SHASUMS256.txt is in
SHASUMS256.txt.sig. You can use it with gpg to verify the integrity of
SHASUMS256.txt. You will first need to import
the GPG keys of individuals authorized to create releases. To
import the keys:
When possible, the commitment to take slots in the
security release steward rotation is made by companies in order
to ensure individuals who act as security stewards have the
support and recognition from their employer to be able to
prioritize security releases. Security release stewards manage security
releases on a rotation basis as outlined in the
security release process.
Node.js is available under the
MIT license. Node.js also includes
external libraries that are available under a variety of licenses. See
LICENSE for the full
license text.
nodejs/node
Node.js
Node.js is an open-source, cross-platform, JavaScript runtime environment.
For information on using Node.js, see the Node.js website.
The Node.js project uses an open governance model. The OpenJS Foundation provides support for the project.
This project has a Code of Conduct.
Table of contents
Support
Looking for help? Check out the instructions for getting support.
Release types
Current and LTS releases follow semantic versioning. A member of the Release Team signs each Current and LTS release. For more information, see the Release README.
Download
Binaries, installers, and source tarballs are available at https://nodejs.org/en/download/.
Current and LTS releases
https://nodejs.org/download/release/
The latest directory is an alias for the latest Current release. The latest-codename directory is an alias for the latest release from an LTS line. For example, the latest-fermium directory contains the latest Fermium (Node.js 14) release.
Nightly releases
https://nodejs.org/download/nightly/
Each directory name and filename contains a date (in UTC) and the commit SHA at the HEAD of the release.
API documentation
Documentation for the latest Current release is at https://nodejs.org/api/. Version-specific documentation is available in each release directory in the docs subdirectory. Version-specific documentation is also at https://nodejs.org/download/docs/.
Verifying binaries
Download directories contain a
SHASUMS256.txtfile with SHA checksums for the files.To download
SHASUMS256.txtusingcurl:$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txtTo check that a downloaded file matches the checksum, run it through
sha256sumwith a command such as:$ grep node-vx.y.z.tar.gz SHASUMS256.txt | sha256sum -c -For Current and LTS, the GPG detached signature of
SHASUMS256.txtis inSHASUMS256.txt.sig. You can use it withgpgto verify the integrity ofSHASUMS256.txt. You will first need to import the GPG keys of individuals authorized to create releases. To import the keys:$ gpg --keyserver hkps://keys.openpgp.org --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545DSee Release keys for a script to import active release keys.
Next, download the
SHASUMS256.txt.sigfor the release:$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt.sigThen use
gpg --verify SHASUMS256.txt.sig SHASUMS256.txtto verify the file's signature.Building Node.js
See BUILDING.md for instructions on how to build Node.js from source and a list of supported platforms.
Security
For information on reporting security vulnerabilities in Node.js, see SECURITY.md.
Contributing to Node.js
Current project team members
For information about the governance of the Node.js project, see GOVERNANCE.md.
TSC (Technical Steering Committee)
Emeriti
TSC emeriti
Collaborators
Emeriti
Collaborator emeriti
Collaborators follow the Collaborator Guide in maintaining the Node.js project.
Triagers
Release keys
Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys):
4ED778F539E3634C779C87C6D7062848A1AB005C141F07595B7B3FFE74309A937405533BE57C7D5794AE36675C464D64BAFA68DD7434390BDBE9B9C574F12602B6F1C4E913FAA37AD3A89613643B620171DCFD284A79C3B38668286BC97EC7A07EDE3FC161FC681DFB92A079F1685E77973F295594EC46898FCCA13FEF1D0C2E91008E09770F7A9A5AE15600C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93CDD8F2338BAE7501E3DD5AC78C273792F7D83545DA48C2BEE680E841632CD4E44F07496B3EB3C1762108F52B48DB57BB0CC439B2997B01419BD92F80AB9E2F5981AA6E0CD28160D9FF13993A75599653CTo import the full set of trusted release keys (including subkeys possibly used to sign releases):
See Verifying binaries for how to use these keys to verify a downloaded file.
Other keys used to sign some previous releases
9554F04D7259F04124DE6B476D5A82AC7E37093B1C050899334244A8AF75E53792EF661D867B9DFAB9AE9905FFD7803F25714661B63B535A4C206CA977984A986EBC2AA786BC0F66B01FBB92821C587A93C7E9E91B49E432C2F75674B0A78B0A6C481CF656730D5401028683275BD23C23EFEFE93C4CFFFEFD3A5288F042B6850C66B31F09FE44734EB7990E114F43EE0176B71C7BC219DD50A3051F888C628D7937DFD2AB06298B2293C3187D33FF9D0246406DSecurity release stewards
When possible, the commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to prioritize security releases. Security release stewards manage security releases on a rotation basis as outlined in the security release process.
License
Node.js is available under the MIT license. Node.js also includes external libraries that are available under a variety of licenses. See LICENSE for the full license text.