nodejs:24 security update
エラータID: AXSA:2026-449:01
リリース日:
2026/04/17 Friday - 21:09
題名:
nodejs:24 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- undici には、重複した Content-Length ヘッダーを許容してしまう
問題があるため、リモートの攻撃者により、HTTP リクエストスマグ
リング攻撃やサービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-1525)
- undici の WebSocket クライアントの permessage-deflate 拡張機能
の実装には、リソースの制限を実施していない問題があるため、リモート
の攻撃者により、サービス拒否攻撃 (リソース枯渇) を可能とする脆弱性
が存在します。(CVE-2026-1526)
- undici の client.request() には、upgrade オプションで渡された
値をサニタイズせずに利用している問題があるため、リモートの攻撃者
により、情報の漏洩やデータ破壊を可能とする脆弱性が存在します。
(CVE-2026-1527)
- undici の WebSocket クライアントの ByteParser には、演算処理で
オーバーフローが発生する問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-1528)
- Node.js の TLS 処理スタックの pskCallback または ALPNCallback
を用いたエラーハンドラには、ファイルディスクリプタをリークさせて
しまう問題があるため、リモートの攻撃者により、サービス拒否攻撃
(TLS サーバーのクラッシュの発生、リソースの枯渇) を可能とする
脆弱性が存在します。(CVE-2026-21637)
- Node.js の HTTP リクエストのハンドリング処理には、"__proto__"
という名前のヘッダーの扱いが不適切である問題があるため、リモート
の攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-21710)
- Node.js の Permission Model には、Unix Domain Socket (UDS)
サーバーによる操作に対する権限チェックが不足している問題があるため、
ローカルの攻撃者により、情報の漏洩、およびデータ破壊を可能とする
脆弱性が存在します。(CVE-2026-21711)
- Node.js の url.format() には、無効な文字を含む IDN が渡された
際にアサーションに失敗する問題があるため、リモートの攻撃者により、
サービス拒否攻撃を可能とする脆弱性が存在します。(CVE-2026-21712)
- Node.js の HMAC の検証処理には、リモートの攻撃者により、
タイミング攻撃を可能とする脆弱性が存在します。(CVE-2026-21713)
- Node.js の HTTP/2 サーバーの実装には、メモリ領域の解放処理が
欠落しているため、リモートの攻撃者により、サービス拒否攻撃を可能
とする脆弱性が存在します。(CVE-2026-21714)
- Node.js の Permission Model には、fs.realpathSync.native() に
よる操作に対する権限チェックが不足している問題があるため、ローカル
の攻撃者により、情報の漏洩を可能とする脆弱性が存在します。
(CVE-2026-21715)
- Node.js には、CVE-2024-36137 の修正が不十分な問題があるため、
ローカルの攻撃者により、ファイルのパーミッションや所有者の変更を
可能とする脆弱性が存在します。(CVE-2026-21716)
- V8 エンジンの文字列のハッシュ化処理には、ハッシュの衝突を容易
に引き起こすことができる問題があるため、リモートの攻撃者により、
Node.js プロセスにおけるサービス拒否攻撃 (パフォーマンスの低下)
を可能とする脆弱性が存在します。(CVE-2026-21717)
- undici の WebSocket クライアントの permessage-deflate 拡張機能
の実装には、server_max_window_bits パラメーターの検証が不適切で
ある問題があるため、リモートの攻撃者により、サービス拒否攻撃を
可能とする脆弱性が存在します。(CVE-2026-2229)
- @isaacs/brace-expansion のブレース展開処理には、範囲指定や
組み合わせ数に制限を設けていない問題があるため、リモートの攻撃者
により、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2026-25547)
- undici の DeduplicationHandler には、リソースの制限を実施して
いない問題があるため、リモートの攻撃者により、サービス拒否攻撃
(リソース枯渇) を可能とする脆弱性が存在します。(CVE-2026-2581)
- minimatch には、正規表現の不備に起因して意図せずリソースを消費
してしまう問題があるため、リモートの攻撃者により、多数の連続した
ワイルドカード文字 (*) などを含むように細工された正規表現の入力
を介して、正規表現サービス拒否攻撃 (CPU リソース枯渇) を可能と
する脆弱性が存在します。(CVE-2026-26996)
- nghttp2 には、内部状態の検証処理が不十分である問題があるため、
リモートの攻撃者により、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2026-27135)
Modularity name: nodejs
Stream name: 24
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2026-1525
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: * Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays * Applications that accept user-controlled header names without case-normalization Potential consequences: * Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request) * HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking
Undici allows duplicate HTTP Content-Length headers when they are provided in an array with case-variant names (e.g., Content-Length and content-length). This produces malformed HTTP/1.1 requests with multiple conflicting Content-Length values on the wire. Who is impacted: * Applications using undici.request(), undici.Client, or similar low-level APIs with headers passed as flat arrays * Applications that accept user-controlled header names without case-normalization Potential consequences: * Denial of Service: Strict HTTP parsers (proxies, servers) will reject requests with duplicate Content-Length headers (400 Bad Request) * HTTP Request Smuggling: In deployments where an intermediary and backend interpret duplicate headers inconsistently (e.g., one uses the first value, the other uses the last), this can enable request smuggling attacks leading to ACL bypass, cache poisoning, or credential hijacking
CVE-2026-1526
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a "decompression bomb") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive. The vulnerability exists in the PerMessageDeflate.decompress() method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.
The undici WebSocket client is vulnerable to a denial-of-service attack via unbounded memory consumption during permessage-deflate decompression. When a WebSocket connection negotiates the permessage-deflate extension, the client decompresses incoming compressed frames without enforcing any limit on the decompressed data size. A malicious WebSocket server can send a small compressed frame (a "decompression bomb") that expands to an extremely large size in memory, causing the Node.js process to exhaust available memory and crash or become unresponsive. The vulnerability exists in the PerMessageDeflate.decompress() method, which accumulates all decompressed chunks in memory and concatenates them into a single Buffer without checking whether the total size exceeds a safe threshold.
CVE-2026-1527
ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch) The vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters: // lib/dispatcher/client-h1.js:1121 if (upgrade) { header += `connection: upgrade\r\nupgrade: ${upgrade}\r\n` }
ImpactWhen an application passes user-controlled input to the upgrade option of client.request(), an attacker can inject CRLF sequences (\r\n) to: * Inject arbitrary HTTP headers * Terminate the HTTP request prematurely and smuggle raw data to non-HTTP services (Redis, Memcached, Elasticsearch) The vulnerability exists because undici writes the upgrade value directly to the socket without validating for invalid header characters: // lib/dispatcher/client-h1.js:1121 if (upgrade) { header += `connection: upgrade\r\nupgrade: ${upgrade}\r\n` }
CVE-2026-1528
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
ImpactA server can reply with a WebSocket frame using the 64-bit length form and an extremely large length. undici's ByteParser overflows internal math, ends up in an invalid state, and throws a fatal TypeError that terminates the process. Patches Patched in the undici version v7.24.0 and v6.24.0. Users should upgrade to this version or later.
CVE-2026-21637
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.
A flaw in Node.js TLS error handling allows remote attackers to crash or exhaust resources of a TLS server when `pskCallback` or `ALPNCallback` are in use. Synchronous exceptions thrown during these callbacks bypass standard TLS error handling paths (tlsClientError and error), causing either immediate process termination or silent file descriptor leaks that eventually lead to denial of service. Because these callbacks process attacker-controlled input during the TLS handshake, a remote client can repeatedly trigger the issue. This vulnerability affects TLS servers using PSK or ALPN callbacks across Node.js versions where these callbacks throw without being safely wrapped.
CVE-2026-21710
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**
A flaw in Node.js HTTP request handling causes an uncaught `TypeError` when a request is received with a header named `__proto__` and the application accesses `req.headersDistinct`. When this occurs, `dest["__proto__"]` resolves to `Object.prototype` rather than `undefined`, causing `.push()` to be called on a non-array. This exception is thrown synchronously inside a property getter and cannot be intercepted by `error` event listeners, meaning it cannot be handled without wrapping every `req.headersDistinct` access in a `try/catch`. * This vulnerability affects all Node.js HTTP servers on **20.x, 22.x, 24.x, and v25.x**
CVE-2026-21711
A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
A flaw in Node.js Permission Model network enforcement leaves Unix Domain Socket (UDS) server operations without the required permission checks, while all comparable network paths correctly enforce them. As a result, code running under `--permission` without `--allow-net` can create and expose local IPC endpoints, allowing communication with other processes on the same host outside of the intended network restriction boundary. This vulnerability affects Node.js **25.x** processes using the Permission Model where `--allow-net` is intentionally omitted to restrict network access. Note that `--allow-net` is currently an experimental feature.
CVE-2026-21712
A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.
A flaw in Node.js URL processing causes an assertion failure in native code when `url.format()` is called with a malformed internationalized domain name (IDN) containing invalid characters, crashing the Node.js process.
CVE-2026-21713
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values. Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior could be exploited as a timing oracle to infer HMAC values. Node.js already provides timing-safe comparison primitives used elsewhere in the codebase, indicating this is an oversight rather than an intentional design decision. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
CVE-2026-21714
A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.
A memory leak occurs in Node.js HTTP/2 servers when a client sends WINDOW_UPDATE frames on stream 0 (connection-level) that cause the flow control window to exceed the maximum value of 2³¹-1. The server correctly sends a GOAWAY frame, but the Http2Session object is never cleaned up. This vulnerability affects HTTP2 users on Node.js 20, 22, 24 and 25.
CVE-2026-21715
A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.
A flaw in Node.js Permission Model filesystem enforcement leaves `fs.realpathSync.native()` without the required read permission checks, while all comparable filesystem functions correctly enforce them. As a result, code running under `--permission` with restricted `--allow-fs-read` can still use `fs.realpathSync.native()` to check file existence, resolve symlink targets, and enumerate filesystem paths outside of permitted directories. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-read` is intentionally restricted.
CVE-2026-21716
An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched. As a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.
An incomplete fix for CVE-2024-36137 leaves `FileHandle.chmod()` and `FileHandle.chown()` in the promises API without the required permission checks, while their callback-based equivalents (`fs.fchmod()`, `fs.fchown()`) were correctly patched. As a result, code running under `--permission` with restricted `--allow-fs-write` can still use promise-based `FileHandle` methods to modify file permissions and ownership on already-open file descriptors, bypassing the intended write restrictions. This vulnerability affects **20.x, 22.x, 24.x, and 25.x** processes using the Permission Model where `--allow-fs-write` is intentionally restricted.
CVE-2026-21717
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
A flaw in V8's string hashing mechanism causes integer-like strings to be hashed to their numeric value, making hash collisions trivially predictable. By crafting a request that causes many such collisions in V8's internal string table, an attacker can significantly degrade performance of the Node.js process. The most common trigger is any endpoint that calls `JSON.parse()` on attacker-controlled input, as JSON parsing automatically internalizes short strings into the affected hash table. This vulnerability affects **20.x, 22.x, 24.x, and 25.x**.
CVE-2026-2229
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination. The vulnerability exists because: * The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15 * The createInflateRaw() call is not wrapped in a try-catch block * The resulting exception propagates up through the call stack and crashes the Node.js process
ImpactThe undici WebSocket client is vulnerable to a denial-of-service attack due to improper validation of the server_max_window_bits parameter in the permessage-deflate extension. When a WebSocket client connects to a server, it automatically advertises support for permessage-deflate compression. A malicious server can respond with an out-of-range server_max_window_bits value (outside zlib's valid range of 8-15). When the server subsequently sends a compressed frame, the client attempts to create a zlib InflateRaw instance with the invalid windowBits value, causing a synchronous RangeError exception that is not caught, resulting in immediate process termination. The vulnerability exists because: * The isValidClientWindowBits() function only validates that the value contains ASCII digits, not that it falls within the valid range 8-15 * The createInflateRaw() call is not wrapped in a try-catch block * The resulting exception propagates up through the call stack and crashes the Node.js process
CVE-2026-25547
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
@isaacs/brace-expansion is a hybrid CJS/ESM TypeScript fork of brace-expansion. Prior to version 5.0.1, @isaacs/brace-expansion is vulnerable to a denial of service (DoS) issue caused by unbounded brace range expansion. When an attacker provides a pattern containing repeated numeric brace ranges, the library attempts to eagerly generate every possible combination synchronously. Because the expansion grows exponentially, even a small input can consume excessive CPU and memory and may crash the Node.js process. This issue has been patched in version 5.0.1.
CVE-2026-2581
This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination. Impacted users are applications that use Undici’s deduplication interceptor against endpoints that may produce large or long-lived response bodies. PatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started. Users should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.
This is an uncontrolled resource consumption vulnerability (CWE-400) that can lead to Denial of Service (DoS). In vulnerable Undici versions, when interceptors.deduplicate() is enabled, response data for deduplicated requests could be accumulated in memory for downstream handlers. An attacker-controlled or untrusted upstream endpoint can exploit this with large/chunked responses and concurrent identical requests, causing high memory usage and potential OOM process termination. Impacted users are applications that use Undici’s deduplication interceptor against endpoints that may produce large or long-lived response bodies. PatchesThe issue has been patched by changing deduplication behavior to stream response chunks to downstream handlers as they arrive (instead of full-body accumulation), and by preventing late deduplication when body streaming has already started. Users should upgrade to the first official Undici (and Node.js, where applicable) releases that include this patch.
CVE-2026-26996
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.
minimatch is a minimal matching utility for converting glob expressions into JavaScript RegExp objects. Versions 10.2.0 and below are vulnerable to Regular Expression Denial of Service (ReDoS) when a glob pattern contains many consecutive * wildcards followed by a literal character that doesn't appear in the test string. Each * compiles to a separate [^/]*? regex group, and when the match fails, V8's regex engine backtracks exponentially across all possible splits. The time complexity is O(4^N) where N is the number of * characters. With N=15, a single minimatch() call takes ~2 seconds. With N=34, it hangs effectively forever. Any application that passes user-controlled strings to minimatch() as the pattern argument is vulnerable to DoS. This issue has been fixed in version 10.2.1.
CVE-2026-27135
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. Prior to version 1.68.1, the nghttp2 library stops reading the incoming data when user facing public API `nghttp2_session_terminate_session` or `nghttp2_session_terminate_session2` is called by the application. They might be called internally by the library when it detects the situation that is subject to connection error. Due to the missing internal state validation, the library keeps reading the rest of the data after one of those APIs is called. Then receiving a malformed frame that causes FRAME_SIZE_ERROR causes assertion failure. nghttp2 v1.68.1 adds missing state validation to avoid assertion failure. No known workarounds are available.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-3.0.3-3.module+el9+1141+204477bf.src.rpm
MD5: 28678c8fba770450f08cd882a86285e8
SHA-256: 93d2050265f1133790c0a1f6c2d8f06edf419af49116b5c5306373f570819945
Size: 858.61 kB - nodejs-packaging-2021.06-6.module+el9+1141+204477bf.src.rpm
MD5: 6024293a2d331a6bb0ef1f13d7be7c23
SHA-256: e5bdb303d10bb729de7d6c939f0ed90210ae9f4d88d2d4a71155941135a8caae
Size: 25.41 kB - nodejs-24.14.1-2.module+el9+1141+204477bf.src.rpm
MD5: 546c03fe33cf48dc5fae4e4a66d8042c
SHA-256: 1638b485754da643e6e8b7ce4944b01615f76ce2234f9b27981445b6416505cf
Size: 97.56 MB
Asianux Server 9 for x86_64
- nodejs-24.14.1-2.module+el9+1141+204477bf.x86_64.rpm
MD5: a822f742413a948f1334f4d418fa328e
SHA-256: a4ef1a8e85e16c6bc2fc5a0e48b74b881563cbec9efe658dba647f7adc51412f
Size: 67.02 kB - nodejs-debugsource-24.14.1-2.module+el9+1141+204477bf.x86_64.rpm
MD5: 2e8557c106754bcac6296ca68595fd00
SHA-256: 5a362b97429360ae4b1af6e66c87102a135a3384c99c95f1892bf5af21ba6ec0
Size: 19.19 MB - nodejs-devel-24.14.1-2.module+el9+1141+204477bf.x86_64.rpm
MD5: 7dc326bfadbfb8a392aadbf814b08fb6
SHA-256: a6791f128aafa491628fe7a3294285fd71341acf61cc2df86ca9aaa955e1e8e9
Size: 332.86 kB - nodejs-docs-24.14.1-2.module+el9+1141+204477bf.noarch.rpm
MD5: 8b07af427d965c880f45b5d4bde380c4
SHA-256: 30ec736acbce65eb81702db62f081545fe282efee107469aa5bbe71dad23be79
Size: 4.97 MB - nodejs-full-i18n-24.14.1-2.module+el9+1141+204477bf.x86_64.rpm
MD5: 997c9e862c9012c564c5c68a8dd5ac13
SHA-256: 7214c8212ad209ed3b2a7d778b1f6ceea80052671aacd71a3bc8cb0a320717a1
Size: 8.87 MB - nodejs-libs-24.14.1-2.module+el9+1141+204477bf.x86_64.rpm
MD5: 3cc54a9e325eb423af839e97567e373a
SHA-256: 170ce515e6aaf3011cfe7b0228fe7875f5acc515c10d0c608ca9d31c9409bd74
Size: 18.20 MB - nodejs-nodemon-3.0.3-3.module+el9+1141+204477bf.noarch.rpm
MD5: f8389ac3ace4e94a2faefdffc9a51bbf
SHA-256: c44dd6ce62ae48d9b87a4bd6c39af40dda77dd63591d67bb5c9aeaa715a21d57
Size: 584.87 kB - nodejs-packaging-2021.06-6.module+el9+1141+204477bf.noarch.rpm
MD5: 07104af87b463dfc994e9b0c4888d0a5
SHA-256: 30b63f20359f364827cf780da05e7068475e1ac6a21fc778ac09e96bb9d3b1a1
Size: 18.66 kB - nodejs-packaging-bundler-2021.06-6.module+el9+1141+204477bf.noarch.rpm
MD5: f649a6e9de7ef6e2f8eec9a61b158b2a
SHA-256: 1e59bafcf41a5dcc297584f30e704e8d8f879138c6747c77e998e5ea1879210c
Size: 8.47 kB - npm-11.11.0-1.24.14.1.2.module+el9+1141+204477bf.noarch.rpm
MD5: d000400730240facdb491cf02e1808a5
SHA-256: 021a04b4db483ea9e02d5dff2e77dc5a7c41d04408b81dae877c2659a8a9d7a6
Size: 2.21 MB - v8-13.6-devel-13.6.233.17-1.24.14.1.2.module+el9+1141+204477bf.x86_64.rpm
MD5: 2874448f720abf1a085a896418b97327
SHA-256: de50e7de6398ca5945503f8f56173d86310b9afa1b87b1a725e8eafff1da2c68
Size: 33.40 kB
English