mirror of
https://github.com/asdf-vm/asdf-nodejs.git
synced 2024-10-06 07:42:08 +08:00
c213d9c20e
Please refer to [Verifying Node.js Binaries](https://blog.continuation.io/verifying-node-js-binaries/) for why this is important. Related to: https://github.com/asdf-vm/asdf/issues/158 Mitigates: https://github.com/nodejs/node/issues/9859 Mitigates: https://github.com/nodejs/node/issues/6821 Implementing this feature required some rework of the `install` script which is included in this PR. The following other PR are superseded/included in this one: Closes: #15 Closes: #16 Closes: #19 Note that this PR also updates the base download URL from "http://nodejs.org/dist" to "https://nodejs.org/dist" meaning that before this PR (or #16 which is not merged), binaries where downloaded over plain legacy HTTP! (those binaries where later executed by the user). This is really bad and is fairly easy to exploit! Related to: https://github.com/creationix/nvm/pull/736 Related to: https://github.com/creationix/nvm/issues/793 |
||
|---|---|---|
| .. | ||
| exec-env | ||
| get-bin-names.js | ||
| install | ||
| list-all | ||
| list-legacy-filenames | ||
| postinstall | ||