Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Node.js

The Node.js provider tracks the runtime versions published at nodejs.org, reading the release index (nodejs.org/dist/index.json) that lists every release. It resolves the bare runtime version, e.g. a .node-version file or a CI variable. A node:24-bookworm container tag is a Docker image, handled by the Docker provider.

# clover: provider=node constraint=minor
node_version: 24.18.0

Keys

KeyDescription
providernode
ltsRestrict candidates to the long-term-support release lines. Defaults to false.
constraintHow far the version may move (major/minor/patch, or a semver range)
includeKeep only matching versions
excludeDrop matching versions
cooldownRequire a minimum age before a version is eligible

The release index is public, so the Node.js provider needs no authentication. It is selected explicitly with provider=node, or inferred from a node entry in a mise configuration file. Elsewhere a bare version line carries no signal to infer it from.

Release lines

Node.js ships a new current major line every six months, and the even-numbered lines become long-term support (LTS), maintained for years, each under a codename (Krypton, Jod, Iron, Hydrogen, …). By default Clover tracks every release, so the newest version satisfying the constraint wins:

# clover: provider=node constraint=minor
node_version: 24.18.0

lts=true keeps only the LTS lines, dropping the current (odd or pre-promotion) releases. This is the form to track when you want stability over the newest features:

# clover: provider=node lts=true constraint=major
node_version: 24.18.0

The index serves the whole release history in one response, so Clover always sees every line, and --deep has nothing extra to fetch.

Checksums

Node.js publishes a SHASUMS256.txt file for every release at a predictable URL, so a follower can keep a checksum in lockstep with the version by templating sha256-url with <version> and selecting the artifact with pattern:

# clover: provider=node id=node constraint=minor
node_version: 24.18.0

# clover: from=node value=sha256 sha256-url=https://nodejs.org/dist/v<version>/SHASUMS256.txt pattern=node-<version>-linux-x64.tar.xz
node_sha256: 0000000000000000000000000000000000000000000000000000000000000000

The checksum is refreshed only when the version it follows actually changes, so the two never drift out of step, and a digest that was once pinned never moves on its own. Pass --force (or set run.force) to deliberately re-pin it when an unchanged version’s artifact was legitimately re-published.