🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis
Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

node

Package Overview
Dependencies
Maintainers
1
Versions
789
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

node

node

latest
Source
npmnpm
Version
24.12.0
Version published
Weekly downloads
429K
43.34%
Maintainers
1
Weekly downloads
 
Created
Source

node

Installs a node binary into your project, which because npm runs scripts with the local ./node_modules/.bin in the PATH ahead of the system copy means you can have a local version of node that is different than your system's, and manage node as a normal dependency.

Warning: don't install this globally with npm 2. npm@2 immediately removes node, then can't run the scripts that make this work.

Use

npm i node@lts

Use with npx

npx node@4 myscript.js

This will run myscript.js with the latest version of node from the v4 major.

Using the shell auto-fallback of npx, you can even do it like so:

node@4 myscript.js

Thanks

Major thanks to Kat Marchán for late-night problem solving, and to CJ Silverio and Maciej Małecki for egging me on way back when I had the idea to package node up this way. It does turn out if you ask "why not?!" once in a while something fun happens.

Keywords

runtime

FAQs

Package last updated on 12 Dec 2025

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Deno 2.6 + Socket: Supply Chain Defense In Your CLI

Security News

Deno 2.6 + Socket: Supply Chain Defense In Your CLI

Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.

By Sarah Gooding  -  Dec 12, 2025