winget install --id OpenJS.NodeJS.20About Node.js 20
Node.js® is a free, open-source, cross-platform JavaScript runtime environment that lets developers create servers, web apps, command line tools and scripts.
What's new in 20.20.2
This is a security release. Notable Changes - (CVE-2026-21717) fix array index hash collision (Joyee Cheung) https://github.com/nodejs-private/node-private/pull/834 - (CVE-2026-21713) use timing-safe comparison in Web Cryptography HMAC and KMAC (Filip Skokan) https://github.com/nodejs-private/node-private/pull/822 - (CVE-2026-21710) use null prototype for headersDistinct/trailersDistinct (Matteo Collina) https://github.com/nodejs-private/node-private/pull/821 - (CVE-2026-21716) include permission check on lib/fs/promises (RafaelGSS) https://github.com/nodejs-private/node-private/pull/795 - (CVE-2026-21715) add permission check to realpath.native (RafaelGSS) https://github.com/nodejs-private/node-private/pull/794 - (CVE-2026-21714) handle NGHTTP2_ERR_FLOW_CONTROL error code (RafaelGSS) https://github.com/nodejs-private/node-private/pull/832 - (CVE-2026-21637) wrap SNICallback invocation in try/catch (Matteo Collina) https://github.com/nodejs-private/node-private/pull/819 Commits - [cfb51fa9ce] - (CVE-2026-21713) crypto: use timing-safe comparison in Web Cryptography HMAC (Filip Skokan) nodejs-private/node-private#831 - [f333d0be5f] - deps: V8: override depot_tools version (Richard Lau) #62344 - [2acd5d1226] - deps: update undici to v6.24.1 (Matteo Collina) #62285 - [af5c144ebc] - (CVE-2026-21717) deps,build,test: fix array index hash collision (Joyee Cheung) nodejs-private/node-private#834 - [00ad47a28e] - (CVE-2026-21710) http: use null prototype for headersDistinct/trailersDistinct (Matteo Collina) nodejs-private/node-private#821 - [0123309566] - (CVE-2026-21716) permissio...
Version history
| Version | Updated | Notes |
|---|---|---|
| 20.20.2 | Unknown | This is a security release. Notable Changes - (CVE-2026-21717) fix array index hash collision (Joyee Cheung) https://github.com/nodejs-private/node-private/pull/834 - (CVE-2026-21713) use timing-safe comparison in Web Cr... |
| 20.20.1 | Unknown | Notable Changes - [91a66e671c] - build: test on Python 3.14 (Christian Clauss) #59983 - [f66056054b] - crypto: update root certificates to NSS 3.119 (Node.js GitHub Bot) #61419 - [80feacaddb] - crypto: update root certif... |
| 20.20.0 | Unknown | This is a security release. Notable Changes lib: - (CVE-2025-55132) disable futimes when permission model is enabled (RafaelGSS) https://github.com/nodejs-private/node-private/pull/802 - (CVE-2025-59465) add TLSSocket de... |
| 20.19.6 | Unknown | Notable Changes - [6277910a15] - crypto: update root certificates to NSS 3.114 (Node.js GitHub Bot) #59571 - [082e50d4a2] - doc: update the instruction on how to verify releases (Antoine du Hamel) #59113 - [db68cec4cb] -... |
| 20.19.5 | Unknown | No notes |
| 20.19.4 | Unknown | No notes |
| 20.19.3 | Unknown | No notes |
| 20.19.2 | Unknown | No notes |
| 20.19.1 | Unknown | No notes |
| 20.19.0 | Unknown | No notes |
| 20.18.3 | Unknown | No notes |
| 20.18.2 | Unknown | No notes |
| 20.18.1 | Unknown | No notes |
| 20.18.0 | Unknown | Experimental Network Inspection Support in Node.js This update introduces the initial support for network inspection in Node.js. Currently, this is an experimental feature, so you need to enable it using the --experiment... |
| 20.17.0 | Unknown | module: support require()ing synchronous ESM graphs This release adds require() support for synchronous ESM graphs under the flag --experimental-require-module. If --experimental-require-module is enabled, and the ECMASc... |
| 20.16.0 | Unknown | process: add process.getBuiltinModule(id) process.getBuiltinModule(id) provides a way to load built-in modules in a globally available function. ES Modules that need to support other environments can use it to conditiona... |
| 20.15.1 | Unknown | This is a security release. Notable Changes - CVE-2024-36138 - Bypass incomplete fix of CVE-2024-27980 (High) - CVE-2024-22020 - Bypass network import restriction via data URL (Medium) - CVE-2024-22018 - fs.lstat bypasse... |
| 20.15.0 | Unknown | test_runner: support test plans It is now possible to count the number of assertions and subtests that are expected to run within a test. If the number of assertions and subtests that run does not match the expected coun... |
| 20.14.0 | Unknown | Notable Changes - [28d2baa17c] - src,permission: throw async errors on async APIs (Rafael Gonzaga) #52730 - [77e2bf029a] - (SEMVER-MINOR) test_runner: support forced exit (Colin Ihrig) #52038 Commits - [e3ad05d8b0] - dep... |
| 20.13.1 | Unknown | 2024-05-09, Version 20.13.1 'Iron' (LTS), @marco-ippolito Revert "tools: install npm PowerShell scripts on Windows" Due to a regression in the npm installation on Windows, this commit reverts the change that installed np... |