system_id: nodejs
display_name: Node.js
category: frameworks
tier: history-full
artifact_mode_preference:
- official-source
- synthetic
- synthetic
default_repro_family: ssrf-generic
browser_required_default: false
log_collectors:
- docker-logs
- http-snapshot
report_template: default-lab-report
services:
  app:
    image: node:22-alpine
    ports:
    - 18089:3000
source_reference:
- name: Node.js Security Releases
  kind: html-links
  url: https://nodejs.org/en/blog/vulnerability
  confidence: official
  advisory_mode: core
  keywords:
  - node.js
  - security
  max_items: 60
- name: CISA KEV Node.js
  kind: kev-json
  url: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
  confidence: official
  advisory_mode: core
  keywords:
  - node.js
  - nodejs