-#

Alias for stdin. Analogous to the use of- in other command-line utilities,meaning that the script is read from stdin, and the rest of the optionsare passed to that script.

--#

Indicate the end of node options. Pass the rest of the arguments to the script.If no script filename or eval/print script is supplied prior to this, thenthe next argument is used as a script filename.

--abort-on-uncaught-exception#

Aborting instead of exiting causes a core file to be generated for post-mortemanalysis using a debugger (such aslldb,gdb, andmdb).

If this flag is passed, the behavior can still be set to not abort throughprocess.setUncaughtExceptionCaptureCallback() (and through usage of thenode:domain module that uses it).

--allow-addons#

When using thePermission Model, the process will not be able to usenative addons by default.Attempts to do so will throw anERR_DLOPEN_DISABLED unless theuser explicitly passes the--allow-addons flag when starting Node.js.

Example:

// Attempt to require an native addonrequire('nodejs-addon-example');copy

$node --permission --allow-fs-read=* index.jsnode:internal/modules/cjs/loader:1319  return process.dlopen(module, path.toNamespacedPath(filename));                 ^Error: Cannot load native addon because loading addons is disabled.    at Module._extensions..node (node:internal/modules/cjs/loader:1319:18)    at Module.load (node:internal/modules/cjs/loader:1091:32)    at Module._load (node:internal/modules/cjs/loader:938:12)    at Module.require (node:internal/modules/cjs/loader:1115:19)    at require (node:internal/modules/helpers:130:18)    at Object.<anonymous> (/home/index.js:1:15)    at Module._compile (node:internal/modules/cjs/loader:1233:14)    at Module._extensions..js (node:internal/modules/cjs/loader:1287:10)    at Module.load (node:internal/modules/cjs/loader:1091:32)    at Module._load (node:internal/modules/cjs/loader:938:12) {  code: 'ERR_DLOPEN_DISABLED'}copy

--allow-child-process#

When using thePermission Model, the process will not be able to spawn anychild process by default.Attempts to do so will throw anERR_ACCESS_DENIED unless theuser explicitly passes the--allow-child-process flag when starting Node.js.

Example:

const childProcess =require('node:child_process');// Attempt to bypass the permissionchildProcess.spawn('node', ['-e','require("fs").writeFileSync("/new-file", "example")']);copy

$node --permission --allow-fs-read=* index.jsnode:internal/child_process:388  const err = this._handle.spawn(options);                           ^Error: Access to this API has been restricted    at ChildProcess.spawn (node:internal/child_process:388:28)    at node:internal/main/run_main_module:17:47 {  code: 'ERR_ACCESS_DENIED',  permission: 'ChildProcess'}copy

Thechild_process.fork() API inherits the execution arguments from theparent process. This means that if Node.js is started with the PermissionModel enabled and the--allow-child-process flag is set, any child processcreated usingchild_process.fork() will automatically receive all relevantPermission Model flags.

This behavior also applies tochild_process.spawn(), but in that case, theflags are propagated via theNODE_OPTIONS environment variable rather thandirectly through the process arguments.

--allow-fs-read#

This flag configures file system read permissions usingthePermission Model.

The valid arguments for the--allow-fs-read flag are:

• * - To allow allFileSystemRead operations.
• Multiple paths can be allowed using multiple--allow-fs-read flags.Example--allow-fs-read=/folder1/ --allow-fs-read=/folder1/

Examples can be found in theFile System Permissions documentation.

The initializer module and custom--require modules has a implicitread permission.

$node --permission -r custom-require.js -r custom-require-2.js index.jscopy

• Thecustom-require.js,custom-require-2.js, andindex.js will beby default in the allowed read list.

process.has('fs.read','index.js');// trueprocess.has('fs.read','custom-require.js');// trueprocess.has('fs.read','custom-require-2.js');// truecopy

--allow-fs-write#

This flag configures file system write permissions usingthePermission Model.

The valid arguments for the--allow-fs-write flag are:

• * - To allow allFileSystemWrite operations.
• Multiple paths can be allowed using multiple--allow-fs-write flags.Example--allow-fs-write=/folder1/ --allow-fs-write=/folder1/

Paths delimited by comma (,) are no longer allowed.When passing a single flag with a comma a warning will be displayed.

Examples can be found in theFile System Permissions documentation.

--allow-inspector#

When using thePermission Model, the process will not be able to connectthrough inspector protocol.

Attempts to do so will throw anERR_ACCESS_DENIED unless theuser explicitly passes the--allow-inspector flag when starting Node.js.

Example:

const {Session } =require('node:inspector/promises');const session =newSession();session.connect();copy

$node --permission index.jsError: connect ERR_ACCESS_DENIED Access to this API has been restricted. Use --allow-inspector to manage permissions.  code: 'ERR_ACCESS_DENIED',}copy

--allow-net#

When using thePermission Model, the process will not be able to accessnetwork by default.Attempts to do so will throw anERR_ACCESS_DENIED unless theuser explicitly passes the--allow-net flag when starting Node.js.

Example:

const http =require('node:http');// Attempt to bypass the permissionconst req = http.get('http://example.com',() => {});req.on('error',(err) => {console.log('err', err);});copy

$node --permission index.jsError: connect ERR_ACCESS_DENIED Access to this API has been restricted. Use --allow-net to manage permissions.  code: 'ERR_ACCESS_DENIED',}copy

--allow-wasi#

When using thePermission Model, the process will not be capable of creatingany WASI instances by default.For security reasons, the call will throw anERR_ACCESS_DENIED unless theuser explicitly passes the flag--allow-wasi in the main Node.js process.

Example:

const {WASI } =require('node:wasi');// Attempt to bypass the permissionnewWASI({version:'preview1',// Attempt to mount the whole filesystempreopens: {'/':'/',  },});copy

$node --permission --allow-fs-read=* index.jsError: Access to this API has been restricted    at node:internal/main/run_main_module:30:49 {  code: 'ERR_ACCESS_DENIED',  permission: 'WASI',}copy

--allow-worker#

When using thePermission Model, the process will not be able to create anyworker threads by default.For security reasons, the call will throw anERR_ACCESS_DENIED unless theuser explicitly pass the flag--allow-worker in the main Node.js process.

Example:

const {Worker } =require('node:worker_threads');// Attempt to bypass the permissionnewWorker(__filename);copy

$node --permission --allow-fs-read=* index.jsError: Access to this API has been restricted    at node:internal/main/run_main_module:17:47 {  code: 'ERR_ACCESS_DENIED',  permission: 'WorkerThreads'}copy

--build-snapshot#

Generates a snapshot blob when the process exits and writes it todisk, which can be loaded later with--snapshot-blob.

When building the snapshot, if--snapshot-blob is not specified,the generated blob will be written, by default, tosnapshot.blobin the current working directory. Otherwise it will be written tothe path specified by--snapshot-blob.

$echo"globalThis.foo = 'I am from the snapshot'" > snapshot.js#Run snapshot.js to initialize the application and snapshot the#state of it into snapshot.blob.$node --snapshot-blob snapshot.blob --build-snapshot snapshot.js$echo"console.log(globalThis.foo)" > index.js#Load the generated snapshot and start the application from index.js.$node --snapshot-blob snapshot.blob index.jsI am from the snapshotcopy

Thev8.startupSnapshot API can be used to specify an entry point atsnapshot building time, thus avoiding the need of an additional entryscript at deserialization time:

$echo"require('v8').startupSnapshot.setDeserializeMainFunction(() => console.log('I am from the snapshot'))" > snapshot.js$node --snapshot-blob snapshot.blob --build-snapshot snapshot.js$node --snapshot-blob snapshot.blobI am from the snapshotcopy

For more information, check out thev8.startupSnapshot API documentation.

Currently the support for run-time snapshot is experimental in that:

1. User-land modules are not yet supported in the snapshot, so onlyone single file can be snapshotted. Users can bundle their applicationsinto a single script with their bundler of choice before buildinga snapshot, however.
2. Only a subset of the built-in modules work in the snapshot, though theNode.js core test suite checks that a few fairly complex applicationscan be snapshotted. Support for more modules are being added. If anycrashes or buggy behaviors occur when building a snapshot, please filea report in theNode.js issue tracker and link to it in thetracking issue for user-land snapshots.

--build-snapshot-config#

Specifies the path to a JSON configuration file which configures snapshotcreation behavior.

The following options are currently supported:

• builder<string> Required. Provides the name to the script that is executedbefore building the snapshot, as if--build-snapshot had been passedwithbuilder as the main script name.
• withoutCodeCache<boolean> Optional. Including the code cache reduces thetime spent on compiling functions included in the snapshot at the expenseof a bigger snapshot size and potentially breaking portability of thesnapshot.

When using this flag, additional script files provided on the command line willnot be executed and instead be interpreted as regular command line arguments.

-c,--check#

Syntax check the script without executing.

--completion-bash#

Print source-able bash completion script for Node.js.

node --completion-bash > node_bash_completionsource node_bash_completioncopy

-C condition,--conditions=condition#

Provide customconditional exports resolution conditions.

Any number of custom string condition names are permitted.

The default Node.js conditions of"node","default","import", and"require" will always apply as defined.

For example, to run a module with "development" resolutions:

node -C development app.jscopy

--cpu-prof#

Starts the V8 CPU profiler on start up, and writes the CPU profile to diskbefore exit.

If--cpu-prof-dir is not specified, the generated profile is placedin the current working directory.

If--cpu-prof-name is not specified, the generated profile isnamedCPU.${yyyymmdd}.${hhmmss}.${pid}.${tid}.${seq}.cpuprofile.

$node --cpu-prof index.js$ls *.cpuprofileCPU.20190409.202950.15293.0.0.cpuprofilecopy

If--cpu-prof-name is specified, the provided value is used as a templatefor the file name. The following placeholder is supported and will besubstituted at runtime:

• ${pid} — the current process ID

$node --cpu-prof --cpu-prof-name'CPU.${pid}.cpuprofile' index.js$ls *.cpuprofileCPU.15293.cpuprofilecopy

--cpu-prof-dir#

Specify the directory where the CPU profiles generated by--cpu-prof willbe placed.

The default value is controlled by the--diagnostic-dir command-line option.

--cpu-prof-interval#

Specify the sampling interval in microseconds for the CPU profiles generatedby--cpu-prof. The default is 1000 microseconds.

--cpu-prof-name#

Specify the file name of the CPU profile generated by--cpu-prof.

--diagnostic-dir=directory#

Set the directory to which all diagnostic output files are written.Defaults to current working directory.

Affects the default output directory of:

• --cpu-prof-dir
• --heap-prof-dir
• --redirect-warnings

--disable-proto=mode#

Disable theObject.prototype.__proto__ property. Ifmode isdelete, theproperty is removed entirely. Ifmode isthrow, accesses to theproperty throw an exception with the codeERR_PROTO_ACCESS.

--disable-sigusr1#

Disable the ability of starting a debugging session by sending aSIGUSR1 signal to the process.

--disable-warning=code-or-type#

Disable specific process warnings bycode ortype.

Warnings emitted fromprocess.emitWarning() may contain acode and atype. This option will not-emit warnings that have a matchingcode ortype.

List ofdeprecation warnings.

The Node.js core warning types are:DeprecationWarning andExperimentalWarning

For example, the following script will not emitDEP0025require('node:sys') when executed withnode --disable-warning=DEP0025:

import sysfrom'node:sys';const sys =require('node:sys');copy

For example, the following script will emit theDEP0025require('node:sys'), but not any ExperimentalWarnings (such asExperimentalWarning:vm.measureMemory is an experimental featurein <=v21) when executed withnode --disable-warning=ExperimentalWarning:

import sysfrom'node:sys';import vmfrom'node:vm';vm.measureMemory();const sys =require('node:sys');const vm =require('node:vm');vm.measureMemory();copy

--disable-wasm-trap-handler#

By default, Node.js enables trap-handler-based WebAssembly boundchecks. As a result, V8 does not need to insert inline bound checksint the code compiled from WebAssembly which may speedup WebAssemblyexecution significantly, but this optimization requires allocatinga big virtual memory cage (currently 10GB). If the Node.js processdoes not have access to a large enough virtual memory address spacedue to system configurations or hardware limitations, users won'tbe able to run any WebAssembly that involves allocation in thisvirtual memory cage and will see an out-of-memory error.

$ulimit -v 5000000$node -p"new WebAssembly.Memory({ initial: 10, maximum: 100 });"[eval]:1new WebAssembly.Memory({ initial: 10, maximum: 100 });^RangeError: WebAssembly.Memory(): could not allocate memory    at [eval]:1:1    at runScriptInThisContext (node:internal/vm:209:10)    at node:internal/process/execution:118:14    at [eval]-wrapper:6:24    at runScript (node:internal/process/execution:101:62)    at evalScript (node:internal/process/execution:136:3)    at node:internal/main/eval_string:49:3copy

--disable-wasm-trap-handler disables this optimization so thatusers can at least run WebAssembly (with less optimal performance)when the virtual memory address space available to their Node.jsprocess is lower than what the V8 WebAssembly memory cage needs.

--disallow-code-generation-from-strings#

Make built-in language features likeeval andnew Function that generatecode from strings throw an exception instead. This does not affect the Node.jsnode:vm module.

--dns-result-order=order#

Set the default value oforder indns.lookup() anddnsPromises.lookup(). The value could be:

• ipv4first: sets defaultorder toipv4first.
• ipv6first: sets defaultorder toipv6first.
• verbatim: sets defaultorder toverbatim.

The default isverbatim anddns.setDefaultResultOrder() have higherpriority than--dns-result-order.

--enable-fips#

Enable FIPS-compliant crypto at startup. (Requires Node.js to be builtagainst FIPS-compatible OpenSSL.)

--enable-network-family-autoselection#

Enables the family autoselection algorithm unless connection options explicitlydisables it.

--enable-source-maps#

EnableSource Map support for stack traces.

When using a transpiler, such as TypeScript, stack traces thrown by anapplication reference the transpiled code, not the original source position.--enable-source-maps enables caching of Source Maps and makes a besteffort to report stack traces relative to the original source file.

OverridingError.prepareStackTrace may prevent--enable-source-maps frommodifying the stack trace. Call and return the results of the originalError.prepareStackTrace in the overriding function to modify the stack tracewith source maps.

const originalPrepareStackTrace =Error.prepareStackTrace;Error.prepareStackTrace =(error, trace) => {// Modify error and trace and format stack trace with// original Error.prepareStackTrace.returnoriginalPrepareStackTrace(error, trace);};copy

Note, enabling source maps can introduce latency to your applicationwhenError.stack is accessed. If you accessError.stack frequentlyin your application, take into account the performance implicationsof--enable-source-maps.

--entry-url#

When present, Node.js will interpret the entry point as a URL, rather than apath.

FollowsECMAScript module resolution rules.

Any query parameter or hash in the URL will be accessible viaimport.meta.url.

node --entry-url'file:///path/to/file.js?queryparams=work#and-hashes-too'node --entry-url'file.ts?query#hash'node --entry-url'data:text/javascript,console.log("Hello")'copy

--env-file-if-exists=file#

Behavior is the same as--env-file, but an error is not thrown if the filedoes not exist.

--env-file=file#

Loads environment variables from a file relative to the current directory,making them available to applications onprocess.env. Theenvironmentvariables which configure Node.js, such asNODE_OPTIONS,are parsed and applied. If the same variable is defined in the environment andin the file, the value from the environment takes precedence.

You can pass multiple--env-file arguments. Subsequent files overridepre-existing variables defined in previous files.

An error is thrown if the file does not exist.

node --env-file=.env --env-file=.development.env index.jscopy

The format of the file should be one line per key-value pair of environmentvariable name and value separated by=:

PORT=3000copy

Any text after a# is treated as a comment:

# This is a commentPORT=3000 # This is also a commentcopy

Values can start and end with the following quotes:`," or'.They are omitted from the values.

USERNAME="nodejs" # will result in `nodejs` as the value.copy

Multi-line values are supported:

MULTI_LINE="THIS ISA MULTILINE"# will result in `THIS IS\nA MULTILINE` as the value.copy

Export keyword before a key is ignored:

export USERNAME="nodejs" # will result in `nodejs` as the value.copy

If you want to load environment variables from a file that may not exist, youcan use the--env-file-if-exists flag instead.

-e,--eval "script"#

Evaluate the following argument as JavaScript. The modules which arepredefined in the REPL can also be used inscript.

On Windows, usingcmd.exe a single quote will not work correctly because itonly recognizes double" for quoting. In Powershell or Git bash, both'and" are usable.

It is possible to run code containing inline types unless the--no-strip-types flag is provided.

--experimental-addon-modules#

Enable experimental import support for.node addons.

--experimental-config-file=config#

If present, Node.js will look for a configuration file at the specified path.Node.js will read the configuration file and apply the settings. Theconfiguration file should be a JSON file with the following structure.vX.Y.Zin the$schema must be replaced with the version of Node.js you are using.

{"$schema":"https://nodejs.org/dist/vX.Y.Z/docs/node-config-schema.json","nodeOptions":{"import":["amaro/strip"],"watch-path":"src","watch-preserve-output":true},"testRunner":{"test-isolation":"process"},"watch":{"watch-preserve-output":true}}copy

The configuration file supports namespace-specific options:

• ThenodeOptions field contains CLI flags that are allowed inNODE_OPTIONS.

• Namespace fields liketestRunner contain configuration specific to that subsystem.

No-op flags are not supported.Not all V8 flags are currently supported.

It is possible to use theofficial JSON schemato validate the configuration file, which may vary depending on the Node.js version.Each key in the configuration file corresponds to a flag that can be passedas a command-line argument. The value of the key is the value that would bepassed to the flag.

For example, the configuration file above is equivalent tothe following command-line arguments:

node --import amaro/strip --watch-path=src --watch-preserve-output --test-isolation=processcopy

The priority in configuration is as follows:

1. NODE_OPTIONS and command-line options
2. Configuration file
3. Dotenv NODE_OPTIONS

Values in the configuration file will not override the values in the environmentvariables and command-line options, but will override the values in theNODE_OPTIONSenv file parsed by the--env-file flag.

Keys cannot be duplicated within the same or different namespaces.

The configuration parser will throw an error if the configuration file containsunknown keys or keys that cannot be used in a namespace.

Node.js will not sanitize or perform validation on the user-provided configuration,soNEVER use untrusted configuration files.

--experimental-default-config-file#

If the--experimental-default-config-file flag is present, Node.js will look for anode.config.json file in the current working directory and load it as aas configuration file.

--experimental-eventsource#

Enable exposition ofEventSource Web API on the global scope.

--experimental-import-meta-resolve#

Enable experimentalimport.meta.resolve() parent URL support, which allowspassing a secondparentURL argument for contextual resolution.

Previously gated the entireimport.meta.resolve feature.

--experimental-inspector-network-resource#

Enable experimental support for inspector network resources.

--experimental-loader=module#

This flag is discouraged and may be removed in a future version of Node.js.Please use--import withregister() instead.

Specify themodule containing exportedmodule customization hooks.module may be any string accepted as animport specifier.

This feature requires--allow-worker if used with thePermission Model.

--experimental-network-inspection#

Enable experimental support for the network inspection with Chrome DevTools.

--experimental-print-required-tla#

If the ES module beingrequire()'d contains top-levelawait, this flagallows Node.js to evaluate the module, try to locate thetop-level awaits, and print their location to help users find them.

--experimental-quic#

Enable experimental support for the QUIC protocol.

--experimental-require-module#

Supports loading a synchronous ES module graph inrequire().

SeeLoading ECMAScript modules usingrequire().

--experimental-sea-config#

Use this flag to generate a blob that can be injected into the Node.jsbinary to produce asingle executable application. See the documentationaboutthis configuration for details.

--experimental-shadow-realm#

Use this flag to enableShadowRealm support.

--experimental-test-coverage#

When used in conjunction with thenode:test module, a code coverage report isgenerated as part of the test runner output. If no tests are run, a coveragereport is not generated. See the documentation oncollecting code coverage from tests for more details.

--experimental-test-module-mocks#

Enable module mocking in the test runner.

This feature requires--allow-worker if used with thePermission Model.

--experimental-transform-types#

Enables the transformation of TypeScript-only syntax into JavaScript code.Implies--enable-source-maps.

--experimental-vm-modules#

Enable experimental ES Module support in thenode:vm module.

--experimental-wasi-unstable-preview1#

Enable experimental WebAssembly System Interface (WASI) support.

--experimental-worker-inspection#

Enable experimental support for the worker inspection with Chrome DevTools.

--expose-gc#

This flag will expose the gc extension from V8.

if (globalThis.gc) {  globalThis.gc();}copy

--force-context-aware#

Disable loading native addons that are notcontext-aware.

--force-fips#

Force FIPS-compliant crypto on startup. (Cannot be disabled from script code.)(Same requirements as--enable-fips.)

--force-node-api-uncaught-exceptions-policy#

EnforcesuncaughtException event on Node-API asynchronous callbacks.

To prevent from an existing add-on from crashing the process, this flag is notenabled by default. In the future, this flag will be enabled by default toenforce the correct behavior.

--frozen-intrinsics#

Enable experimental frozen intrinsics likeArray andObject.

Only the root context is supported. There is no guarantee thatglobalThis.Array is indeed the default intrinsic reference. Code may breakunder this flag.

To allow polyfills to be added,--require and--import both run before freezing intrinsics.

--heap-prof#

Starts the V8 heap profiler on start up, and writes the heap profile to diskbefore exit.

If--heap-prof-dir is not specified, the generated profile is placedin the current working directory.

If--heap-prof-name is not specified, the generated profile isnamedHeap.${yyyymmdd}.${hhmmss}.${pid}.${tid}.${seq}.heapprofile.

$node --heap-prof index.js$ls *.heapprofileHeap.20190409.202950.15293.0.001.heapprofilecopy

--heap-prof-dir#

Specify the directory where the heap profiles generated by--heap-prof willbe placed.

The default value is controlled by the--diagnostic-dir command-line option.

--heap-prof-interval#

Specify the average sampling interval in bytes for the heap profiles generatedby--heap-prof. The default is 512 * 1024 bytes.

--heap-prof-name#

Specify the file name of the heap profile generated by--heap-prof.

--heapsnapshot-near-heap-limit=max_count#

Writes a V8 heap snapshot to disk when the V8 heap usage is approaching theheap limit.count should be a non-negative integer (in which caseNode.js will write no more thanmax_count snapshots to disk).

When generating snapshots, garbage collection may be triggered and bringthe heap usage down. Therefore multiple snapshots may be written to diskbefore the Node.js instance finally runs out of memory. These heap snapshotscan be compared to determine what objects are being allocated during thetime consecutive snapshots are taken. It's not guaranteed that Node.js willwrite exactlymax_count snapshots to disk, but it will tryits best to generate at least one and up tomax_count snapshots before theNode.js instance runs out of memory whenmax_count is greater than0.

Generating V8 snapshots takes time and memory (both memory managed by theV8 heap and native memory outside the V8 heap). The bigger the heap is,the more resources it needs. Node.js will adjust the V8 heap to accommodatethe additional V8 heap memory overhead, and try its best to avoid using upall the memory available to the process. When the process usesmore memory than the system deems appropriate, the process may be terminatedabruptly by the system, depending on the system configuration.

$node --max-old-space-size=100 --heapsnapshot-near-heap-limit=3 index.jsWrote snapshot to Heap.20200430.100036.49580.0.001.heapsnapshotWrote snapshot to Heap.20200430.100037.49580.0.002.heapsnapshotWrote snapshot to Heap.20200430.100038.49580.0.003.heapsnapshot<--- Last few GCs --->[49580:0x110000000]     4826 ms: Mark-sweep 130.6 (147.8) -> 130.5 (147.8) MB, 27.4 / 0.0 ms  (average mu = 0.126, current mu = 0.034) allocation failure scavenge might not succeed[49580:0x110000000]     4845 ms: Mark-sweep 130.6 (147.8) -> 130.6 (147.8) MB, 18.8 / 0.0 ms  (average mu = 0.088, current mu = 0.031) allocation failure scavenge might not succeed<--- JS stacktrace --->FATAL ERROR: Ineffective mark-compacts near heap limit Allocation failed - JavaScript heap out of memory....copy

--heapsnapshot-signal=signal#

Enables a signal handler that causes the Node.js process to write a heap dumpwhen the specified signal is received.signal must be a valid signal name.Disabled by default.

$node --heapsnapshot-signal=SIGUSR2 index.js &$ps auxUSER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMANDnode         1  5.5  6.1 787252 247004 ?       Ssl  16:43   0:02 node --heapsnapshot-signal=SIGUSR2 index.js$kill -USR2 1$lsHeap.20190718.133405.15554.0.001.heapsnapshotcopy

-h,--help#

Print node command-line options.The output of this option is less detailed than this document.

--icu-data-dir=file#

Specify ICU data load path. (OverridesNODE_ICU_DATA.)

--import=module#

Preload the specified module at startup. If the flag is provided several times,each module will be executed sequentially in the order they appear, startingwith the ones provided inNODE_OPTIONS.

FollowsECMAScript module resolution rules.Use--require to load aCommonJS module.Modules preloaded with--require will run before modules preloaded with--import.

Modules are preloaded into the main thread as well as any worker threads,forked processes, or clustered processes.

--input-type=type#

This configures Node.js to interpret--eval orSTDIN input as CommonJS oras an ES module. Valid values are"commonjs","module","module-typescript" and"commonjs-typescript".The"-typescript" values are not available with the flag--no-strip-types.The default is no value, or"commonjs" if--no-experimental-detect-module is passed.

If--input-type is not provided,Node.js will try to detect the syntax with the following steps:

1. Run the input as CommonJS.
2. If step 1 fails, run the input as an ES module.
3. If step 2 fails with a SyntaxError, strip the types.
4. If step 3 fails with an error codeERR_UNSUPPORTED_TYPESCRIPT_SYNTAXorERR_INVALID_TYPESCRIPT_SYNTAX,throw the error from step 2, including the TypeScript error in the message,else run as CommonJS.
5. If step 4 fails, run the input as an ES module.

To avoid the delay of multiple syntax detection passes, the--input-type=type flag can be used to specifyhow the--eval input should be interpreted.

The REPL does not support this option. Usage of--input-type=module with--print will throw an error, as--print does not support ES modulesyntax.

--insecure-http-parser#

Enable leniency flags on the HTTP parser. This may allowinteroperability with non-conformant HTTP implementations.

When enabled, the parser will accept the following:

• Invalid HTTP headers values.
• Invalid HTTP versions.
• Allow message containing bothTransfer-EncodingandContent-Length headers.
• Allow extra data after message whenConnection: close is present.
• Allow extra transfer encodings afterchunked has been provided.
• Allow\n to be used as token separator instead of\r\n.
• Allow\r\n not to be provided after a chunk.
• Allow spaces to be present after a chunk size and before\r\n.

All the above will expose your application to request smugglingor poisoning attack. Avoid using this option.

--inspect-brk[=[host:]port]#

Activate inspector onhost:port and break at start of user script.Defaulthost:port is127.0.0.1:9229. If port0 is specified,a random available port will be used.

SeeV8 Inspector integration for Node.js for further explanation on Node.js debugger.

--inspect-port=[host:]port#

Set thehost:port to be used when the inspector is activated.Useful when activating the inspector by sending theSIGUSR1 signal.Except when--disable-sigusr1 is passed.

Default host is127.0.0.1. If port0 is specified,a random available port will be used.

See thesecurity warning below regarding thehostparameter usage.

--inspect-publish-uid=stderr,http#

Specify ways of the inspector web socket url exposure.

By default inspector websocket url is available in stderr and under/json/listendpoint onhttp://host:port/json/list.

--inspect-wait[=[host:]port]#

Activate inspector onhost:port and wait for debugger to be attached.Defaulthost:port is127.0.0.1:9229. If port0 is specified,a random available port will be used.

SeeV8 Inspector integration for Node.js for further explanation on Node.js debugger.

--inspect[=[host:]port]#

Activate inspector onhost:port. Default is127.0.0.1:9229. If port0 isspecified, a random available port will be used.

V8 inspector integration allows tools such as Chrome DevTools and IDEs to debugand profile Node.js instances. The tools attach to Node.js instances via atcp port and communicate using theChrome DevTools Protocol.SeeV8 Inspector integration for Node.js for further explanation on Node.js debugger.

-i,--interactive#

Opens the REPL even if stdin does not appear to be a terminal.

--jitless#

Disableruntime allocation of executable memory. This may berequired on some platforms for security reasons. It can also reduce attacksurface on other platforms, but the performance impact may be severe.

--localstorage-file=file#

The file used to storelocalStorage data. If the file does not exist, it iscreated the first timelocalStorage is accessed. The same file may be sharedbetween multiple Node.js processes concurrently.

--max-http-header-size=size#

Specify the maximum size, in bytes, of HTTP headers. Defaults to 16 KiB.

--max-old-space-size-percentage=percentage#

Sets the maximum memory size of V8's old memory section as a percentage of available system memory.This flag takes precedence over--max-old-space-size when both are specified.

Thepercentage parameter must be a number greater than 0 and up to 100, representing the percentageof available system memory to allocate to the V8 heap.

Note: This flag utilizes--max-old-space-size, which may be unreliable on 32-bit platforms due tointeger overflow issues.

# Using 50% of available system memorynode --max-old-space-size-percentage=50 index.js# Using 75% of available system memorynode --max-old-space-size-percentage=75 index.jscopy

--napi-modules#

This option is a no-op. It is kept for compatibility.

--network-family-autoselection-attempt-timeout#

Sets the default value for the network family autoselection attempt timeout.For more information, seenet.getDefaultAutoSelectFamilyAttemptTimeout().

--no-addons#

Disable thenode-addons exports condition as well as disable loadingnative addons. When--no-addons is specified, callingprocess.dlopen orrequiring a native C++ addon will fail and throw an exception.

--no-async-context-frame#

Disables the use ofAsyncLocalStorage backed byAsyncContextFrame anduses the prior implementation which relied on async_hooks. The previous modelis retained for compatibility with Electron and for cases where the contextflow may differ. However, if a difference in flow is found please report it.

--no-deprecation#

Silence deprecation warnings.

--no-experimental-detect-module#

Disable usingsyntax detection to determine module type.

--no-experimental-global-navigator#

Disable exposition ofNavigator API on the global scope.

--no-experimental-repl-await#

Use this flag to disable top-level await in REPL.

--no-experimental-require-module#

Disable support for loading a synchronous ES module graph inrequire().

SeeLoading ECMAScript modules usingrequire().

--no-experimental-sqlite#

Disable the experimentalnode:sqlite module.

--no-experimental-websocket#

Disable exposition of<WebSocket> on the global scope.

--no-experimental-webstorage#

DisableWeb Storage support.

--no-extra-info-on-fatal-exception#

Hide extra information on fatal exception that causes exit.

--no-force-async-hooks-checks#

Disables runtime checks forasync_hooks. These will still be enableddynamically whenasync_hooks is enabled.

--no-global-search-paths#

Do not search modules from global paths like$HOME/.node_modules and$NODE_PATH.

--no-network-family-autoselection#

Disables the family autoselection algorithm unless connection options explicitlyenables it.

--no-strip-types#

Disable type-stripping for TypeScript files.For more information, see theTypeScript type-stripping documentation.

--no-warnings#

Silence all process warnings (including deprecations).

--node-memory-debug#

Enable extra debug checks for memory leaks in Node.js internals. This isusually only useful for developers debugging Node.js itself.

--openssl-config=file#

Load an OpenSSL configuration file on startup. Among other uses, this can beused to enable FIPS-compliant crypto if Node.js is builtagainst FIPS-enabled OpenSSL.

--openssl-legacy-provider#

Enable OpenSSL 3.0 legacy provider. For more information please seeOSSL_PROVIDER-legacy.

--openssl-shared-config#

Enable OpenSSL default configuration section,openssl_conf to be read fromthe OpenSSL configuration file. The default configuration file is namedopenssl.cnf but this can be changed using the environment variableOPENSSL_CONF, or by using the command line option--openssl-config.The location of the default OpenSSL configuration file depends on how OpenSSLis being linked to Node.js. Sharing the OpenSSL configuration may have unwantedimplications and it is recommended to use a configuration section specific toNode.js which isnodejs_conf and is default when this option is not used.

--pending-deprecation#

Emit pending deprecation warnings.

Pending deprecations are generally identical to a runtime deprecation with thenotable exception that they are turnedoff by default and will not be emittedunless either the--pending-deprecation command-line flag, or theNODE_PENDING_DEPRECATION=1 environment variable, is set. Pending deprecationsare used to provide a kind of selective "early warning" mechanism thatdevelopers may leverage to detect deprecated API usage.

--permission#

Enable the Permission Model for current process. When enabled, thefollowing permissions are restricted:

• File System - manageable through--allow-fs-read,--allow-fs-write flags
• Network - manageable through--allow-net flag
• Child Process - manageable through--allow-child-process flag
• Worker Threads - manageable through--allow-worker flag
• WASI - manageable through--allow-wasi flag
• Addons - manageable through--allow-addons flag

--preserve-symlinks#

Instructs the module loader to preserve symbolic links when resolving andcaching modules.

By default, when Node.js loads a module from a path that is symbolically linkedto a different on-disk location, Node.js will dereference the link and use theactual on-disk "real path" of the module as both an identifier and as a rootpath to locate other dependency modules. In most cases, this default behavioris acceptable. However, when using symbolically linked peer dependencies, asillustrated in the example below, the default behavior causes an exception tobe thrown ifmoduleA attempts to requiremoduleB as a peer dependency:

{appDir} ├── app │   ├── index.js │   └── node_modules │       ├── moduleA -> {appDir}/moduleA │       └── moduleB │           ├── index.js │           └── package.json └── moduleA     ├── index.js     └── package.jsoncopy

The--preserve-symlinks command-line flag instructs Node.js to use thesymlink path for modules as opposed to the real path, allowing symbolicallylinked peer dependencies to be found.

Note, however, that using--preserve-symlinks can have other side effects.Specifically, symbolically linkednative modules can fail to load if thoseare linked from more than one location in the dependency tree (Node.js wouldsee those as two separate modules and would attempt to load the module multipletimes, causing an exception to be thrown).

The--preserve-symlinks flag does not apply to the main module, which allowsnode --preserve-symlinks node_module/.bin/<foo> to work. To apply the samebehavior for the main module, also use--preserve-symlinks-main.

--preserve-symlinks-main#

Instructs the module loader to preserve symbolic links when resolving andcaching the main module (require.main).

This flag exists so that the main module can be opted-in to the same behaviorthat--preserve-symlinks gives to all other imports; they are separate flags,however, for backward compatibility with older Node.js versions.

--preserve-symlinks-main does not imply--preserve-symlinks; use--preserve-symlinks-main in addition to--preserve-symlinks when it is not desirable to follow symlinks beforeresolving relative paths.

See--preserve-symlinks for more information.

-p,--print "script"#

Identical to-e but prints the result.

--prof#

Generate V8 profiler output.

--prof-process#

Process V8 profiler output generated using the V8 option--prof.

--redirect-warnings=file#

Write process warnings to the given file instead of printing to stderr. Thefile will be created if it does not exist, and will be appended to if it does.If an error occurs while attempting to write the warning to the file, thewarning will be written to stderr instead.

Thefile name may be an absolute path. If it is not, the default directory itwill be written to is controlled by the--diagnostic-dir command-line option.

--report-compact#

Write reports in a compact format, single-line JSON, more easily consumableby log processing systems than the default multi-line format designed forhuman consumption.

--report-dir=directory,report-directory=directory#

Location at which the report will be generated.

--report-exclude-env#

When--report-exclude-env is passed the diagnostic report generated will notcontain theenvironmentVariables data.

--report-exclude-network#

Excludeheader.networkInterfaces from the diagnostic report. By defaultthis is not set and the network interfaces are included.

--report-filename=filename#

Name of the file to which the report will be written.

If the filename is set to'stdout' or'stderr', the report is written tothe stdout or stderr of the process respectively.

--report-on-fatalerror#

Enables the report to be triggered on fatal errors (internal errors withinthe Node.js runtime such as out of memory) that lead to termination of theapplication. Useful to inspect various diagnostic data elements such as heap,stack, event loop state, resource consumption etc. to reason about the fatalerror.

--report-on-signal#

Enables report to be generated upon receiving the specified (or predefined)signal to the running Node.js process. The signal to trigger the report isspecified through--report-signal.

--report-signal=signal#

Sets or resets the signal for report generation (not supported on Windows).Default signal isSIGUSR2.

--report-uncaught-exception#

Enables report to be generated when the process exits due to an uncaughtexception. Useful when inspecting the JavaScript stack in conjunction withnative stack and other runtime environment data.

-r,--require module#

Preload the specified module at startup.

Followsrequire()'s module resolutionrules.module may be either a path to a file, or a node module name.

Modules preloaded with--require will run before modules preloaded with--import.

Modules are preloaded into the main thread as well as any worker threads,forked processes, or clustered processes.

--run#

This runs a specified command from a package.json's"scripts" object.If a missing"command" is provided, it will list the available scripts.

--run will traverse up to the root directory and finds apackage.jsonfile to run the command from.

--run prepends./node_modules/.bin for each ancestor ofthe current directory, to thePATH in order to execute the binaries fromdifferent folders where multiplenode_modules directories are present, ifancestor-folder/node_modules/.bin is a directory.

--run executes the command in the directory containing the relatedpackage.json.

For example, the following command will run thetest script ofthepackage.json in the current folder:

$node --runtestcopy

You can also pass arguments to the command. Any argument after-- willbe appended to the script:

$node --runtest -- --verbosecopy

--secure-heap-min=n#

When using--secure-heap, the--secure-heap-min flag specifies theminimum allocation from the secure heap. The minimum value is2.The maximum value is the lesser of--secure-heap or2147483647.The value given must be a power of two.

--secure-heap=n#

Initializes an OpenSSL secure heap ofn bytes. When initialized, thesecure heap is used for selected types of allocations within OpenSSLduring key generation and other operations. This is useful, for instance,to prevent sensitive information from leaking due to pointer overrunsor underruns.

The secure heap is a fixed size and cannot be resized at runtime so,if used, it is important to select a large enough heap to cover allapplication uses.

The heap size given must be a power of two. Any value less than 2will disable the secure heap.

The secure heap is disabled by default.

The secure heap is not available on Windows.

SeeCRYPTO_secure_malloc_init for more details.

--snapshot-blob=path#

When used with--build-snapshot,--snapshot-blob specifies the pathwhere the generated snapshot blob is written to. If not specified, thegenerated blob is written tosnapshot.blob in the current working directory.

When used without--build-snapshot,--snapshot-blob specifies thepath to the blob that is used to restore the application state.

When loading a snapshot, Node.js checks that:

1. The version, architecture, and platform of the running Node.js binaryare exactly the same as that of the binary that generates the snapshot.
2. The V8 flags and CPU features are compatible with that of the binarythat generates the snapshot.

If they don't match, Node.js refuses to load the snapshot and exits withstatus code 1.

--test#

Starts the Node.js command line test runner. This flag cannot be combined with--watch-path,--check,--eval,--interactive, or the inspector.See the documentation onrunning tests from the command linefor more details.

--test-concurrency#

The maximum number of test files that the test runner CLI will executeconcurrently. If--test-isolation is set to'none', this flag is ignored andconcurrency is one. Otherwise, concurrency defaults toos.availableParallelism() - 1.

--test-coverage-branches=threshold#

Require a minimum percent of covered branches. If code coverage does not reachthe threshold specified, the process will exit with code1.

--test-coverage-exclude#

Excludes specific files from code coverage using a glob pattern, which can matchboth absolute and relative file paths.

This option may be specified multiple times to exclude multiple glob patterns.

If both--test-coverage-exclude and--test-coverage-include are provided,files must meetboth criteria to be included in the coverage report.

By default all the matching test files are excluded from the coverage report.Specifying this option will override the default behavior.

--test-coverage-functions=threshold#

Require a minimum percent of covered functions. If code coverage does not reachthe threshold specified, the process will exit with code1.

--test-coverage-include#

Includes specific files in code coverage using a glob pattern, which can matchboth absolute and relative file paths.

This option may be specified multiple times to include multiple glob patterns.

If both--test-coverage-exclude and--test-coverage-include are provided,files must meetboth criteria to be included in the coverage report.

--test-coverage-lines=threshold#

Require a minimum percent of covered lines. If code coverage does not reachthe threshold specified, the process will exit with code1.

--test-force-exit#

Configures the test runner to exit the process once all known tests havefinished executing even if the event loop would otherwise remain active.

--test-global-setup=module#

Specify a module that will be evaluated before all tests are executed andcan be used to setup global state or fixtures for tests.

See the documentation onglobal setup and teardown for more details.

--test-isolation=mode#

Configures the type of test isolation used in the test runner. Whenmode is'process', each test file is run in a separate child process. Whenmode is'none', all test files run in the same process as the test runner. The defaultisolation mode is'process'. This flag is ignored if the--test flag is notpresent. See thetest runner execution model section for more information.

--test-name-pattern#

A regular expression that configures the test runner to only execute testswhose name matches the provided pattern. See the documentation onfiltering tests by name for more details.

If both--test-name-pattern and--test-skip-pattern are supplied,tests must satisfyboth requirements in order to be executed.

--test-only#

Configures the test runner to only execute top level tests that have theonlyoption set. This flag is not necessary when test isolation is disabled.

--test-reporter#

A test reporter to use when running tests. See the documentation ontest reporters for more details.

--test-reporter-destination#

The destination for the corresponding test reporter. See the documentation ontest reporters for more details.

--test-rerun-failures#

A path to a file allowing the test runner to persist the state of the testsuite between runs. The test runner will use this file to determine which testshave already succeeded or failed, allowing for re-running of failed testswithout having to re-run the entire test suite. The test runner will create thisfile if it does not exist.See the documentation ontest reruns for more details.

--test-shard#

Test suite shard to execute in a format of<index>/<total>, where

• index is a positive integer, index of divided parts.
• total is a positive integer, total of divided part.

This command will divide all tests files intototal equal parts,and will run only those that happen to be in anindex part.

For example, to split your tests suite into three parts, use this:

node --test --test-shard=1/3node --test --test-shard=2/3node --test --test-shard=3/3copy

--test-skip-pattern#

A regular expression that configures the test runner to skip testswhose name matches the provided pattern. See the documentation onfiltering tests by name for more details.

If both--test-name-pattern and--test-skip-pattern are supplied,tests must satisfyboth requirements in order to be executed.

--test-timeout#

A number of milliseconds the test execution will fail after. If unspecified,subtests inherit this value from their parent. The default value isInfinity.

--test-update-snapshots#

Regenerates the snapshot files used by the test runner forsnapshot testing.

--throw-deprecation#

Throw errors for deprecations.

--title=title#

Setprocess.title on startup.

--tls-cipher-list=list#

Specify an alternative default TLS cipher list. Requires Node.js to be builtwith crypto support (default).

--tls-keylog=file#

Log TLS key material to a file. The key material is in NSSSSLKEYLOGFILEformat and can be used by software (such as Wireshark) to decrypt the TLStraffic.

--tls-max-v1.2#

Settls.DEFAULT_MAX_VERSION to 'TLSv1.2'. Use to disable support forTLSv1.3.

--tls-max-v1.3#

Set defaulttls.DEFAULT_MAX_VERSION to 'TLSv1.3'. Use to enable supportfor TLSv1.3.

--tls-min-v1.0#

Set defaulttls.DEFAULT_MIN_VERSION to 'TLSv1'. Use for compatibility withold TLS clients or servers.

--tls-min-v1.1#

Set defaulttls.DEFAULT_MIN_VERSION to 'TLSv1.1'. Use for compatibilitywith old TLS clients or servers.

--tls-min-v1.2#

Set defaulttls.DEFAULT_MIN_VERSION to 'TLSv1.2'. This is the default for12.x and later, but the option is supported for compatibility with older Node.jsversions.

--tls-min-v1.3#

Set defaulttls.DEFAULT_MIN_VERSION to 'TLSv1.3'. Use to disable supportfor TLSv1.2, which is not as secure as TLSv1.3.

--trace-deprecation#

Print stack traces for deprecations.

--trace-env#

Print information about any access to environment variables done in the current Node.jsinstance to stderr, including:

• The environment variable reads that Node.js does internally.
• Writes in the form ofprocess.env.KEY = "SOME VALUE".
• Reads in the form ofprocess.env.KEY.
• Definitions in the form ofObject.defineProperty(process.env, 'KEY', {...}).
• Queries in the form ofObject.hasOwn(process.env, 'KEY'),process.env.hasOwnProperty('KEY') or'KEY' in process.env.
• Deletions in the form ofdelete process.env.KEY.
• Enumerations inf the form of...process.env orObject.keys(process.env).

Only the names of the environment variables being accessed are printed. The values are not printed.

To print the stack trace of the access, use--trace-env-js-stack and/or--trace-env-native-stack.

--trace-env-js-stack#

In addition to what--trace-env does, this prints the JavaScript stack trace of the access.

--trace-env-native-stack#

In addition to what--trace-env does, this prints the native stack trace of the access.

--trace-event-categories#

A comma separated list of categories that should be traced when trace eventtracing is enabled using--trace-events-enabled.

--trace-event-file-pattern#

Template string specifying the filepath for the trace event data, itsupports${rotation} and${pid}.

--trace-events-enabled#

Enables the collection of trace event tracing information.

--trace-exit#

Prints a stack trace whenever an environment is exited proactively,i.e. invokingprocess.exit().

--trace-require-module=mode#

Prints information about usage ofLoading ECMAScript modules usingrequire().

Whenmode isall, all usage is printed. Whenmode isno-node-modules, usagefrom thenode_modules folder is excluded.

--trace-sigint#

Prints a stack trace on SIGINT.

--trace-sync-io#

Prints a stack trace whenever synchronous I/O is detected after the first turnof the event loop.

--trace-tls#

Prints TLS packet trace information tostderr. This can be used to debug TLSconnection problems.

--trace-uncaught#

Print stack traces for uncaught exceptions; usually, the stack trace associatedwith the creation of anError is printed, whereas this makes Node.js alsoprint the stack trace associated with throwing the value (which does not needto be anError instance).

Enabling this option may affect garbage collection behavior negatively.

--trace-warnings#

Print stack traces for process warnings (including deprecations).

--track-heap-objects#

Track heap object allocations for heap snapshots.

--unhandled-rejections=mode#

Using this flag allows to change what should happen when an unhandled rejectionoccurs. One of the following modes can be chosen:

• throw: EmitunhandledRejection. If this hook is not set, raise theunhandled rejection as an uncaught exception. This is the default.
• strict: Raise the unhandled rejection as an uncaught exception. If theexception is handled,unhandledRejection is emitted.
• warn: Always trigger a warning, no matter if theunhandledRejectionhook is set or not but do not print the deprecation warning.
• warn-with-error-code: EmitunhandledRejection. If this hook is notset, trigger a warning, and set the process exit code to 1.
• none: Silence all warnings.

If a rejection happens during the command line entry point's ES module staticloading phase, it will always raise it as an uncaught exception.

--use-bundled-ca,--use-openssl-ca#

Use bundled Mozilla CA store as supplied by current Node.js versionor use OpenSSL's default CA store. The default store is selectableat build-time.

The bundled CA store, as supplied by Node.js, is a snapshot of Mozilla CA storethat is fixed at release time. It is identical on all supported platforms.

Using OpenSSL store allows for external modifications of the store. For mostLinux and BSD distributions, this store is maintained by the distributionmaintainers and system administrators. OpenSSL CA store location is dependent onconfiguration of the OpenSSL library but this can be altered at runtime usingenvironment variables.

SeeSSL_CERT_DIR andSSL_CERT_FILE.

--use-env-proxy#

When enabled, Node.js parses theHTTP_PROXY,HTTPS_PROXY andNO_PROXYenvironment variables during startup, and tunnels requests over thespecified proxy.

This is equivalent to setting theNODE_USE_ENV_PROXY=1 environment variable.When both are set,--use-env-proxy takes precedence.

--use-largepages=mode#

Re-map the Node.js static code to large memory pages at startup. If supported onthe target system, this will cause the Node.js static code to be moved onto 2MiB pages instead of 4 KiB pages.

The following values are valid formode:

• off: No mapping will be attempted. This is the default.
• on: If supported by the OS, mapping will be attempted. Failure to map willbe ignored and a message will be printed to standard error.
• silent: If supported by the OS, mapping will be attempted. Failure to mapwill be ignored and will not be reported.

--use-system-ca#

Node.js uses the trusted CA certificates present in the system store along withthe--use-bundled-ca option and theNODE_EXTRA_CA_CERTS environment variable.On platforms other than Windows and macOS, this loads certificates from the directoryand file trusted by OpenSSL, similar to--use-openssl-ca, with the difference beingthat it caches the certificates after first load.

On Windows and macOS, the certificate trust policy is similar toChromium's policy for locally trusted certificates, but with some differences:

On macOS, the following settings are respected:

• Default and System Keychains
  • Trust:
    • Any certificate where the “When using this certificate” flag is set to “Always Trust” or
    • Any certificate where the “Secure Sockets Layer (SSL)” flag is set to “Always Trust”.
  • The certificate must also be valid, with "X.509 Basic Policy" set to “Always Trust”.

On Windows, the following settings are respected:

• Local Machine (accessed viacertlm.msc)
  • Trust:
    • Trusted Root Certification Authorities
    • Trusted People
    • Enterprise Trust -> Enterprise -> Trusted Root Certification Authorities
    • Enterprise Trust -> Enterprise -> Trusted People
    • Enterprise Trust -> Group Policy -> Trusted Root Certification Authorities
    • Enterprise Trust -> Group Policy -> Trusted People
• Current User (accessed viacertmgr.msc)
  • Trust:
    • Trusted Root Certification Authorities
    • Enterprise Trust -> Group Policy -> Trusted Root Certification Authorities

On Windows and macOS, Node.js would check that the user settings for the trustedcertificates do not forbid them for TLS server authentication before using them.

Node.js currently does not support distrust/revocation of certificatesfrom another source based on system settings.

On other systems, Node.js loads certificates from the default certificate file(typically/etc/ssl/cert.pem) and default certificate directory (typically/etc/ssl/certs) that the version of OpenSSL that Node.js links to respects.This typically works with the convention on major Linux distributions and otherUnix-like systems. If the overriding OpenSSL environment variables(typicallySSL_CERT_FILE andSSL_CERT_DIR, depending on the configurationof the OpenSSL that Node.js links to) are set, the specified paths will be used to loadcertificates instead. These environment variables can be used as workaroundsif the conventional paths used by the version of OpenSSL Node.js links to arenot consistent with the system configuration that the users have for some reason.

--v8-options#

Print V8 command-line options.

--v8-pool-size=num#

Set V8's thread pool size which will be used to allocate background jobs.

If set to0 then Node.js will choose an appropriate size of the thread poolbased on an estimate of the amount of parallelism.

The amount of parallelism refers to the number of computations that can becarried out simultaneously in a given machine. In general, it's the same as theamount of CPUs, but it may diverge in environments such as VMs or containers.

-v,--version#

Print node's version.

--watch#

Starts Node.js in watch mode.When in watch mode, changes in the watched files cause the Node.js process torestart.By default, watch mode will watch the entry pointand any required or imported module.Use--watch-path to specify what paths to watch.

This flag cannot be combined with--check,--eval,--interactive, or the REPL.

Note: The--watch flag requires a file path as an argument and is incompatiblewith--run or inline script input, as--run takes precedence and ignores watchmode. If no file is provided, Node.js will exit with status code9.

node --watch index.jscopy

--watch-kill-signal#

Customizes the signal sent to the process on watch mode restarts.

node --watch --watch-kill-signal SIGINT test.jscopy

--watch-path#

Starts Node.js in watch mode and specifies what paths to watch.When in watch mode, changes in the watched paths cause the Node.js process torestart.This will turn off watching of required or imported modules, even when used incombination with--watch.

This flag cannot be combined with--check,--eval,--interactive,--test, or the REPL.

Note: Using--watch-path implicitly enables--watch, which requires a file pathand is incompatible with--run, as--run takes precedence and ignores watch mode.

node --watch-path=./src --watch-path=./tests index.jscopy

This option is only supported on macOS and Windows.AnERR_FEATURE_UNAVAILABLE_ON_PLATFORM exception will be thrownwhen the option is used on a platform that does not support it.

--watch-preserve-output#

Disable the clearing of the console when watch mode restarts the process.

node --watch --watch-preserve-output test.jscopy

--zero-fill-buffers#

Automatically zero-fills all newly allocatedBuffer instances.

FORCE_COLOR=[1, 2, 3]#

TheFORCE_COLOR environment variable is used toenable ANSI colorized output. The value may be:

• 1,true, or the empty string'' indicate 16-color support,
• 2 to indicate 256-color support, or
• 3 to indicate 16 million-color support.

WhenFORCE_COLOR is used and set to a supported value, both theNO_COLOR,andNODE_DISABLE_COLORS environment variables are ignored.

Any other value will result in colorized output being disabled.

NODE_COMPILE_CACHE=dir#

Enable themodule compile cache for the Node.js instance. See the documentation ofmodule compile cache for details.

NODE_COMPILE_CACHE_PORTABLE=1#

When set to 1, themodule compile cache can be reused across different directorylocations as long as the module layout relative to the cache directory remains the same.

NODE_DEBUG=module[,…]#

','-separated list of core modules that should print debug information.

NODE_DEBUG_NATIVE=module[,…]#

','-separated list of core C++ modules that should print debug information.

NODE_DISABLE_COLORS=1#

When set, colors will not be used in the REPL.

NODE_DISABLE_COMPILE_CACHE=1#

Disable themodule compile cache for the Node.js instance. See the documentation ofmodule compile cache for details.

NODE_EXTRA_CA_CERTS=file#

When set, the well known "root" CAs (like VeriSign) will be extended with theextra certificates infile. The file should consist of one or more trustedcertificates in PEM format. A message will be emitted (once) withprocess.emitWarning() if the file is missing ormalformed, but any errors are otherwise ignored.

Neither the well known nor extra certificates are used when thecaoptions property is explicitly specified for a TLS or HTTPS client or server.

This environment variable is ignored whennode runs as setuid root orhas Linux file capabilities set.

TheNODE_EXTRA_CA_CERTS environment variable is only read when the Node.jsprocess is first launched. Changing the value at runtime usingprocess.env.NODE_EXTRA_CA_CERTS has no effect on the current process.

NODE_ICU_DATA=file#

Data path for ICU (Intl object) data. Will extend linked-in data when compiledwith small-icu support.

NODE_NO_WARNINGS=1#

When set to1, process warnings are silenced.

NODE_OPTIONS=options...#

A space-separated list of command-line options.options... are interpretedbefore command-line options, so command-line options will override orcompound after anything inoptions.... Node.js will exit with an error ifan option that is not allowed in the environment is used, such as-p or ascript file.

If an option value contains a space, it can be escaped using double quotes:

NODE_OPTIONS='--require "./my path/file.js"'copy

A singleton flag passed as a command-line option will override the same flagpassed intoNODE_OPTIONS:

# The inspector will be available on port 5555NODE_OPTIONS='--inspect=localhost:4444' node --inspect=localhost:5555copy

A flag that can be passed multiple times will be treated as if itsNODE_OPTIONS instances were passed first, and then its command-lineinstances afterwards:

NODE_OPTIONS='--require "./a.js"' node --require"./b.js"# is equivalent to:node --require"./a.js" --require"./b.js"copy

Node.js options that are allowed are in the following list. If an optionsupports both --XX and --no-XX variants, they are both supported but onlyone is included in the list below.

• --allow-addons
• --allow-child-process
• --allow-fs-read
• --allow-fs-write
• --allow-inspector
• --allow-net
• --allow-wasi
• --allow-worker
• --conditions,-C
• --cpu-prof-dir
• --cpu-prof-interval
• --cpu-prof-name
• --cpu-prof
• --diagnostic-dir
• --disable-proto
• --disable-sigusr1
• --disable-warning
• --disable-wasm-trap-handler
• --dns-result-order
• --enable-fips
• --enable-network-family-autoselection
• --enable-source-maps
• --entry-url
• --experimental-abortcontroller
• --experimental-addon-modules
• --experimental-detect-module
• --experimental-eventsource
• --experimental-import-meta-resolve
• --experimental-json-modules
• --experimental-loader
• --experimental-modules
• --experimental-print-required-tla
• --experimental-quic
• --experimental-require-module
• --experimental-shadow-realm
• --experimental-specifier-resolution
• --experimental-test-isolation
• --experimental-top-level-await
• --experimental-transform-types
• --experimental-vm-modules
• --experimental-wasi-unstable-preview1
• --force-context-aware
• --force-fips
• --force-node-api-uncaught-exceptions-policy
• --frozen-intrinsics
• --heap-prof-dir
• --heap-prof-interval
• --heap-prof-name
• --heap-prof
• --heapsnapshot-near-heap-limit
• --heapsnapshot-signal
• --http-parser
• --icu-data-dir
• --import
• --input-type
• --insecure-http-parser
• --inspect-brk
• --inspect-port,--debug-port
• --inspect-publish-uid
• --inspect-wait
• --inspect
• --localstorage-file
• --max-http-header-size
• --max-old-space-size-percentage
• --napi-modules
• --network-family-autoselection-attempt-timeout
• --no-addons
• --no-async-context-frame
• --no-deprecation
• --no-experimental-global-navigator
• --no-experimental-repl-await
• --no-experimental-sqlite
• --no-experimental-strip-types
• --no-experimental-websocket
• --no-experimental-webstorage
• --no-extra-info-on-fatal-exception
• --no-force-async-hooks-checks
• --no-global-search-paths
• --no-network-family-autoselection
• --no-strip-types
• --no-warnings
• --no-webstorage
• --node-memory-debug
• --openssl-config
• --openssl-legacy-provider
• --openssl-shared-config
• --pending-deprecation
• --permission
• --preserve-symlinks-main
• --preserve-symlinks
• --prof-process
• --redirect-warnings
• --report-compact
• --report-dir,--report-directory
• --report-exclude-env
• --report-exclude-network
• --report-filename
• --report-on-fatalerror
• --report-on-signal
• --report-signal
• --report-uncaught-exception
• --require,-r
• --secure-heap-min
• --secure-heap
• --snapshot-blob
• --test-coverage-branches
• --test-coverage-exclude
• --test-coverage-functions
• --test-coverage-include
• --test-coverage-lines
• --test-global-setup
• --test-isolation
• --test-name-pattern
• --test-only
• --test-reporter-destination
• --test-reporter
• --test-rerun-failures
• --test-shard
• --test-skip-pattern
• --throw-deprecation
• --title
• --tls-cipher-list
• --tls-keylog
• --tls-max-v1.2
• --tls-max-v1.3
• --tls-min-v1.0
• --tls-min-v1.1
• --tls-min-v1.2
• --tls-min-v1.3
• --trace-deprecation
• --trace-env-js-stack
• --trace-env-native-stack
• --trace-env
• --trace-event-categories
• --trace-event-file-pattern
• --trace-events-enabled
• --trace-exit
• --trace-require-module
• --trace-sigint
• --trace-sync-io
• --trace-tls
• --trace-uncaught
• --trace-warnings
• --track-heap-objects
• --unhandled-rejections
• --use-bundled-ca
• --use-env-proxy
• --use-largepages
• --use-openssl-ca
• --use-system-ca
• --v8-pool-size
• --watch-kill-signal
• --watch-path
• --watch-preserve-output
• --watch
• --zero-fill-buffers

V8 options that are allowed are:

• --abort-on-uncaught-exception
• --disallow-code-generation-from-strings
• --enable-etw-stack-walking
• --expose-gc
• --interpreted-frames-native-stack
• --jitless
• --max-old-space-size
• --max-semi-space-size
• --perf-basic-prof-only-functions
• --perf-basic-prof
• --perf-prof-unwinding-info
• --perf-prof
• --stack-trace-limit

--perf-basic-prof-only-functions,--perf-basic-prof,--perf-prof-unwinding-info, and--perf-prof are only available on Linux.

--enable-etw-stack-walking is only available on Windows.

NODE_PATH=path[:…]#

':'-separated list of directories prefixed to the module search path.

On Windows, this is a';'-separated list instead.

NODE_PENDING_DEPRECATION=1#

When set to1, emit pending deprecation warnings.

Pending deprecations are generally identical to a runtime deprecation with thenotable exception that they are turnedoff by default and will not be emittedunless either the--pending-deprecation command-line flag, or theNODE_PENDING_DEPRECATION=1 environment variable, is set. Pending deprecationsare used to provide a kind of selective "early warning" mechanism thatdevelopers may leverage to detect deprecated API usage.

NODE_PENDING_PIPE_INSTANCES=instances#

Set the number of pending pipe instance handles when the pipe server is waitingfor connections. This setting applies to Windows only.

NODE_PRESERVE_SYMLINKS=1#

When set to1, instructs the module loader to preserve symbolic links whenresolving and caching modules.

NODE_REDIRECT_WARNINGS=file#

When set, process warnings will be emitted to the given file instead ofprinting to stderr. The file will be created if it does not exist, and will beappended to if it does. If an error occurs while attempting to write thewarning to the file, the warning will be written to stderr instead. This isequivalent to using the--redirect-warnings=file command-line flag.

NODE_REPL_EXTERNAL_MODULE=file#

Path to a Node.js module which will be loaded in place of the built-in REPL.Overriding this value to an empty string ('') will use the built-in REPL.

NODE_REPL_HISTORY=file#

Path to the file used to store the persistent REPL history. The default path is~/.node_repl_history, which is overridden by this variable. Setting the valueto an empty string ('' or' ') disables persistent REPL history.

NODE_SKIP_PLATFORM_CHECK=value#

Ifvalue equals'1', the check for a supported platform is skipped duringNode.js startup. Node.js might not execute correctly. Any issues encounteredon unsupported platforms will not be fixed.

NODE_TEST_CONTEXT=value#

Ifvalue equals'child', test reporter options will be overridden and testoutput will be sent to stdout in the TAP format. If any other value is provided,Node.js makes no guarantees about the reporter format used or its stability.

NODE_TLS_REJECT_UNAUTHORIZED=value#

Ifvalue equals'0', certificate validation is disabled for TLS connections.This makes TLS, and HTTPS by extension, insecure. The use of this environmentvariable is strongly discouraged.

NODE_USE_ENV_PROXY=1#

When enabled, Node.js parses theHTTP_PROXY,HTTPS_PROXY andNO_PROXYenvironment variables during startup, and tunnels requests over thespecified proxy.

This can also be enabled using the--use-env-proxy command-line flag.When both are set,--use-env-proxy takes precedence.

NODE_USE_SYSTEM_CA=1#

Node.js uses the trusted CA certificates present in the system store along withthe--use-bundled-ca option and theNODE_EXTRA_CA_CERTS environment variable.

This can also be enabled using the--use-system-ca command-line flag.When both are set,--use-system-ca takes precedence.

NODE_V8_COVERAGE=dir#

When set, Node.js will begin outputtingV8 JavaScript code coverage andSource Map data to the directory provided as an argument (coverageinformation is written as JSON to files with acoverage prefix).

NODE_V8_COVERAGE will automatically propagate to subprocesses, making iteasier to instrument applications that call thechild_process.spawn() familyof functions.NODE_V8_COVERAGE can be set to an empty string, to preventpropagation.

{"result":[{"scriptId":"67","url":"internal/tty.js","functions":[]}]}copy

{"result":[{"scriptId":"68","url":"file:///absolute/path/to/source.js","functions":[]}],"source-map-cache":{"file:///absolute/path/to/source.js":{"url":"./path-to-map.json","data":{"version":3,"sources":["file:///absolute/path/to/original.js"],"names":["Foo","console","info"],"mappings":"MAAMA,IACJC,YAAaC","sourceRoot":"./"},"lineLengths":[13,62,38,27]}}}copy

NO_COLOR=<any>#

NO_COLOR is an alias forNODE_DISABLE_COLORS. The value of theenvironment variable is arbitrary.

OPENSSL_CONF=file#

Load an OpenSSL configuration file on startup. Among other uses, this can beused to enable FIPS-compliant crypto if Node.js is built with./configure --openssl-fips.

If the--openssl-config command-line option is used, the environmentvariable is ignored.

SSL_CERT_DIR=dir#

If--use-openssl-ca is enabled, or if--use-system-ca is enabled onplatforms other than macOS and Windows, this overrides and sets OpenSSL's directorycontaining trusted certificates.

Be aware that unless the child environment is explicitly set, this environmentvariable will be inherited by any child processes, and if they use OpenSSL, itmay cause them to trust the same CAs as node.

SSL_CERT_FILE=file#

If--use-openssl-ca is enabled, or if--use-system-ca is enabled onplatforms other than macOS and Windows, this overrides and sets OpenSSL's filecontaining trusted certificates.

Be aware that unless the child environment is explicitly set, this environmentvariable will be inherited by any child processes, and if they use OpenSSL, itmay cause them to trust the same CAs as node.

TZ#

TheTZ environment variable is used to specify the timezone configuration.

While Node.js does not support all of the variousways thatTZ is handled inother environments, it does support basictimezone IDs (such as'Etc/UTC','Europe/Paris', or'America/New_York').It may support a few other abbreviations or aliases, but these are stronglydiscouraged and not guaranteed.

$TZ=Europe/Dublin node -pe"new Date().toString()"Wed May 12 2021 20:30:48 GMT+0100 (Irish Standard Time)copy

UV_THREADPOOL_SIZE=size#

Set the number of threads used in libuv's threadpool tosize threads.

Asynchronous system APIs are used by Node.js whenever possible, but where theydo not exist, libuv's threadpool is used to create asynchronous node APIs basedon synchronous system APIs. Node.js APIs that use the threadpool are:

• allfs APIs, other than the file watcher APIs and those that are explicitlysynchronous
• asynchronous crypto APIs such ascrypto.pbkdf2(),crypto.scrypt(),crypto.randomBytes(),crypto.randomFill(),crypto.generateKeyPair()
• dns.lookup()
• allzlib APIs, other than those that are explicitly synchronous

Because libuv's threadpool has a fixed size, it means that if for whateverreason any of these APIs takes a long time, other (seemingly unrelated) APIsthat run in libuv's threadpool will experience degraded performance. In order tomitigate this issue, one potential solution is to increase the size of libuv'sthreadpool by setting the'UV_THREADPOOL_SIZE' environment variable to a valuegreater than4 (its current default value). However, setting this from insidethe process usingprocess.env.UV_THREADPOOL_SIZE=size is not guranteed to workas the threadpool would have been created as part of the runtime initialisationmuch before user code is run. For more information, see thelibuv threadpool documentation.

--abort-on-uncaught-exception#

--disallow-code-generation-from-strings#

--enable-etw-stack-walking#

--expose-gc#

--harmony-shadow-realm#

--heap-snapshot-on-oom#

--interpreted-frames-native-stack#

--jitless#

--max-old-space-size=SIZE (in MiB)#

Sets the max memory size of V8's old memory section. As memoryconsumption approaches the limit, V8 will spend more time ongarbage collection in an effort to free unused memory.

On a machine with 2 GiB of memory, consider setting this to1536 (1.5 GiB) to leave some memory for other uses and avoid swapping.

node --max-old-space-size=1536 index.jscopy

--max-semi-space-size=SIZE (in MiB)#

Sets the maximumsemi-space size for V8'sscavenge garbage collector inMiB (mebibytes).Increasing the max size of a semi-space may improve throughput for Node.js atthe cost of more memory consumption.

Since the young generation size of the V8 heap is three times (seeYoungGenerationSizeFromSemiSpaceSize in V8) the size of the semi-space,an increase of 1 MiB to semi-space applies to each of the three individualsemi-spaces and causes the heap size to increase by 3 MiB. The throughputimprovement depends on your workload (see#42511).

The default value depends on the memory limit. For example, on 64-bit systemswith a memory limit of 512 MiB, the max size of a semi-space defaults to 1 MiB.For memory limits up to and including 2GiB, the default max size of asemi-space will be less than 16 MiB on 64-bit systems.

To get the best configuration for your application, you should try differentmax-semi-space-size values when running benchmarks for your application.

For example, benchmark on a 64-bit systems:

for MiBin 16 32 64 128;do    node --max-semi-space-size=$MiB index.jsdonecopy

--perf-basic-prof#

--perf-basic-prof-only-functions#

--perf-prof#

--perf-prof-unwinding-info#

--prof#

--security-revert#

--stack-trace-limit=limit#

The maximum number of stack frames to collect in an error's stack trace.Setting it to 0 disables stack trace collection. The default value is 10.

node --stack-trace-limit=12 -p -e"Error.stackTraceLimit"# prints 12copy