-io.js
+
+Node.js
=====
-[](https://gitter.im/iojs/io.js?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
+[](https://gitter.im/nodejs/node?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge)
This repository began as a GitHub fork of
[joyent/node](https://github.com/joyent/node).
-io.js contributions, releases, and contributorship are under an
+Node.js contributions, releases, and contributorship are under an
[open governance model](./GOVERNANCE.md).
We intend to land, with increasing regularity, releases which are
compatible with the npm ecosystem that has been built to date for
Node.js.
-## Is it io.js or IO.js or iojs or IOjs or iOjS?
-
-The official name is **io.js**, which should never be capitalized,
-especially not at the start of a sentence, unless it is being
-displayed in a location that is customarily all-caps (such as
-the title of man pages).
-
## Download
Binaries, installers, and source tarballs are available at
-<https://iojs.org>.
+<https://nodejs.org>.
-**Releases** are available at <https://iojs.org/dist/>, listed under
-their version string. The <https://iojs.org/dist/latest/> symlink
+**Releases** are available at <https://nodejs.org/dist/>, listed under
+their version string. The <https://nodejs.org/dist/latest/> symlink
will point to the latest release directory.
**Nightly** builds are available at
-<https://iojs.org/download/nightly/>, listed under their version
+<https://nodejs.org/download/nightly/>, listed under their version
string which includes their date (in UTC time) and the commit SHA at
the HEAD of the release.
**API documentation** is available in each release and nightly
-directory under _docs_. <https://iojs.org/api/> points to the the
-latest version.
+directory under _docs_. <https://nodejs.org/api/> points to the latest version.
### Verifying Binaries
it through `sha256sum` with a command such as:
```
-$ grep iojs-vx.y.z.tar.gz SHASUMS256.txt | sha256sum -c -
+$ grep node-vx.y.z.tar.gz SHASUMS256.txt | sha256sum -c -
```
-_(Where "iojs-vx.y.z.tar.gz" is the name of the file you have
+_(Where "node-vx.y.z.tar.gz" is the name of the file you have
downloaded)_
Additionally, releases (not nightlies) have GPG signed copies of
To verify a SHASUM256.txt.asc, you will first need to import all of
the GPG keys of individuals authorized to create releases. They are
-listed at the bottom of this README. Use a command such as this to
-import the keys:
+listed at the bottom of this README under [Release Team](#release-team).
+Use a command such as this to import the keys:
```
$ gpg --keyserver pool.sks-keyservers.net \
--recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
```
-_(Include each of the key fingerprints at the end of this command.)_
+_(See the bottom of this README for a full script to import active
+release keys)_
You can then use `gpg --verify SHASUMS256.txt.asc` to verify that the
-file has been signed by an authorized member of the io.js team.
+file has been signed by an authorized member of the Node.js team.
Once verified, use the SHASUMS256.txt.asc file to get the checksum for
the binary verification command above.
Prerequisites:
* `gcc` and `g++` 4.8 or newer, or
-* `clang` and `clang++` 3.3 or newer
+* `clang` and `clang++` 3.4 or newer
* Python 2.6 or 2.7
* GNU Make 3.81 or newer
* libexecinfo (FreeBSD and OpenBSD only)
To read the documentation:
```text
-$ man doc/iojs.1
+$ man doc/node.1
+```
+
+To test if Node.js was built correctly:
+
+```
+$ node -e "console.log('Hello from node.js ' + process.version)"
```
### Windows
> vcbuild test
```
+To test if Node.js was built correctly:
+
+```
+$ node -e "console.log('Hello from node.js ' + process.version)"
+```
+
+### Android / Android based devices, aka. Firefox OS
+
+Be sure you have downloaded and extracted [Android NDK]
+(https://developer.android.com/tools/sdk/ndk/index.html)
+before in a folder. Then run:
+
+```
+$ ./android-configure /path/to/your/android-ndk
+$ make
+```
+
### `Intl` (ECMA-402) support:
[Intl](https://github.com/joyent/node/wiki/Intl) support is not
> vcbuild full-icu
```
+# Building Node.js with FIPS-compliant OpenSSL
+
+NOTE: Windows is not yet supported
+
+It is possible to build Node.js with
+[OpenSSL FIPS module](https://www.openssl.org/docs/fips/fipsnotes.html).
+
+**Note** that building in this way does **not** allow you to
+claim that the runtime is FIPS 140-2 validated. Instead you
+can indicate that the runtime uses a validated module. See
+the [security policy]
+(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
+page 60 for more details. In addition, the validation for
+the underlying module is only valid if it is deployed in
+accordance with its [security policy]
+(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
+If you need FIPS validated cryptography it is recommended that you
+read both the [security policy]
+(http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
+and [user guide] (https://openssl.org/docs/fips/UserGuide-2.0.pdf).
+
+Instructions:
+
+1. Obtain a copy of openssl-fips-x.x.x.tar.gz.
+ To comply with the security policy you must ensure the path
+ through which you get the file complies with the requirements
+ for a "secure intallation" as described in section 6.6 in
+ the [user guide] (https://openssl.org/docs/fips/UserGuide-2.0.pdf).
+ For evaluation/experimentation you can simply download and verify
+ `openssl-fips-x.x.x.tar.gz` from https://www.openssl.org/source/
+2. Extract source to `openssl-fips` folder and `cd openssl-fips`
+3. `./config`
+4. `make`
+5. `make install`
+ (NOTE: to comply with the security policy you must use the exact
+ commands in steps 3-5 without any additional options as per
+ Appendix A in the [security policy]
+ (http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
+ The only exception is that `./config no-asm` can be
+ used in place of `./config` )
+6. Get into Node.js checkout folder
+7. `./configure --openssl-fips=/path/to/openssl-fips/installdir`
+ For example on ubuntu 12 the installation directory was
+ /usr/local/ssl/fips-2.0
+8. Build Node.js with `make -j`
+9. Verify with `node -p "process.versions.openssl"` (`1.0.2a-fips`)
+
## Resources for Newcomers
* [CONTRIBUTING.md](./CONTRIBUTING.md)
* [GOVERNANCE.md](./GOVERNANCE.md)
* IRC:
[#io.js on Freenode.net](http://webchat.freenode.net?channels=io.js&uio=d4)
-* [iojs/io.js on Gitter](https://gitter.im/iojs/io.js)
+* [nodejs/node on Gitter](https://gitter.im/nodejs/node)
+
+## Security
+All security bugs in node.js are taken seriously and should be reported by
+emailing security@nodejs.org. This will be delivered to a subset of the project
+team who handle security issues. Please don't disclose security bugs
+public until they have been handled by the security team.
+Your email will be acknowledged within 24 hours, and you’ll receive a more
+detailed response to your email within 48 hours indicating the next steps in
+handling your report.
## Current Project Team Members
-The io.js project team comprises a group of core collaborators and a sub-group
-that forms the _Technical Committee_ (TC) which governs the project. For more
-information about the governance of the io.js project, see
+The Node.js project team comprises a group of core collaborators and a sub-group
+that forms the _Technical Steering Committee_ (TSC) which governs the project. For more
+information about the governance of the Node.js project, see
[GOVERNANCE.md](./GOVERNANCE.md).
-* **Isaac Z. Schlueter** ([@isaacs](https://github.com/isaacs)) <i@izs.me> (Technical Committee)
-* **Ben Noordhuis** ([@bnoordhuis](https://github.com/bnoordhuis)) <info@bnoordhuis.nl> (Technical Committee)
-* **Bert Belder** ([@piscisaureus](https://github.com/piscisaureus)) <bertbelder@gmail.com> (Technical Committee)
-* **Fedor Indutny** ([@indutny](https://github.com/indutny)) <fedor.indutny@gmail.com> (Technical Committee)
-* **Trevor Norris** ([@trevnorris](https://github.com/trevnorris)) <trev.norris@gmail.com> (Technical Committee)
-* **Chris Dickinson** ([@chrisdickinson](https://github.com/chrisdickinson)) <christopher.s.dickinson@gmail.com> (Technical Committee)
-<br>Release GPG key: 9554F04D7259F04124DE6B476D5A82AC7E37093B
-* **Colin Ihrig** ([@cjihrig](https://github.com/cjihrig)) <cjihrig@gmail.com> (Technical Committee)
-* **Mikeal Rogers** ([@mikeal](https://github.com/mikeal)) <mikeal.rogers@gmail.com>
-* **Rod Vagg** ([@rvagg](https://github.com/rvagg)) <rod@vagg.org>
-<br>Release GPG key: DD8F2338BAE7501E3DD5AC78C273792F7D83545D
-* **Thorsten Lorenz** ([@thlorenz](https://github.com/thlorenz)) <thlorenz@gmx.de>
-* **Stephen Belanger** ([@qard](https://github.com/qard)) <admin@stephenbelanger.com>
-* **Jeremiah Senkpiel** ([@fishrock123](https://github.com/fishrock123)) <fishrock123@rocketmail.com>
-* **Evan Lucas** ([@evanlucas](https://github.com/evanlucas)) <evanlucas@me.com>
-* **Brendan Ashworth** ([@brendanashworth](https://github.com/brendanashworth)) <brendan.ashworth@me.com>
-* **Vladimir Kurchatkin** ([@vkurchatkin](https://github.com/vkurchatkin)) <vladimir.kurchatkin@gmail.com>
-* **Nikolai Vavilov** ([@seishun](https://github.com/seishun)) <vvnicholas@gmail.com>
-* **Nicu Micleușanu** ([@micnic](https://github.com/micnic)) <micnic90@gmail.com>
-* **Aleksey Smolenchuk** ([@lxe](https://github.com/lxe)) <lxe@lxe.co>
-* **Shigeki Ohtsu** ([@shigeki](https://github.com/shigeki)) <ohtsu@iij.ad.jp>
-* **Sam Roberts** ([@sam-github](https://github.com/sam-github)) <vieuxtech@gmail.com>
-* **Wyatt Preul** ([@geek](https://github.com/geek)) <wpreul@gmail.com>
-* **Brian White** ([@mscdex](https://github.com/mscdex)) <mscdex@mscdex.net>
-* **Christian Vaagland Tellnes** ([@tellnes](https://github.com/tellnes)) <christian@tellnes.com>
-* **Robert Kowalski** ([@robertkowalski](https://github.com/robertkowalski)) <rok@kowalski.gd>
-* **Julian Duque** ([@julianduque](https://github.com/julianduque)) <julianduquej@gmail.com>
-
-Collaborators follow the [COLLABORATOR_GUIDE.md](./COLLABORATOR_GUIDE.md) in
-maintaining the io.js project.
+### TSC (Technical Steering Committee)
+
+* [bnoordhuis](https://github.com/bnoordhuis) - **Ben Noordhuis** <info@bnoordhuis.nl>
+* [chrisdickinson](https://github.com/chrisdickinson) - **Chris Dickinson** <christopher.s.dickinson@gmail.com>
+* [cjihrig](https://github.com/cjihrig) - **Colin Ihrig** <cjihrig@gmail.com>
+* [fishrock123](https://github.com/fishrock123) - **Jeremiah Senkpiel** <fishrock123@rocketmail.com>
+* [indutny](https://github.com/indutny) - **Fedor Indutny** <fedor.indutny@gmail.com>
+* [jasnell](https://github.com/jasnell) - **James M Snell** <jasnell@gmail.com>
+* [mhdawson](https://github.com/mhdawson) - **Michael Dawson** <michael_dawson@ca.ibm.com>
+* [misterdjules](https://github.com/misterdjules) - **Julien Gilli** <jgilli@nodejs.org>
+* [mscdex](https://github.com/mscdex) - **Brian White** <mscdex@mscdex.net>
+* [orangemocha](https://github.com/orangemocha) - **Alexis Campailla** <orangemocha@nodejs.org>
+* [piscisaureus](https://github.com/piscisaureus) - **Bert Belder** <bertbelder@gmail.com>
+* [rvagg](https://github.com/rvagg) - **Rod Vagg** <rod@vagg.org>
+* [shigeki](https://github.com/shigeki) - **Shigeki Ohtsu** <ohtsu@iij.ad.jp>
+* [srl295](https://github.com/srl295) - **Steven R Loomis** <srloomis@us.ibm.com>
+* [trevnorris](https://github.com/trevnorris) - **Trevor Norris** <trev.norris@gmail.com>
+
+### Collaborators
+
+* [brendanashworth](https://github.com/brendanashworth) - **Brendan Ashworth** <brendan.ashworth@me.com>
+* [ChALkeR](https://github.com/ChALkeR) - **Сковорода Никита Андреевич** <chalkerx@gmail.com>
+* [domenic](https://github.com/domenic) - **Domenic Denicola** <d@domenic.me>
+* [evanlucas](https://github.com/evanlucas) - **Evan Lucas** <evanlucas@me.com>
+* [geek](https://github.com/geek) - **Wyatt Preul** <wpreul@gmail.com>
+* [isaacs](https://github.com/isaacs) - **Isaac Z. Schlueter** <i@izs.me>
+* [jbergstroem](https://github.com/jbergstroem) - **Johan Bergström** <bugs@bergstroem.nu>
+* [joaocgreis](https://github.com/joaocgreis) - **João Reis** <reis@janeasystems.com>
+* [julianduque](https://github.com/julianduque) - **Julian Duque** <julianduquej@gmail.com>
+* [lxe](https://github.com/lxe) - **Aleksey Smolenchuk** <lxe@lxe.co>
+* [micnic](https://github.com/micnic) - **Nicu Micleușanu** <micnic90@gmail.com>
+* [mikeal](https://github.com/mikeal) - **Mikeal Rogers** <mikeal.rogers@gmail.com>
+* [monsanto](https://github.com/monsanto) - **Christopher Monsanto** <chris@monsan.to>
+* [ofrobots](https://github.com/ofrobots) - **Ali Ijaz Sheikh** <ofrobots@google.com>
+* [Olegas](https://github.com/Olegas) - **Oleg Elifantiev** <oleg@elifantiev.ru>
+* [petkaantonov](https://github.com/petkaantonov) - **Petka Antonov** <petka_antonov@hotmail.com>
+* [qard](https://github.com/qard) - **Stephen Belanger** <admin@stephenbelanger.com>
+* [rlidwka](https://github.com/rlidwka) - **Alex Kocharin** <alex@kocharin.ru>
+* [robertkowalski](https://github.com/robertkowalski) - **Robert Kowalski** <rok@kowalski.gd>
+* [sam-github](https://github.com/sam-github) - **Sam Roberts** <vieuxtech@gmail.com>
+* [seishun](https://github.com/seishun) - **Nikolai Vavilov** <vvnicholas@gmail.com>
+* [silverwind](https://github.com/silverwind) - **Roman Reiss** <me@silverwind.io>
+* [targos](https://github.com/targos) - **Michaël Zasso** <mic.besace@gmail.com>
+* [tellnes](https://github.com/tellnes) - **Christian Tellnes** <christian@tellnes.no>
+* [thefourtheye](https://github.com/thefourtheye) - **Sakthipriyan Vairamani** <thechargingvolcano@gmail.com>
+* [thlorenz](https://github.com/thlorenz) - **Thorsten Lorenz** <thlorenz@gmx.de>
+* [Trott](https://github.com/Trott) - **Rich Trott** <rtrott@gmail.com>
+* [vkurchatkin](https://github.com/vkurchatkin) - **Vladimir Kurchatkin** <vladimir.kurchatkin@gmail.com>
+* [yosuke-furukawa](https://github.com/yosuke-furukawa) - **Yosuke Furukawa** <yosuke.furukawa@gmail.com>
+
+Collaborators & TSC members follow the [COLLABORATOR_GUIDE.md](./COLLABORATOR_GUIDE.md) in
+maintaining the Node.js project.
+
+### Release Team
+
+Releases of Node.js and io.js will be signed with one of the following GPG keys:
+
+* **Chris Dickinson** <christopher.s.dickinson@gmail.com>: `9554F04D7259F04124DE6B476D5A82AC7E37093B`
+* **Colin Ihrig** <cjihrig@gmail.com> `94AE36675C464D64BAFA68DD7434390BDBE9B9C5`
+* **Sam Roberts** <octetcloud@keybase.io> `0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93`
+* **Jeremiah Senkpiel** <fishrock@keybase.io> `FD3A5288F042B6850C66B31F09FE44734EB7990E`
+* **James M Snell** <jasnell@keybase.io> `71DCFD284A79C3B38668286BC97EC7A07EDE3FC1`
+* **Rod Vagg** <rod@vagg.org> `DD8F2338BAE7501E3DD5AC78C273792F7D83545D`
+
+The full set of trusted release keys can be imported by running:
+
+```
+gpg --keyserver pool.sks-keyservers.net --recv-keys 9554F04D7259F04124DE6B476D5A82AC7E37093B
+gpg --keyserver pool.sks-keyservers.net --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5
+gpg --keyserver pool.sks-keyservers.net --recv-keys 0034A06D9D9B0064CE8ADF6BF1747F4AD2306D93
+gpg --keyserver pool.sks-keyservers.net --recv-keys FD3A5288F042B6850C66B31F09FE44734EB7990E
+gpg --keyserver pool.sks-keyservers.net --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1
+gpg --keyserver pool.sks-keyservers.net --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
+```
+
+See the section above on [Verifying Binaries](#verifying-binaries) for
+details on what to do with these keys to verify a downloaded file is official.
+
+Previous releases of Node.js have been signed with one of the following GPG
+keys:
+
+* Julien Gilli <jgilli@fastmail.fm> `114F43EE0176B71C7BC219DD50A3051F888C628D`
+* Timothy J Fontaine <tjfontaine@gmail.com> `7937DFD2AB06298B2293C3187D33FF9D0246406D`
+* Isaac Z. Schlueter <i@izs.me> `93C7E9E91B49E432C2F75674B0A78B0A6C481CF6`
projects / platform / upstream / nodejs.git / blobdiff