node/nvm
1
0
Fork 0
mirror of https://github.com/nvm-sh/nvm.git synced 2025-09-03 11:07:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: node:f939f16b7a3b5111c22af2efcbd68e1efc36e509
Branches Tags
node:master node:awk node:temp6 node:tmp node:fix-3474 node:travis4 node:travis3 node:colors node:block_iojs node:submods node:travis node:temp4 node:bionic node:xcode-select node:npm8 node:openjsf node:nvmrc node:travis_yml_tweaks
node:v0.40.3 node:v0.40.2 node:v0.40.1 node:v0.40.0 node:v0.39.7 node:v0.39.6 node:v0.39.5 node:v0.39.4 node:v0.39.3 node:v0.39.2 node:v0.39.1 node:v0.39.0 node:v0.38.0 node:v0.37.2 node:v0.37.1 node:v0.37.0 node:v0.36.0 node:v0.35.3 node:v0.35.2 node:v0.35.1 node:v0.35.0 node:v0.34.0 node:v0.33.11 node:v0.33.10 node:v0.33.9 node:v0.33.8 node:v0.33.7 node:v0.33.6 node:v0.33.5 node:v0.33.4 node:v0.33.3 node:v0.33.2 node:v0.33.1 node:v0.33.0 node:v0.32.1 node:v0.32.0 node:v0.31.7 node:v0.31.6 node:v0.31.5 node:v0.31.4 node:v0.31.3 node:v0.31.2 node:v0.31.1 node:v0.31.0 node:v0.30.2 node:v0.30.1 node:v0.30.0 node:v0.29.0 node:v0.28.0 node:v0.27.1 node:v0.27.0 node:v0.26.1 node:v0.26.0 node:v0.25.4 node:v0.24.2 node:v0.25.3 node:v0.25.2 node:v0.25.1 node:v0.25.0 node:v0.24.1 node:v0.24.0 node:v0.23.3 node:v0.23.2 node:v0.23.1 node:v0.23.0 node:v0.22.2 node:v0.22.1 node:v0.22.0 node:v0.21.0 node:v0.20.0 node:v0.19.0 node:v0.18.0 node:v0.17.3 node:v0.17.2 node:v0.17.1 node:v0.17.0 node:v0.16.1 node:v0.16.0 node:v0.15.0 node:v0.14.0 node:v0.13.1 node:v0.13.0 node:v0.12.2 node:v0.12.1 node:v0.12.0 node:v0.11.2 node:v0.11.1 node:v0.11.0 node:v0.10.0 node:v0.9.0 node:v0.8.0 node:v0.7.0 node:v0.6.1 node:v0.6.0 node:v0.5.1 node:v0.5.0 node:v0.4.0 node:v0.3.0 node:v0.2.0 node:v0.1.0 node:v0.0.6 node:v0.0.1
..
compare: node:fix-3474
Branches Tags
node:master node:awk node:temp6 node:tmp node:fix-3474 node:travis4 node:travis3 node:colors node:block_iojs node:submods node:travis node:temp4 node:bionic node:xcode-select node:npm8 node:openjsf node:nvmrc node:travis_yml_tweaks
node:v0.40.3 node:v0.40.2 node:v0.40.1 node:v0.40.0 node:v0.39.7 node:v0.39.6 node:v0.39.5 node:v0.39.4 node:v0.39.3 node:v0.39.2 node:v0.39.1 node:v0.39.0 node:v0.38.0 node:v0.37.2 node:v0.37.1 node:v0.37.0 node:v0.36.0 node:v0.35.3 node:v0.35.2 node:v0.35.1 node:v0.35.0 node:v0.34.0 node:v0.33.11 node:v0.33.10 node:v0.33.9 node:v0.33.8 node:v0.33.7 node:v0.33.6 node:v0.33.5 node:v0.33.4 node:v0.33.3 node:v0.33.2 node:v0.33.1 node:v0.33.0 node:v0.32.1 node:v0.32.0 node:v0.31.7 node:v0.31.6 node:v0.31.5 node:v0.31.4 node:v0.31.3 node:v0.31.2 node:v0.31.1 node:v0.31.0 node:v0.30.2 node:v0.30.1 node:v0.30.0 node:v0.29.0 node:v0.28.0 node:v0.27.1 node:v0.27.0 node:v0.26.1 node:v0.26.0 node:v0.25.4 node:v0.24.2 node:v0.25.3 node:v0.25.2 node:v0.25.1 node:v0.25.0 node:v0.24.1 node:v0.24.0 node:v0.23.3 node:v0.23.2 node:v0.23.1 node:v0.23.0 node:v0.22.2 node:v0.22.1 node:v0.22.0 node:v0.21.0 node:v0.20.0 node:v0.19.0 node:v0.18.0 node:v0.17.3 node:v0.17.2 node:v0.17.1 node:v0.17.0 node:v0.16.1 node:v0.16.0 node:v0.15.0 node:v0.14.0 node:v0.13.1 node:v0.13.0 node:v0.12.2 node:v0.12.1 node:v0.12.0 node:v0.11.2 node:v0.11.1 node:v0.11.0 node:v0.10.0 node:v0.9.0 node:v0.8.0 node:v0.7.0 node:v0.6.1 node:v0.6.0 node:v0.5.1 node:v0.5.0 node:v0.4.0 node:v0.3.0 node:v0.2.0 node:v0.1.0 node:v0.0.6 node:v0.0.1

2 Commits
f939f16b7a ... fix-3474

Author SHA1 Message Date
Jordan Harband
4f91e99415 [Fix] nvm_ls_remote_index_tab: only compare the pattern to the version, not the LTS name 
Fixes 3474
 2024-11-21 12:53:31 -10:00
Andrew Chang-DeWitt
f7363acbb9 [readme] remove avn from readme 
`avn` is archived ([see repo](https://github.com/direnv/direnv)) and should probably no longer be recommended by nvm.

This also adds a solution using `direnv` and proposes a possible `.envrc` to use.
See [wbyoung/avn#109](https://github.com/wbyoung/avn/issues/109#issuecomment-1281865585) for more suggested `.envrc` files.
 2024-11-13 14:41:39 -06:00
18 changed files with 81 additions and 390 deletions
Expand all files Collapse all files

117
.github/INCIDENT_RESPONSE_PLAN.md vendored
View File

@@ -1,117 +0,0 @@
# Incident Response Process for **nvm**
## Reporting a Vulnerability
We take the security of **nvm** very seriously. If you believe youve found a security vulnerability, please inform us responsibly through coordinated disclosure.
### How to Report
> **Do not** report security vulnerabilities through public GitHub issues, discussions, or social media.
Instead, please use one of these secure channels:
1. **GitHub Security Advisories**
Use the **Report a vulnerability** button in the Security tab of the [nvm-sh/nvm repository](https://github.com/nvm-sh/nvm).
2. **Email**
Follow the posted [Security Policy](https://github.com/nvm-sh/nvm/security/policy).
### What to Include
**Required Information:**
- Brief description of the vulnerability type
- Affected version(s) and components
- Steps to reproduce the issue
- Impact assessment (what an attacker could achieve)
**Helpful Additional Details:**
- Full paths of affected scripts or files
- Specific commit or branch where the issue exists
- Required configuration to reproduce
- Proof-of-concept code (if available)
- Suggested mitigation or fix
## Our Response Process
**Timeline Commitments:**
- **Initial acknowledgment**: Within 24 hours
- **Detailed response**: Within 3 business days
- **Status updates**: Every 7 days until resolved
- **Resolution target**: 90 days for most issues
**What Well Do:**
1. Acknowledge your report and assign a tracking ID
2. Assess the vulnerability and determine severity
3. Develop and test a fix
4. Coordinate disclosure timeline with you
5. Release a security update and publish an advisory and CVE
6. Credit you in our security advisory (if desired)
## Disclosure Policy
- **Coordinated disclosure**: Well work with you on timing
- **Typical timeline**: 90 days from report to public disclosure
- **Early disclosure**: If actively exploited
- **Delayed disclosure**: For complex issues
## Scope
**In Scope:**
- **nvm** project (all supported versions)
- Installation and update scripts (`install.sh`, `nvm.sh`)
- Official documentation and CI/CD integrations
- Dependencies with direct security implications
**Out of Scope:**
- Third-party forks or mirrors
- Platform-specific installs outside core scripts
- Social engineering or physical attacks
- Theoretical vulnerabilities without practical exploitation
## Security Measures
**Our Commitments:**
- Regular vulnerability scanning via GitHub Actions
- Automated security checks in CI/CD pipelines
- Secure scripting practices and mandatory code review
- Prompt patch releases for critical issues
**User Responsibilities:**
- Keep **nvm** updated
- Verify script downloads via PGP signatures
- Follow secure configuration guidelines for shell environments
## Legal Safe Harbor
**We will NOT:**
- Initiate legal action
- Contact law enforcement
- Suspend or terminate your access
**You must:**
- Only test against your own installations
- Not access, modify, or delete user data
- Not degrade service availability
- Not publicly disclose before coordinated disclosure
- Act in good faith
## Recognition
- **Advisory Credits**: Credit in GitHub Security Advisories (unless anonymous)
## Security Updates
**Stay Informed:**
- Subscribe to GitHub releases for **nvm**
- Enable GitHub Security Advisory notifications
**Update Process:**
- Patch releases (e.g., v0.40.3 → v0.40.4)
- Out-of-band releases for critical issues
- Advisories via GitHub Security Advisories
## Contact Information
- **Security reports**: Security tab of [nvm-sh/nvm](https://github.com/nvm-sh/nvm/security)
- **General inquiries**: GitHub Discussions or Issues

17
.github/SECURITY.md vendored
View File

@@ -1,6 +1,6 @@
# Security
Please file a private vulnerability report via GitHub, email [@ljharb](https://github.com/ljharb), or see https://tidelift.com/security if you have a potential security vulnerability to report.
Please email [@ljharb](https://github.com/ljharb) or see https://tidelift.com/security if you have a potential security vulnerability to report.
## OpenSSF CII Best Practices
@@ -12,17 +12,16 @@ There are three “tiers”: passing, silver, and gold.
We meet 100% of the “passing” criteria.
### Silver
We meet 100% of the “silver” criteria.
We meet 95% of the “silver” criteria. The gaps are as follows:
- we do not have a DCO or a CLA process for contributions.
- because we only have one maintainer, the project has no way to continue if that maintainer stops being active.
- we do not currently document “what the user can and cannot expect in terms of security” for our project. This is planned to be completed in 2023.
### Gold
We meet 78% of the “gold” criteria. The gaps are as follows:
- because we only have one maintainer, the project has no way to continue if that maintainer stops being active.
We meet 65% of the “gold” criteria. The gaps are as follows:
- we do not yet have the “silver” badge; see all the gaps above.
- We do not include a copyright or license statement in each source file. Efforts are underway to change this archaic practice into a suggestion instead of a hard requirement.
## Threat Model
See [THREAT_MODEL.md](.github/THREAT_MODEL.md).
## Incident Response Plan
Please see our [Incident Response Plan](.github/INCIDENT_RESPONSE_PLAN.md).
See [THREAT_MODEL.md](./THREAT_MODEL.md).

5
.github/workflows/latest-npm.yml vendored
View File

@@ -37,11 +37,6 @@ jobs:
matrix:
node-version: ${{ fromJson(needs.matrix.outputs.latest) }}
include:
- node-version: "21"
- node-version: "20.5"
- node-version: "20.4"
- node-version: "14.17"
- node-version: "14.16"
- node-version: "9.2"
- node-version: "9.1"
- node-version: "9.0"

2
.github/workflows/release.yml vendored
View File

@@ -19,8 +19,6 @@ jobs:
raw.githubusercontent.com:443
registry.npmjs.org:443
- uses: actions/checkout@v4
with:
fetch-tags: true
- uses: actions/setup-node@v4
with:
node-version: "14"

2
.github/workflows/tests.yml vendored
View File

@@ -31,8 +31,6 @@ jobs:
suite:
- install_script
- sourcing
- slow
- installation_iojs
shell:
- sh
- bash

3
.github/workflows/toc.yml vendored
View File

@@ -20,7 +20,6 @@ jobs:
allowed-endpoints:
github.com:443
registry.npmjs.org:443
api.github.com:443
- uses: actions/checkout@v4
with:
# https://github.com/actions/checkout/issues/217#issue-599945005
@@ -31,7 +30,7 @@ jobs:
- run: git fetch --depth=1 origin +refs/tags/*:refs/tags/*
- uses: actions/setup-node@v4
with:
node-version: 'lts/*'
node-version: '16'
- run: npm install
- run: npm run doctoc
- name: commit changes

10
.travis.yml
View File

@@ -87,8 +87,18 @@ env:
- SHELL=bash TEST_SUITE=fast
- SHELL=zsh TEST_SUITE=fast
# - SHELL=ksh TEST_SUITE=fast
- SHELL=sh TEST_SUITE=slow
- SHELL=dash TEST_SUITE=slow
- SHELL=bash TEST_SUITE=slow
- SHELL=zsh TEST_SUITE=slow
# - SHELL=ksh TEST_SUITE=slow
- SHELL=sh TEST_SUITE=installation_iojs
- SHELL=sh TEST_SUITE=installation_iojs WITHOUT_CURL=1
- SHELL=dash TEST_SUITE=installation_iojs
- SHELL=dash TEST_SUITE=installation_iojs WITHOUT_CURL=1
- SHELL=bash TEST_SUITE=installation_iojs
- SHELL=bash TEST_SUITE=installation_iojs WITHOUT_CURL=1
- SHELL=zsh TEST_SUITE=installation_iojs
- SHELL=zsh TEST_SUITE=installation_iojs WITHOUT_CURL=1
# - SHELL=ksh TEST_SUITE=installation_iojs
# - SHELL=ksh TEST_SUITE=installation_iojs WITHOUT_CURL=1

18
Dockerfile
View File

@@ -91,20 +91,16 @@ RUN echo 'nvm ALL=(ALL) NOPASSWD: ALL' >> /etc/sudoers
# Switch to user "nvm" from now
USER nvm
# Create a script file sourced by both interactive and non-interactive bash shells
ENV BASH_ENV /home/nvm/.bash_env
RUN touch "$BASH_ENV"
RUN echo '. "$BASH_ENV"' >> "$HOME/.bashrc"
# nvm
RUN echo 'export NVM_DIR="$HOME/.nvm"' >> "$BASH_ENV"
RUN echo '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm' >> "$BASH_ENV"
RUN echo '[ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion" # This loads nvm bash_completion' >> "$BASH_ENV"
RUN echo 'export NVM_DIR="$HOME/.nvm"' >> "$HOME/.bashrc"
RUN echo '[ -s "$NVM_DIR/nvm.sh" ] && . "$NVM_DIR/nvm.sh" # This loads nvm' >> "$HOME/.bashrc"
RUN echo '[ -s "$NVM_DIR/bash_completion" ] && . "$NVM_DIR/bash_completion" # This loads nvm bash_completion' >> "$HOME/.bashrc"
# nodejs and tools
RUN nvm install node
RUN npm install -g doctoc urchin eclint dockerfile_lint
RUN npm install --prefix "$HOME/.nvm/"
RUN bash -c 'source $HOME/.nvm/nvm.sh && \
nvm install node && \
npm install -g doctoc urchin eclint dockerfile_lint && \
npm install --prefix "$HOME/.nvm/"'
# Set WORKDIR to nvm directory
WORKDIR /home/nvm/.nvm

125
README.md
View File

@@ -6,7 +6,7 @@
</a>
# Node Version Manager [![Build Status](https://app.travis-ci.com/nvm-sh/nvm.svg?branch=master)][3] [![nvm version](https://img.shields.io/badge/version-v0.40.3-yellow.svg)][4] [![CII Best Practices](https://bestpractices.dev/projects/684/badge)](https://bestpractices.dev/projects/684)
# Node Version Manager [![Build Status](https://app.travis-ci.com/nvm-sh/nvm.svg?branch=master)][3] [![nvm version](https://img.shields.io/badge/version-v0.40.1-yellow.svg)][4] [![CII Best Practices](https://bestpractices.dev/projects/684/badge)](https://bestpractices.dev/projects/684)
<!-- To update this table of contents, ensure you have run `npm install` then `npm run doctoc` -->
<!-- START doctoc generated TOC please keep comment here to allow auto update -->
@@ -18,8 +18,6 @@
- [Installing and Updating](#installing-and-updating)
- [Install & Update Script](#install--update-script)
- [Additional Notes](#additional-notes)
- [Installing in Docker](#installing-in-docker)
- [Installing in Docker for CICD-Jobs](#installing-in-docker-for-cicd-jobs)
- [Troubleshooting on Linux](#troubleshooting-on-linux)
- [Troubleshooting on macOS](#troubleshooting-on-macos)
- [Ansible](#ansible)
@@ -104,13 +102,13 @@ nvm is a version manager for [node.js](https://nodejs.org/en/), designed to be i
To **install** or **update** nvm, you should run the [install script][2]. To do that, you may either download and run the script manually, or use the following cURL or Wget command:
```sh
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
```
```sh
wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
wget -qO- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
```
Running either of the above commands downloads a script and runs it. The script clones the nvm repository to `~/.nvm`, and attempts to add the source lines from the snippet below to the correct profile file (`~/.bashrc`, `~/.bash_profile`, `~/.zshrc`, or `~/.profile`). If you find the install script is updating the wrong profile file, set the `$PROFILE` env var to the profile files path, and then rerun the installation script.
Running either of the above commands downloads a script and runs it. The script clones the nvm repository to `~/.nvm`, and attempts to add the source lines from the snippet below to the correct profile file (`~/.bash_profile`, `~/.zshrc`, `~/.profile`, or `~/.bashrc`).
<a id="profile_snippet"></a>
```sh
@@ -122,94 +120,14 @@ export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || pr
- If the environment variable `$XDG_CONFIG_HOME` is present, it will place the `nvm` files there.</sub>
- You can add `--no-use` to the end of the above script to postpone using `nvm` until you manually [`use`](#usage) it:
```sh
export NVM_DIR="$([ -z "${XDG_CONFIG_HOME-}" ] && printf %s "${HOME}/.nvm" || printf %s "${XDG_CONFIG_HOME}/nvm")"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" --no-use # This loads nvm, without auto-using the default version
```
- You can add `--no-use` to the end of the above script (...`nvm.sh --no-use`) to postpone using `nvm` until you manually [`use`](#usage) it.
- You can customize the install source, directory, profile, and version using the `NVM_SOURCE`, `NVM_DIR`, `PROFILE`, and `NODE_VERSION` variables.
Eg: `curl ... | NVM_DIR="path/to/nvm"`. Ensure that the `NVM_DIR` does not contain a trailing slash.
- The installer can use `git`, `curl`, or `wget` to download `nvm`, whichever is available.
- You can instruct the installer to not edit your shell config (for example if you already get completions via a [zsh nvm plugin](https://github.com/ohmyzsh/ohmyzsh/tree/master/plugins/nvm)) by setting `PROFILE=/dev/null` before running the `install.sh` script. Here's an example one-line command to do that: `PROFILE=/dev/null bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash'`
#### Installing in Docker
When invoking bash as a non-interactive shell, like in a Docker container, none of the regular profile files are sourced. In order to use `nvm`, `node`, and `npm` like normal, you can instead specify the special `BASH_ENV` variable, which bash sources when invoked non-interactively.
```Dockerfile
# Use bash for the shell
SHELL ["/bin/bash", "-o", "pipefail", "-c"]
# Create a script file sourced by both interactive and non-interactive bash shells
ENV BASH_ENV /home/user/.bash_env
RUN touch "${BASH_ENV}"
RUN echo '. "${BASH_ENV}"' >> ~/.bashrc
# Download and install nvm
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.2/install.sh | PROFILE="${BASH_ENV}" bash
RUN echo node > .nvmrc
RUN nvm install
```
##### Installing in Docker for CICD-Jobs
More robust, works in CI/CD-Jobs. Can be run in interactive and non-interactive containers.
See https://github.com/nvm-sh/nvm/issues/3531.
```Dockerfile
FROM ubuntu:latest
ARG NODE_VERSION=20
# install curl
RUN apt update && apt install curl -y
# install nvm
RUN curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
# set env
ENV NVM_DIR=/root/.nvm
# install node
RUN bash -c "source $NVM_DIR/nvm.sh && nvm install $NODE_VERSION"
# set ENTRYPOINT for reloading nvm-environment
ENTRYPOINT ["bash", "-c", "source $NVM_DIR/nvm.sh && exec \"$@\"", "--"]
# set cmd to bash
CMD ["/bin/bash"]
```
This example defaults to installation of nodejs version 20.x.y. Optionally you can easily override the version with docker build args like:
```
docker build -t nvmimage --build-arg NODE_VERSION=19 .
```
After creation of the image you can start container interactively and run commands, for example:
```
docker run --rm -it nvmimage
root@0a6b5a237c14:/# nvm -v
0.40.3
root@0a6b5a237c14:/# node -v
v19.9.0
root@0a6b5a237c14:/# npm -v
9.6.3
```
Noninteractive example:
```
user@host:/tmp/test $ docker run --rm -it nvmimage node -v
v19.9.0
user@host:/tmp/test $ docker run --rm -it nvmimage npm -v
9.6.3
```
- You can instruct the installer to not edit your shell config (for example if you already get completions via a [zsh nvm plugin](https://github.com/ohmyzsh/ohmyzsh/tree/master/plugins/nvm)) by setting `PROFILE=/dev/null` before running the `install.sh` script. Here's an example one-line command to do that: `PROFILE=/dev/null bash -c 'curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash'`
#### Troubleshooting on Linux
@@ -257,7 +175,7 @@ You can use a task:
```yaml
- name: Install nvm
ansible.builtin.shell: >
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
args:
creates: "{{ ansible_env.HOME }}/.nvm/nvm.sh"
```
@@ -289,7 +207,7 @@ If you're running a system without prepackaged binary available, which means you
- [bass](https://github.com/edc/bass) allows you to use utilities written for Bash in fish shell
- [fast-nvm-fish](https://github.com/brigand/fast-nvm-fish) only works with version numbers (not aliases) but doesn't significantly slow your shell startup
- [plugin-nvm](https://github.com/derekstavis/plugin-nvm) plugin for [Oh My Fish](https://github.com/oh-my-fish/oh-my-fish), which makes nvm and its completions available in fish shell
- [nvm.fish](https://github.com/jorgebucaran/nvm.fish) - The Node.js version manager you'll adore, crafted just for Fish
- [fnm](https://github.com/fisherman/fnm) - [fisherman](https://github.com/fisherman/fisherman)-based version manager for fish
- [fish-nvm](https://github.com/FabioAntunes/fish-nvm) - Wrapper around nvm for fish, delays sourcing nvm until it's actually used.
**Note:** We still have some problems with FreeBSD, because there is no official pre-built binary for FreeBSD, and building from source may need [patches](https://www.freshports.org/www/node/files/patch-deps_v8_src_base_platform_platform-posix.cc); see the issue ticket:
@@ -309,7 +227,7 @@ If you're running a system without prepackaged binary available, which means you
Homebrew installation is not supported. If you have issues with homebrew-installed `nvm`, please `brew uninstall` it, and install it using the instructions below, before filing an issue.
**Note:** If you're using `zsh` you can easily install `nvm` as a zsh plugin. Install [`zsh-nvm`](https://github.com/lukechilds/zsh-nvm) and run `nvm upgrade` to upgrade ([you can set](https://github.com/lukechilds/zsh-nvm#auto-use) `NVM_AUTO_USE=true` to have it automatically detect and use `.nvmrc` files).
**Note:** If you're using `zsh` you can easily install `nvm` as a zsh plugin. Install [`zsh-nvm`](https://github.com/lukechilds/zsh-nvm) and run `nvm upgrade` to upgrade.
**Note:** Git versions before v1.7 may face a problem of cloning `nvm` source from GitHub via https protocol, and there is also different behavior of git before v1.6, and git prior to [v1.17.10](https://github.com/git/git/commit/5a7d5b683f869d3e3884a89775241afa515da9e7) can not clone tags, so the minimum required git version is v1.7.10. If you are interested in the problem we mentioned here, please refer to GitHub's [HTTPS cloning errors](https://help.github.com/articles/https-cloning-errors/) article.
@@ -319,7 +237,7 @@ If you have `git` installed (requires git v1.7.10+):
1. clone this repo in the root of your user profile
- `cd ~/` from anywhere then `git clone https://github.com/nvm-sh/nvm.git .nvm`
1. `cd ~/.nvm` and check out the latest version with `git checkout v0.40.3`
1. `cd ~/.nvm` and check out the latest version with `git checkout v0.40.1`
1. activate `nvm` by sourcing it from your shell: `. ./nvm.sh`
Now add these lines to your `~/.bashrc`, `~/.profile`, or `~/.zshrc` file to have it automatically sourced upon login:
@@ -765,8 +683,6 @@ add-zsh-hook chpwd load-nvmrc
load-nvmrc
```
After saving the file, run `source ~/.zshrc` to reload the configuration with the latest changes made.
##### fish
This requires that you have [bass](https://github.com/edc/bass) installed.
@@ -890,7 +806,7 @@ my_alias default v10.22.0 v12.18.3 v14.8.0
## Compatibility Issues
`nvm` will encounter some issues if you have some non-default settings set. (see [#606](https://github.com/nvm-sh/nvm/issues/606))
`nvm` will encounter some issues if you have some non-default settings set. (see [#606](https://github.com/creationix/nvm/issues/606))
The following are known to cause issues:
Inside `~/.npmrc`:
@@ -925,13 +841,13 @@ If installing nvm on Alpine Linux *is* still what you want or need to do, you sh
### Alpine Linux 3.13+
```sh
apk add -U curl bash ca-certificates openssl ncurses coreutils python3 make gcc g++ libgcc linux-headers grep util-linux binutils findutils
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
```
### Alpine Linux 3.5 - 3.12
```sh
apk add -U curl bash ca-certificates openssl ncurses coreutils python2 make gcc g++ libgcc linux-headers grep util-linux binutils findutils
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
```
_Note: Alpine 3.5 can only install NodeJS versions up to v6.9.5, Alpine 3.6 can only install versions up to v6.10.3, Alpine 3.7 installs versions up to v8.9.3, Alpine 3.8 installs versions up to v8.14.0, Alpine 3.9 installs versions up to v10.19.0, Alpine 3.10 installs versions up to v10.24.1, Alpine 3.11 installs versions up to v12.22.6, Alpine 3.12 installs versions up to v12.22.12, Alpine 3.13 & 3.14 install versions up to v14.20.0, Alpine 3.15 & 3.16 install versions up to v16.16.0 (**These are all versions on the main branch**). Alpine 3.5 - 3.12 required the package `python2` to build NodeJS, as they are older versions to build. Alpine 3.13+ requires `python3` to successfully build newer NodeJS versions, but you can use `python2` with Alpine 3.13+ if you need to build versions of node supported in Alpine 3.5 - 3.15, you just need to specify what version of NodeJS you need to install in the package install script._
@@ -1034,9 +950,9 @@ You have to make sure that the user directory name in `$HOME` and the user direc
To change the user directory and/or account name follow the instructions [here](https://support.apple.com/en-us/HT201548)
[1]: https://github.com/nvm-sh/nvm.git
[2]: https://github.com/nvm-sh/nvm/blob/v0.40.3/install.sh
[2]: https://github.com/nvm-sh/nvm/blob/v0.40.1/install.sh
[3]: https://app.travis-ci.com/nvm-sh/nvm
[4]: https://github.com/nvm-sh/nvm/releases/tag/v0.40.3
[4]: https://github.com/nvm-sh/nvm/releases/tag/v0.40.1
[Urchin]: https://git.sdf.org/tlevine/urchin
[Fish]: https://fishshell.com
@@ -1094,7 +1010,7 @@ Here's what you will need to do:
If one of these broken versions is installed on your system, the above step will likely still succeed even if you didn't include the `--shared-zlib` flag.
However, later, when you attempt to `npm install` something using your old version of node.js, you will see `incorrect data check` errors.
If you want to avoid the possible hassle of dealing with this, include that flag.
For more details, see [this issue](https://github.com/nodejs/node/issues/39313) and [this comment](https://github.com/nodejs/node/issues/39313#issuecomment-90.40.376)
For more details, see [this issue](https://github.com/nodejs/node/issues/39313) and [this comment](https://github.com/nodejs/node/issues/39313#issuecomment-90.40.176)
- Exit back to your native shell.
@@ -1121,7 +1037,7 @@ Now you should be able to use node as usual.
If you've encountered this error on WSL-2:
```sh
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.1/install.sh | bash
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- 0:00:09 --:--:-- 0curl: (6) Could not resolve host: raw.githubusercontent.com
@@ -1156,7 +1072,7 @@ Currently, the sole maintainer is [@ljharb](https://github.com/ljharb) - more ma
## Project Support
Only the latest version (v0.40.3 at this time) is supported.
Only the latest version (v0.40.1 at this time) is supported.
## Enterprise Support
@@ -1170,5 +1086,6 @@ See [LICENSE.md](./LICENSE.md).
## Copyright notice
Copyright [OpenJS Foundation](https://openjsf.org) and `nvm` contributors. All rights reserved. The [OpenJS Foundation](https://openjsf.org) has registered trademarks and uses trademarks. For a list of trademarks of the [OpenJS Foundation](https://openjsf.org), please see our [Trademark Policy](https://trademark-policy.openjsf.org/) and [Trademark List](https://trademark-list.openjsf.org/). Trademarks and logos not indicated on the [list of OpenJS Foundation trademarks](https://trademark-list.openjsf.org) are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
[The OpenJS Foundation](https://openjsf.org/) | [Terms of Use](https://terms-of-use.openjsf.org/) | [Privacy Policy](https://privacy-policy.openjsf.org/) | [Bylaws](https://bylaws.openjsf.org/) | [Code of Conduct](https://code-of-conduct.openjsf.org) | [Trademark Policy](https://trademark-policy.openjsf.org/) | [Trademark List](https://trademark-list.openjsf.org/) | [Cookie Policy](https://www.linuxfoundation.org/cookies/)
Copyright [OpenJS Foundation](https://openjsf.org) and `nvm` contributors. All rights reserved. The [OpenJS Foundation](https://openjsf.org) has registered trademarks and uses trademarks. For a list of trademarks of the [OpenJS Foundation](https://openjsf.org), please see our [Trademark Policy](https://trademark-policy.openjsf.org/) and [Trademark List](https://trademark-list.openjsf.org/). Node.js is a trademark of Joyent, Inc. and is used with its permission. Trademarks and logos not indicated on the [list of OpenJS Foundation trademarks](https://trademark-list.openjsf.org) are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with or endorsement by them.
[The OpenJS Foundation](https://openjsf.org/) | [Terms of Use](https://terms-of-use.openjsf.org/) | [Privacy Policy](https://privacy-policy.openjsf.org/) | [OpenJS Foundation Bylaws](https://bylaws.openjsf.org/) | [Trademark Policy](https://trademark-policy.openjsf.org/) | [Trademark List](https://trademark-list.openjsf.org/) | [Cookie Policy](https://www.linuxfoundation.org/cookies/)

2
install.sh
View File

@@ -33,7 +33,7 @@ nvm_install_dir() {
}
nvm_latest_version() {
nvm_echo "v0.40.3"
nvm_echo "v0.40.1"
}
nvm_profile_is_bash_or_zsh() {

78
nvm.sh
View File

@@ -136,17 +136,15 @@ nvm_download() {
eval "curl -q --fail ${CURL_COMPRESSED_FLAG:-} ${CURL_HEADER_FLAG:-} ${NVM_DOWNLOAD_ARGS}"
elif nvm_has "wget"; then
# Emulate curl with wget
ARGS=$(nvm_echo "$@" | command sed "
s/--progress-bar /--progress=bar /
s/--compressed //
s/--fail //
s/-L //
s/-I /--server-response /
s/-s /-q /
s/-sS /-nv /
s/-o /-O /
s/-C - /-c /
")
ARGS=$(nvm_echo "$@" | command sed -e 's/--progress-bar /--progress=bar /' \
-e 's/--compressed //' \
-e 's/--fail //' \
-e 's/-L //' \
-e 's/-I /--server-response /' \
-e 's/-s /-q /' \
-e 's/-sS /-nv /' \
-e 's/-o /-O /' \
-e 's/-C - /-c /')
if [ -n "${NVM_AUTH_HEADER:-}" ]; then
ARGS="${ARGS} --header \"${NVM_AUTH_HEADER}\""
@@ -356,21 +354,6 @@ nvm_install_latest_npm() {
if [ $NVM_IS_19_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 20.5.0; then
NVM_IS_20_5_OR_ABOVE=1
fi
local NVM_IS_20_17_OR_ABOVE
NVM_IS_20_17_OR_ABOVE=0
if [ $NVM_IS_20_5_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 20.17.0; then
NVM_IS_20_17_OR_ABOVE=1
fi
local NVM_IS_21_OR_ABOVE
NVM_IS_21_OR_ABOVE=0
if [ $NVM_IS_20_17_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 21.0.0; then
NVM_IS_21_OR_ABOVE=1
fi
local NVM_IS_22_9_OR_ABOVE
NVM_IS_22_9_OR_ABOVE=0
if [ $NVM_IS_21_OR_ABOVE -eq 1 ] && nvm_version_greater_than_or_equal_to "${NODE_VERSION}" 22.9.0; then
NVM_IS_22_9_OR_ABOVE=1
fi
if [ $NVM_IS_4_4_OR_BELOW -eq 1 ] || {
[ $NVM_IS_5_OR_ABOVE -eq 1 ] && nvm_version_greater 5.10.0 "${NODE_VERSION}"; \
@@ -416,15 +399,8 @@ nvm_install_latest_npm() {
[ $NVM_IS_18_17_OR_ABOVE -eq 0 ] \
|| { [ $NVM_IS_19_OR_ABOVE -eq 1 ] && [ $NVM_IS_20_5_OR_ABOVE -eq 0 ]; } \
; then
# TODO: 10.8.3 can run on 16.20.2?? https://github.com/nodejs/Release/issues/884#issuecomment-2558077691
nvm_echo '* `npm` `v9.x` is the last version that works on `node` `< v18.17`, `v19`, or `v20.0` - `v20.4`'
$NVM_NPM_CMD install -g npm@9
elif \
[ $NVM_IS_20_17_OR_ABOVE -eq 0 ] \
|| { [ $NVM_IS_21_OR_ABOVE -eq 1 ] && [ $NVM_IS_22_9_OR_ABOVE -eq 0 ]; } \
; then
nvm_echo '* `npm` `v10.x` is the last version that works on `node` `< v20.17`, `v21`, or `v22.0` - `v22.8`'
$NVM_NPM_CMD install -g npm@10
else
nvm_echo '* Installing latest `npm`; if this does not work on your node version, please report a bug!'
$NVM_NPM_CMD install -g npm
@@ -446,7 +422,8 @@ fi
if [ -z "${NVM_DIR-}" ]; then
# shellcheck disable=SC2128
if [ -n "${BASH_SOURCE-}" ]; then
NVM_SCRIPT_SOURCE="${BASH_SOURCE}"
# shellcheck disable=SC2169,SC3054
NVM_SCRIPT_SOURCE="${BASH_SOURCE[0]}"
fi
# shellcheck disable=SC2086
NVM_DIR="$(nvm_cd ${NVM_CD_FLAGS} "$(dirname "${NVM_SCRIPT_SOURCE:-$0}")" >/dev/null && \pwd)"
@@ -1415,11 +1392,11 @@ nvm_add_iojs_prefix() {
nvm_strip_iojs_prefix() {
local NVM_IOJS_PREFIX
NVM_IOJS_PREFIX="$(nvm_iojs_prefix)"
case "${1-}" in
"${NVM_IOJS_PREFIX}") nvm_echo ;;
*) nvm_echo "${1#"${NVM_IOJS_PREFIX}"-}" ;;
esac
if [ "${1-}" = "${NVM_IOJS_PREFIX}" ]; then
nvm_echo
else
nvm_echo "${1#"${NVM_IOJS_PREFIX}"-}"
fi
}
nvm_ls() {
@@ -1551,15 +1528,12 @@ nvm_ls() {
fi
if [ "${NVM_ADD_SYSTEM-}" = true ]; then
case "${PATTERN}" in
'' | v)
VERSIONS="${VERSIONS}
if [ -z "${PATTERN}" ] || [ "${PATTERN}" = 'v' ]; then
VERSIONS="${VERSIONS}
system"
;;
system)
VERSIONS="system"
;;
esac
elif [ "${PATTERN}" = 'system' ]; then
VERSIONS="system"
fi
fi
if [ -z "${VERSIONS}" ]; then
@@ -1693,10 +1667,11 @@ EOF
LTS="${LTS#lts/}"
fi
VERSIONS="$( { command awk -v lts="${LTS-}" '{
VERSIONS="$({ command awk -v lts="${LTS-}" -v pattern="${PATTERN:-.*}" '{
if (!$1) { next }
if (lts && $10 ~ /^\-?$/) { next }
if (lts && lts != "*" && tolower($10) !~ tolower(lts)) { next }
if ($1 !~ pattern) { next }
if ($10 !~ /^\-?$/) {
if ($10 && $10 != prev) {
print $1, $10, "*"
@@ -1708,7 +1683,6 @@ EOF
}
prev=$10;
}' \
| nvm_grep -w "${PATTERN:-.*}" \
| $SORT_COMMAND; } << EOF
$VERSION_LIST
EOF
@@ -2737,10 +2711,10 @@ nvm_npm_global_modules() {
local NPMLIST
local VERSION
VERSION="$1"
NPMLIST=$(nvm use "${VERSION}" >/dev/null && npm list -g --depth=0 2>/dev/null | command sed -e '1d' -e '/UNMET PEER DEPENDENCY/d')
NPMLIST=$(nvm use "${VERSION}" >/dev/null && npm list -g --depth=0 2>/dev/null | command sed 1,1d | nvm_grep -v 'UNMET PEER DEPENDENCY')
local INSTALLS
INSTALLS=$(nvm_echo "${NPMLIST}" | command sed -e '/ -> / d' -e '/\(empty\)/ d' -e 's/^.* \(.*@[^ ]*\).*/\1/' -e '/^npm@[^ ]*.*$/ d' -e '/^corepack@[^ ]*.*$/ d' | command xargs)
INSTALLS=$(nvm_echo "${NPMLIST}" | command sed -e '/ -> / d' -e '/\(empty\)/ d' -e 's/^.* \(.*@[^ ]*\).*/\1/' -e '/^npm@[^ ]*.*$/ d' | command xargs)
local LINKS
LINKS="$(nvm_echo "${NPMLIST}" | command sed -n 's/.* -> \(.*\)/\1/ p')"
@@ -4438,7 +4412,7 @@ nvm() {
NVM_VERSION_ONLY=true NVM_LTS="${NVM_LTS-}" nvm_remote_version "${PATTERN:-node}"
;;
"--version" | "-v")
nvm_echo '0.40.3'
nvm_echo '0.40.1'
;;
"unload")
nvm deactivate >/dev/null 2>&1

6
package.json
View File

@@ -1,6 +1,6 @@
{
"name": "nvm",
"version": "0.40.3",
"version": "0.40.1",
"description": "Node Version Manager - Simple bash script to manage multiple active node.js versions",
"directories": {
"test": "test"
@@ -45,9 +45,9 @@
"dockerfile_lint": "^0.3.4",
"doctoc": "^2.2.1",
"eclint": "^2.8.1",
"markdown-link-check": "^3.13.7",
"markdown-link-check": "^3.12.2",
"replace": "^1.2.2",
"semver": "^7.7.1",
"semver": "^7.6.3",
"urchin": "^0.0.5"
}
}

41
test/install_script/nvm_check_if_path_exists
View File

@@ -1,41 +0,0 @@
#!/bin/sh
setup () {
HOME="."
NVM_ENV=testing \. ../../install.sh
touch ".bashrc"
touch ".zshrc"
touch ".profile"
}
cleanup () {
unset HOME
unset NVM_ENV
unset NVM_DETECT_PROFILE
unset BASH_VERSION
unset ZSH_VERSION
unset -f setup cleanup die
rm -f ".bashrc" ".bash_profile" ".zshrc" ".profile" "test_profile" > "/dev/null" 2>&1
}
die () { echo "$@" '$NVM_DETECT_PROFILE:' "$NVM_DETECT_PROFILE"; cleanup; exit 1; }
setup
# check if nvm_path already exists in bashrc
NVM_DETECT_PROFILE="$(BASH_VERSION="1"; unset PROFILE; nvm_detect_profile)"
echo "export NVM_DIR="$HOME/.nvm"" > $HOME/.bashrc
OUTPUT = "$(nvm_do_install)"
EXPECTED_OUTPUT='nvm source string already in ${NVM_PROFILE}'
if [ "${OUTPUT#*$EXPECTED_OUTPUT}" = "${OUTPUT}" ]; then
die "Path already exists in the profile, so should have returned >${EXPECTED_OUTPUT}<. Instead it returned >${OUTPUT}<"
fi
# .zshrc should be detected for zsh
NVM_DETECT_PROFILE="$(ZSH_VERSION="1"; unset PROFILE; unset BASH_VERSION; nvm_detect_profile)"
echo "export NVM_DIR="$HOME/.nvm"" > $HOME/.zshrc
OUTPUT = "$(nvm_do_install)"
EXPECTED_OUTPUT='nvm source string already in ${NVM_PROFILE}'
if [ "${OUTPUT#*$EXPECTED_OUTPUT}" = "${OUTPUT}" ]; then
die "Path already exists in the profile, so should have returned >${EXPECTED_OUTPUT}<. Instead it returned >${OUTPUT}<"
fi

0
test/slow/nvm exec/Running 'nvm exec --silent' should work → test/slow/nvm exec/Preamble works and respects 'silent' flag
View File

2
test/slow/nvm reinstall-packages/should work as expected
View File

@@ -16,7 +16,7 @@ EXPECTED_PACKAGES_INSTALL="autoprefixer bower david@11 grunt-cli grunth-cli http
echo "$EXPECTED_PACKAGES_INSTALL" | sed -e 's/test-npmlink //' | xargs npm install -g --quiet
get_packages() {
npm list -g --depth=0 | \sed -e '1 d' -e 's/^.* \(.*\)@.*/\1/' -e '/^npm$/ d' -e '/^corepack$/ d' | xargs
npm list -g --depth=0 | \sed -e '1 d' -e 's/^.* \(.*\)@.*/\1/' -e '/^npm$/ d' | xargs
}
nvm use 0.10.29

15
test/slow/nvm reinstall-packages/works with no installs
View File

@@ -5,7 +5,7 @@ die () { echo "$@" ; exit 1; }
\. ../../../nvm.sh
get_packages() {
npm list -g --depth=0 | \sed -e '1 d' -e 's/^.* \(.*\)@.*/\1/' -e '/^npm$/ d' -e '/^corepack$/ d' | xargs
npm list -g --depth=0 | \sed -e '1 d' -e 's/^.* \(.*\)@.*/\1/' -e '/^npm$/ d' | xargs
}
nvm use 4.7.2
@@ -14,14 +14,5 @@ ORIGINAL_PACKAGES=$(get_packages)
nvm reinstall-packages 4.7.1
FINAL_PACKAGES=$(get_packages)
[ -z "${ORIGINAL_PACKAGES}" ] || die "v4: original packages were not empty: ${ORIGINAL_PACKAGES}"
[ -z "${FINAL_PACKAGES}" ] || die "v4: final packages were not empty: ${FINAL_PACKAGES}"
nvm use 23.8.20
ORIGINAL_PACKAGES=$(get_packages)
nvm reinstall-packages 23.8.0
FINAL_PACKAGES=$(get_packages)
[ -z "${ORIGINAL_PACKAGES}" ] || die "v23: original packages were not empty: ${ORIGINAL_PACKAGES}"
[ -z "${FINAL_PACKAGES}" ] || die "v23: final packages were not empty: ${FINAL_PACKAGES}"
[ -z "${ORIGINAL_PACKAGES}" ] || die "original packages were not empty: ${ORIGINAL_PACKAGES}"
[ -z "${FINAL_PACKAGES}" ] || die "final packages were not empty: ${FINAL_PACKAGES}"

28
test/slow/nvm run/Running 'nvm run --silent' should work
View File

@@ -1,28 +0,0 @@
#!/bin/sh
set -ex
die () { echo "$@" ; exit 1; }
. ../../../nvm.sh
echo "0.10.7" > .nvmrc
# Check nvm run without --silent
OUTPUT="$(nvm run --version)"
EXPECTED_OUTPUT="Found '${PWD}/.nvmrc' with version <0.10.7>
Running node v0.10.7 (npm v1.2.21)
v0.10.7"
[ ">${OUTPUT}<" = ">${EXPECTED_OUTPUT}<" ] \
|| die "\`nvm run\` failed to run; did not match with the .nvmrc version; got >${OUTPUT}<"
OUTPUT="$(nvm run --silent --version)"
EXPECTED_OUTPUT="v0.10.7"
[ "${OUTPUT}" = "${EXPECTED_OUTPUT}" ] \
|| die "\`nvm run --silent\` failed to run silently; expected no output, got >${OUTPUT}<"
# Output shouldn't be silent if --silent flag is not at the third argument position
OUTPUT="$(nvm run --version --silent)"
EXPECTED_OUTPUT=""
[ "${OUTPUT}" != "${EXPECTED_OUTPUT}" ] \
|| die "\`nvm run --version --silent\` should not be silent; expected >${OUTPUT}<, got no output"

0
test/slow/nvm uninstall/Running 'nvm uninstall' with incorrect file permissions fails nicely Normal file → Executable file
View File