src: disambiguate terms used to refer to builtins and addons The term "native module" dates back to some of the oldest code in the code base. Within the context of Node.js core it usually refers to modules that are native to Node.js (e.g. fs, http), but it can cause confusion for people who don't work on this part of the code base, as "native module" can also refer to native addons - which is even the case in some of the API docs and error messages. This patch tries to make the usage of these terms more consistent. Now within the context of Node.js core: - JavaScript scripts that are built-in to Node.js are now referred to as "built-in(s)". If they are available as modules, they can also be referred to as "built-in module(s)". - Dynamically-linked shared objects that are loaded into the Node.js processes are referred to as "addons". We will try to avoid using the term "native modules" because it could be ambiguous. Changes in this patch: File names: - node_native_module.h -> node_builtins.h, - node_native_module.cc -> node_builtins.cc C++ binding names: - `native_module` -> `builtins` `node::Environment`: - `native_modules_without_cache` -> `builtins_without_cache` - `native_modules_with_cache` -> `builtins_with_cache` - `native_modules_in_snapshot` -> `builtins_in_cache` - `native_module_require` -> `builtin_module_require` `node::EnvSerializeInfo`: - `native_modules` -> `builtins `node::native_module::NativeModuleLoader`: - `native_module` namespace -> `builtins` namespace - `NativeModuleLoader` -> `BuiltinLoader` - `NativeModuleRecordMap` -> `BuiltinSourceMap` - `NativeModuleCacheMap` -> `BuiltinCodeCacheMap` - `ModuleIds` -> `BuiltinIds` - `ModuleCategories` -> `BuiltinCategories` - `LoadBuiltinModuleSource` -> `LoadBuiltinSource` `loader.js`: - `NativeModule` -> `BuiltinModule` (the `NativeModule` name used in `process.moduleLoadList` is kept for compatibility) And other clarifications in the documentation and comments. PR-URL: https://github.com/nodejs/node/pull/44135 Fixes: https://github.com/nodejs/node/issues/44036 Reviewed-By: Jacob Smith <[email protected]> Reviewed-By: Matteo Collina <[email protected]> Reviewed-By: Michael Dawson <[email protected]> Reviewed-By: Richard Lau <[email protected]> Reviewed-By: Jiawen Geng <[email protected]> Reviewed-By: Chengzhong Wu <[email protected]> Reviewed-By: Mohammed Keyvanzadeh <[email protected]> Reviewed-By: Tobias Nießen <[email protected]> Reviewed-By: Jan Krems <[email protected]>
Node.js is an open-source, cross-platform, JavaScript runtime environment.
For information on using Node.js, see the Node.js website.
The Node.js project uses an open governance model. The OpenJS Foundation provides support for the project.
This project has a Code of Conduct.
Looking for help? Check out the instructions for getting support.
Current and LTS releases follow semantic versioning. A member of the Release Team signs each Current and LTS release. For more information, see the Release README.
Binaries, installers, and source tarballs are available at https://nodejs.org/en/download/.
https://nodejs.org/download/release/
The latest directory is an alias for the latest Current release. The latest-codename directory is an alias for the latest release from an LTS line. For example, the latest-fermium directory contains the latest Fermium (Node.js 14) release.
https://nodejs.org/download/nightly/
Each directory name and filename contains a date (in UTC) and the commit SHA at the HEAD of the release.
Documentation for the latest Current release is at https://nodejs.org/api/. Version-specific documentation is available in each release directory in the docs subdirectory. Version-specific documentation is also at https://nodejs.org/download/docs/.
Download directories contain a SHASUMS256.txt file with SHA checksums for the files.
To download SHASUMS256.txt using curl:
$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt
To check that a downloaded file matches the checksum, run it through sha256sum with a command such as:
$ grep node-vx.y.z.tar.gz SHASUMS256.txt | sha256sum -c -
For Current and LTS, the GPG detached signature of SHASUMS256.txt is in SHASUMS256.txt.sig. You can use it with gpg to verify the integrity of SHASUMS256.txt. You will first need to import the GPG keys of individuals authorized to create releases. To import the keys:
$ gpg --keyserver hkps://keys.openpgp.org --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D
See Release keys for a script to import active release keys.
Next, download the SHASUMS256.txt.sig for the release:
$ curl -O https://nodejs.org/dist/vx.y.z/SHASUMS256.txt.sig
Then use gpg --verify SHASUMS256.txt.sig SHASUMS256.txt to verify the file's signature.
See BUILDING.md for instructions on how to build Node.js from source and a list of supported platforms.
For information on reporting security vulnerabilities in Node.js, see SECURITY.md.
For information about the governance of the Node.js project, see GOVERNANCE.md.
Collaborators follow the Collaborator Guide in maintaining the Node.js project.
Primary GPG keys for Node.js Releasers (some Releasers sign with subkeys):
4ED778F539E3634C779C87C6D7062848A1AB005C141F07595B7B3FFE74309A937405533BE57C7D5794AE36675C464D64BAFA68DD7434390BDBE9B9C574F12602B6F1C4E913FAA37AD3A89613643B620171DCFD284A79C3B38668286BC97EC7A07EDE3FC161FC681DFB92A079F1685E77973F295594EC46898FCCA13FEF1D0C2E91008E09770F7A9A5AE15600C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93CDD8F2338BAE7501E3DD5AC78C273792F7D83545DA48C2BEE680E841632CD4E44F07496B3EB3C1762108F52B48DB57BB0CC439B2997B01419BD92F80AB9E2F5981AA6E0CD28160D9FF13993A75599653CTo import the full set of trusted release keys (including subkeys possibly used to sign releases):
gpg --keyserver hkps://keys.openpgp.org --recv-keys 4ED778F539E3634C779C87C6D7062848A1AB005C gpg --keyserver hkps://keys.openpgp.org --recv-keys 141F07595B7B3FFE74309A937405533BE57C7D57 gpg --keyserver hkps://keys.openpgp.org --recv-keys 94AE36675C464D64BAFA68DD7434390BDBE9B9C5 gpg --keyserver hkps://keys.openpgp.org --recv-keys 74F12602B6F1C4E913FAA37AD3A89613643B6201 gpg --keyserver hkps://keys.openpgp.org --recv-keys 71DCFD284A79C3B38668286BC97EC7A07EDE3FC1 gpg --keyserver hkps://keys.openpgp.org --recv-keys 61FC681DFB92A079F1685E77973F295594EC4689 gpg --keyserver hkps://keys.openpgp.org --recv-keys 8FCCA13FEF1D0C2E91008E09770F7A9A5AE15600 gpg --keyserver hkps://keys.openpgp.org --recv-keys C4F0DFFF4E8C1A8236409D08E73BC641CC11F4C8 gpg --keyserver hkps://keys.openpgp.org --recv-keys 890C08DB8579162FEE0DF9DB8BEAB4DFCF555EF4 gpg --keyserver hkps://keys.openpgp.org --recv-keys C82FA3AE1CBEDC6BE46B9360C43CEC45C17AB93C gpg --keyserver hkps://keys.openpgp.org --recv-keys DD8F2338BAE7501E3DD5AC78C273792F7D83545D gpg --keyserver hkps://keys.openpgp.org --recv-keys A48C2BEE680E841632CD4E44F07496B3EB3C1762 gpg --keyserver hkps://keys.openpgp.org --recv-keys 108F52B48DB57BB0CC439B2997B01419BD92F80A gpg --keyserver hkps://keys.openpgp.org --recv-keys B9E2F5981AA6E0CD28160D9FF13993A75599653C
See Verifying binaries for how to use these keys to verify a downloaded file.
9554F04D7259F04124DE6B476D5A82AC7E37093B1C050899334244A8AF75E53792EF661D867B9DFAB9AE9905FFD7803F25714661B63B535A4C206CA977984A986EBC2AA786BC0F66B01FBB92821C587A93C7E9E91B49E432C2F75674B0A78B0A6C481CF656730D5401028683275BD23C23EFEFE93C4CFFFEFD3A5288F042B6850C66B31F09FE44734EB7990E114F43EE0176B71C7BC219DD50A3051F888C628D7937DFD2AB06298B2293C3187D33FF9D0246406DWhen possible, the commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to prioritize security releases. Security release stewards manage security releases on a rotation basis as outlined in the security release process.
Node.js is available under the MIT license. Node.js also includes external libraries that are available under a variety of licenses. See LICENSE for the full license text.