v19.0.1

1271f7a (Add missing dependencies to no-systemd variant, 2025-08-11)

v19.0.0

7a6c89f (Update to nodejs 24.x, 2025-07-03)

v18.0.41

Update Node.js to v22.18.0

Notable changes

• [26f3711228] - (SEMVER-MINOR) deps: update amaro to 1.1.0 (Node.js GitHub Bot) #​56350
• [d80ef2a71f] - (SEMVER-MINOR) doc: add all watch-mode related flags to node.1 (Dario Piotrowicz) #​58719
• [8ab24d21c9] - doc: add islandryu to collaborators (Shima Ryuhei) #​58714
• [430e66b9b8] - (SEMVER-MINOR) esm: implement import.meta.main (Joe) #​57804
• [62f7926b6a] - (SEMVER-MINOR) fs: allow correct handling of burst in fs-events with AsyncIterator (Philipp Dunkel) #​58490
• [65f19a00c3] - (SEMVER-MINOR) permission: propagate permission model flags on spawn (Rafael Gonzaga) #​58853
• [ccca1517f9] - (SEMVER-MINOR) sqlite: add support for readBigInts option in db connection level (Miguel Marcondes Filho) #​58697
• [48003e87e8] - (SEMVER-MINOR) src,permission: add support to permission.has(addon) (Rafael Gonzaga) #​58951
• [fe4290a0e6] - (SEMVER-MINOR) url: add fileURLToPathBuffer API (James M Snell) #​58700
• [4dc6b4c67a] - (SEMVER-MINOR) watch: add --watch-kill-signal flag (Dario Piotrowicz) #​58719
• [8dbc6b210f] - (SEMVER-MINOR) worker: make Worker async disposable (James M Snell) #​58385
• [b19ffebea7] - assert: remove dead code (Yoshiya Hinosawa) #​58760
• [5bc828beae] - benchmark: add source map and source map cache (Miguel Marcondes Filho) #​58125
• [f7c16985a7] - build: disable v8_enable_pointer_compression_shared_cage on non-64bit (Shelley Vohr) #​58867
• [ba42c72f7f] - build: option to use custom inspector_protocol path (Shelley Vohr) #​58839
• [4fd8911653] - build: fix typo 'Stoage' to 'Storage' in help text (ganglike) #​58777
• [114cd95919] - crypto: fix inclusion of OPENSSL_IS_BORINGSSL define (Shelley Vohr) #​58845
• [6699c75eac] - crypto: fix SHAKE128/256 breaking change introduced with OpenSSL 3.4 (Filip Skokan) #​58942
• [f99aa748c0] - deps: upgrade npm to 10.9.3 (npm team) #​58847
• [02e971190b] - deps: update sqlite to 3.50.2 (Node.js GitHub Bot) #​58882
• [de2b85b5ae] - deps: update googletest to 35b75a2 (Node.js GitHub Bot) #​58710
• [e7591d7a19] - deps: update minimatch to 10.0.3 (Node.js GitHub Bot) #​58712
• [8c61b96c43] - deps: update acorn to 8.15.0 (Node.js GitHub Bot) #​58711
• [113f4e2d3c] - deps: update sqlite to 3.50.1 (Node.js GitHub Bot) #​58630
• [7ccd848995] - deps: update simdjson to 3.13.0 (Node.js GitHub Bot) #​58629
• [e9c51deb5c] - deps: update zlib to 1.3.1-470d3a2 (Node.js GitHub Bot) #​58628
• [752dde182f] - (SEMVER-MINOR) deps: update amaro to 1.0.0 (Node.js GitHub Bot) #​56350
• [258534d0dc] - (SEMVER-MINOR) deps: update amaro to 0.5.3 (Node.js GitHub Bot) #​56350
• [7fcf675503] - (SEMVER-MINOR) deps: update amaro to 0.5.2 (Node.js GitHub Bot) #​56350
• [81a10a67d5] - (SEMVER-MINOR) deps: update amaro to 0.5.1 (Marco Ippolito) #​56350
• [25f8682a62] - (SEMVER-MINOR) deps: update amaro to 0.5.0 (nodejs-github-bot) #​56350
• [4baf2167e7] - dns: fix parse memory leaky (theanarkh) #​58973
• [e8f4a7df22] - dns: set timeout to 1000ms when timeout < 0 (theanarkh) #​58441
• [1e373a0a25] - doc: update release key for aduh95 (Antoine du Hamel) #​58877
• [d5c104246f] - doc: remove broken link to permission model source code (Juan José) #​58972
• [b8885a25ff] - doc: clarify details of TSC public and private meetings (James M Snell) #​58925
• [aa05823b37] - doc: mark stability markers consistent in globals.md (Antoine du Hamel) #​58932
• [3856aee9b2] - doc: move "Core Promise APIs" to "Completed initiatives" (Antoine du Hamel) #​58934
• [c2f9735422] - doc: fix fetch subsections in globals.md (Antoine du Hamel) #​58933
• [5f4c7a9d2d] - doc: add missing Class: mentions (Antoine du Hamel) #​58931
• [88ee38b37c] - doc: remove myself from security steward rotation (Michael Dawson) #​58927
• [02031a9b0d] - doc: add ovflowd back to core collaborators (Claudio W.) #​58911
• [9551fa3c8f] - doc: update email address for Richard Lau (Richard Lau) #​58910
• [cd6bc982c0] - doc: update vm doc links (Chengzhong Wu) #​58885
• [ce49303cd0] - doc: add missing comma in child_process.md (ronijames008) #​58862
• [[f8fcb1c83a](https://redirect.github.co...

v18.0.40

Update dependency npm to v11.5.2

Notable changes

• 7d900c4 #​8467 oidc visibility check for provenance (#​8467) (@​reggi, @​wraithgar)
• d4e56b2 #​8459 update snapshot generation command (#​8459) (@​MikeMcC399)

npm/cli (npm)

v11.5.2

Compare Source

Bug Fixes

• 7d900c4 #​8467 oidc visibility check for provenance (#​8467) (@​reggi, @​wraithgar)

Documentation

• d4e56b2 #​8459 update snapshot generation command (#​8459) (@​MikeMcC399)

List of commits

60b6f9f (Update dependency npm to v11.5.2, 2025-07-30)

v18.0.39

931f46c (patch: Remove obsolete/deprecated hosts, 2025-07-28)

v18.0.38

Update dependency npm to v11.5.1

Notable changes

• 476bf17 #​8457 provenance should only default for oidc (@​reggi)

npm/cli (npm)

v11.5.1

Compare Source

Bug Fixes

• 476bf17 #​8457 provenance should only default for oidc (@​reggi)

List of commits

c1b130b (Update dependency npm to v11.5.1, 2025-07-24)

v18.0.37

Update dependency npm to v11.5.0

Notable changes

• 1cce318 #​8336 adds support for oidc publish (#​8336) (@​reggi)
• 7f66f0a #​8447 add better hint for before and clean up description (@​wraithgar)
• 280817a #​8447 add --before param to command help output (@​wraithgar)
• 6e47325 #​8441 Makes 404 errors less scary without revealing existence (#​8441) (@​owlstronaut)
• 0a97ffd #​8429 handle signal exits gracefully (@​owlstronaut)
• 5b858c6 #​8411 ensure progress bars display consistently across all environments (#​8411) (@​owlstronaut)
• ef3529e #​8435 add test snapshot (#​8435) (@​reggi, @​wraithgar)
• b7758d7 #​8418 remove reference to Node.js download less common os (#​8418) (@​MikeMcC399)
• 746ac5d #​8380 remove duplicate info (#​8380) (@​alexsch01)
• 4673e9c #​8371 rebrand OS X references to macOS (@​MikeMcC399)
• 398fed4 #​8450 [email protected]
• 5b242c9 #​8450 [email protected]
• d4e8a8a #​8450 [email protected]
• e1b37b2 #​8450 [email protected]
• 3cb5884 #​8450 [email protected]
• daea981 #​8450 [email protected]
• 39ad47d #​8450 [email protected]
• a789f33 #​8450 [email protected]
• 1c0d257 #​8450 @npmcli/[email protected]
• 804a964 #​8450 update devDependencies in lockfile (@​wraithgar)
• 643ae71 #​8450 update mock-registry to use local arborist (@​wraithgar)
• cf023d7 #​8421 contributing: prepare easier copy-paste contributing commands (#​8421) (@​MikeMcC399)
• 3f60b5f #​8383 @npmcli/[email protected] (#​8383) (@​wraithgar)
• 01f8cc6 #​8381 @npmcli/[email protected] (#​8381) (@​wraithgar)
• workspace: @npmcli/[email protected]
• workspace: @npmcli/[email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]

npm/cli (npm)

v11.5.0

Compare Source

Features

• 1cce318 #​8336 adds support for oidc publish (#​8336) (@​reggi)

Bug Fixes

• 7f66f0a #​8447 add better hint for before and clean up description (@​wraithgar)
• 280817a #​8447 add --before param to command help output (@​wraithgar)
• 6e47325 #​8441 Makes 404 errors less scary without revealing existence (#​8441) (@​owlstronaut)
• 0a97ffd #​8429 handle signal exits gracefully (@​owlstronaut)
• 5b858c6 #​8411 ensure progress bars display consistently across all environments (#​8411) (@​owlstronaut)

Documentation

• ef3529e #​8435 add test snapshot (#​8435) (@​reggi, @​wraithgar)
• b7758d7 #​8418 remove reference to Node.js download less common os (#​8418) (@​MikeMcC399)
• 746ac5d #​8380 remove duplicate info (...

v18.0.36

Update Node.js to v22.17.1

Notable changes

• (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()
• [8cf5d66ab7] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721
• [9c0cb487ec] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #​58902

nodejs/node (node)

v22.17.1: 2025-07-15, Version 22.17.1 'Jod' (LTS), @​RafaelGSS

Compare Source

This is a security release.

Notable Changes

• (CVE-2025-27210) Windows Device Names (CON, PRN, AUX) Bypass Path Traversal Protection in path.normalize()

Commits

• [8cf5d66ab7] - (CVE-2025-27210) lib: handle all windows reserved driver name (RafaelGSS) nodejs-private/node-private#721
• [9c0cb487ec] - win,build: fix MSVS v17.14 compilation issue (StefanStojanovic) #​58902

List of commits

a5d9cfc (Update Node.js to v22.17.1, 2025-07-15)

v18.0.35

Update Node.js to v22.17.0

Notable changes

• dirent.parentPath
• filehandle.readableWebStream()
• fs.glob()
• fs.openAsBlob()
• node:readline/promises
• port.hasRef()
• readable.compose()
• readable.iterator()
• readable.readableAborted
• readable.readableDidRead
• Duplex.fromWeb()
• Duplex.toWeb()
• Readable.fromWeb()
• Readable.isDisturbed()
• Readable.toWeb()
• stream.isErrored()
• stream.isReadable()
• URL.createObjectURL()
• URL.revokeObjectURL()
• v8.setHeapSnapshotNearHeapLimit()
• Writable.fromWeb()
• Writable.toWeb()
• writable.writableAborted
• Startup Snapshot API
• ERR_INPUT_TYPE_NOT_ALLOWED
• ERR_UNKNOWN_FILE_EXTENSION
• ERR_UNKNOWN_MODULE_FORMAT
• ERR_USE_AFTER_CLOSE
• [0105c13556] - doc: add Filip Skokan to TSC (Rafael Gonzaga) #​58499
• [3b857735ef] - doc: add JonasBa to collaborators (Jonas Badalic) #​58355
• [fdf7612735] - doc: add puskin to collaborators (Giovanni Bucci) #​58308
• [ffe7e1ace0] - (SEMVER-MINOR) assert: mark partialDeepStrictEqual() as stable (Ruben Bridgewater) #​57370
• [269931f289] - async_hooks: ensure AsyncLocalStore instances work isolated (Gerhard Stöbich) #​58149
• [9e0746a4ff] - benchmark: fix broken fs.cpSync benchmark (Dario Piotrowicz) #​58472
• [dee8cb5bcb] - benchmark: add more options to cp-sync (Sonny) #​58278
• [e840fd5b85] - benchmark: fix typo in method name for error-stack (Miguel Marcondes Filho) #​58128
• [b9a16e97e0] - buffer: give names to Buffer.prototype.*Write() functions (Livia Medeiros) #​58258
• [d56a5e40af] - buffer: use constexpr where possible (Yagiz Nizipli) #​58141
• [215587feca] - build: add support for OpenHarmony operating system (hqzing) #​58350
• [9bcef6821c] - build: fix uvwasi pkgname (Antoine du Hamel) #​58270
• [7c3883c2ae] - build: search for libnode.so in multiple places (Jan Staněk) #​58213
• [3f954accb3] - build: fix pointer compression builds (Joyee Cheung) #​58171
• [04c8f59f84] - build: use FILE_OFFSET_BITS=64 esp. on 32-bit arch (RafaelGSS) #​58090
• [8c2cf3a372] - build: use //third_party/simdutf by default in GN (Shelley Vohr) #​58115
• [cff8006792] - child_process: give names to ChildProcess functions (Livia Medeiros) #​58370
• [6816d779b6] - child_process: give names to promisified exec() and execFile() (LiviaMedeiros) #​57916
• [5572cecca4] - crypto: expose crypto.constants.OPENSSL_IS_BORINGSSL (Shelley Vohr) #​58387
• [d6aa02889c] - deps: use proper C standard when building libuv (Yaksh Bariya) #​58587
• [375a6413d5] - deps: update simdjson to 3.12.3 (Node.js GitHub Bot) #​57682
• [e0cd138e52] - deps: update googletest to e9092b1 (Node.js GitHub Bot) #​58565
• [31e592631f] - deps: update corepack to 0.33.0 (Node.js GitHub Bot) #​58566
• [386c24260b] - deps: update sqlite to 3.50.0 (Node.js GitHub Bot) #​58272
• [f84998d40b] - deps: update OpenSSL gen container to Ubuntu 22.04 (Michaël Zasso) #​58432
• [d49fd29859] - deps: update llhttp to 9.3.0 (Fedor Indutny) #​58144
• [e397980a1a] - deps: update libuv to 1.51.0 (Node.js GitHub Bot) #​58124
• [a28c33645c] - dns: fix dns query cache implementation (Ethan Arrowood) #​58404
• [6939b0c624] - doc: fix the order of process.md sections (Allon Murienik) #​58403
• [1ca253c363] - doc: add support link for panva (Filip Skokan) #​58591
• [8319edbcf6] - doc: update metadata for _transformState deprecation (James M Snell) #​58530
• [697d258136] - doc: deprecate passing an empty string to options.shell (Antoine du Hamel) #​58564
• [132fc804e8] - doc: correct formatting of example definitions for --test-shard (Jacob Smith) #​58571
• [7d0df646f6] - doc: clarify DEP0194 scope (Antoine du Hamel) #​58504
• [1e6d7da0ce] - doc: deprecate HTTP/2 priority signaling (Matteo Collina) #​58313
• [5a917bc1d0] - doc: explain child_process code and signal null values everywhere (Darshan Sen) #​58479
• [2bdc87cd64] - doc: update git node release example (Antoine du Hamel) #​58475
• [28f9b43186] - doc: add missing options.info for ZstdOptions (Jimmy Leung) #​58360
• [e19496dfc1] - doc: add missing options.info for BrotliOptions (Jimmy Leung) #​58359
• [7f905863db] - doc: clarify x509.checkIssued only checks metadata (Filip Skokan) #​58457
• [5cc97df637] - doc: add links to parent class for node:zlib classes (Antoine du Hamel) #​58433
• [36e0d5539b] - doc: remove remaining uses of @@​wellknown syntax (René) #​58413
• [2f36f8e863] - doc: clarify behavior of --watch-path and --watch flags (Juan Ignacio ...

v18.0.34

Update dependency npm to v11.4.2

Notable changes

• f2d6947 #​8345 move warning to new line when npm init is canceled (@​mbtools)
• e758dd7 #​8318 powershell: multiple Invoke-Expression fixes (#​8318) (@​alexsch01)
• 7233cb3 #​8355 remove deprecated section related temp files (#​8355) (@​milaninfy)
• fb7a498 #​8351 clarify shell used for script (#​8351) (@​milaninfy)
• 8b55d38 #​8329 Rename "command" to "script" (#​8329) (@​DanKaplanSES)
• 7b05420 #​8358 [email protected]
• e1a3b23 #​8358 [email protected]
• 522efa2 #​8358 [email protected]
• 7a0723f #​8358 [email protected]
• 9a342a4 #​8358 [email protected]
• e691ba0 #​8358 @sigstore/[email protected]
• 42ef765 #​8358 [email protected]
• 774c0b1 #​8358 @npmcli/[email protected]
• dda6f87 #​8317 @npmcli/[email protected]
• bc08ac7 #​8317 remove normalize-package-data
• 0ad1444 #​8358 dev dependency updates (@​wraithgar)
• workspace: @npmcli/[email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]

npm/cli (npm)

v11.4.2

Compare Source

Bug Fixes

• f2d6947 #​8345 move warning to new line when npm init is canceled (@​mbtools)
• e758dd7 #​8318 powershell: multiple Invoke-Expression fixes (#​8318) (@​alexsch01)

Documentation

• 7233cb3 #​8355 remove deprecated section related temp files (#​8355) (@​milaninfy)
• fb7a498 #​8351 clarify shell used for script (#​8351) (@​milaninfy)
• 8b55d38 #​8329 Rename "command" to "script" (#​8329) (@​DanKaplanSES)

Dependencies

• 7b05420 #​8358 [email protected]
• e1a3b23 #​8358 [email protected]
• 522efa2 #​8358 [email protected]
• 7a0723f #​8358 [email protected]
• 9a342a4 #​8358 [email protected]
• e691ba0 #​8358 @sigstore/[email protected]
• 42ef765 #​8358 [email protected]
• 774c0b1 #​8358 @npmcli/[email protected]
• dda6f87 #​8317 @npmcli/[email protected]
• bc08ac7 #​8317 remove normalize-package-data

Chores

• 0ad1444 #​8358 dev dependency updates (@​wraithgar)
• workspace: @npmcli/[email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]
• workspace: [email protected]

List of commits

8eb4350 (Update dependency npm to v11.4.2, 2025-06-12)