Node.js buildpack
Page last updated: November 1, 2024
You can configure and use the Node.js buildpack in Cloud Foundry.
You can use the Node.js buildpack with Node or JavaScript apps. The follow sections describe how to push apps with the Node.js buildpack, along with features of the buildpack.
You must install the Cloud Foundry Command Line Interface tool (cf CLI) to run some of the commands listed in this topic.
Push Node.js apps
Cloud Foundry automatically uses the Node.js buildpack if it detects a package.json
file in the root directory of your project.
The -b
option lets you specify a buildpack to use with the cf push
command.
If your Cloud Foundry deployment does not have the Node.js buildpack installed or the
installed version is out of date, run the following command to push your app with
the latest version of the buildpack:
cf push APP-NAME -b https://github.com/cloudfoundry/nodejs-buildpack
Where APP-NAME
is the name of your app.
For example:
$ cf push my-nodejs-app -b https://github.com/cloudfoundry/nodejs-buildpack
For more detailed information about deploying Node.js apps, see the following topics:
- Tips for Node.js Developers
- Environment Variables Defined by the Node Buildpack
- Configuring Service Connections for Node
- Node.js Buildpack Source Code on GitHub
Supported versions
For a list of supported Node versions, see the Node.js Buildpack release notes on GitHub.
Specify a Node.js version
To specify a Node.js version, set the engines.node
in the package.json
file to the semantic versioning specification (semver) range or the specific version of Node you are using.
Example showing a semver range:
"engines": {
"node": "6.9.x"
}
Example showing a specific version:
"engines": {
"node": "6.9.0"
}
If you try to use a version that is not currently supported, staging your app fails with the following error message:
Could not get translated url, exited with: DEPENDENCY_MISSING_IN_MANIFEST:... ! ! exit ! Staging failed: Buildpack compilation step failed
Specify an npm version
To specify an npm version, set engines.npm
in the package.json
file to the semantic versioning specification (semver) range or the specific version of npm you are using:
Example showing a semver range:
"engines": {
"node": "6.9.x",
"npm": "2.15.x"
}
Example showing a specific version:
"engines": {
"node": "6.9.0",
"npm": "2.15.1"
}
If you do not specify an npm version, your app uses the default npm packaged with the Node.js version used by your app, as specified on the Node.js releases page.
If your environment cannot connect to the Internet and you specified a non-supported version of npm, the buildpack fails to download npm and you see the following error message:
We're unable to download the version of npm you've provided (...). Please remove the npm version specification in package.json (...) Staging failed: Buildpack compilation step failed
Using npm or Yarn
By default, the Node.js buildpack assumes you are using npm. If you want to use
Yarn instead, you must provide a yarn.lock
in your top-level app
directory. For more information on the Yarn lock file, see yarn.lock in the Yarn documentation.
Vendoring app dependencies
To vendor dependencies for an app using the Node.js buildpack, run npm install
(or yarn install
, if you are using Yarn) from your app directory. This command vendors dependencies into the node_modules
directory of your app directory.
For example, the following example vendors dependencies into the my-nodejs-app/node_modules
directory:
$ cd my-nodejs-app $ npm install
The cf push
command uploads the vendored dependencies with the app.
For an app to run in a disconnected environment, it must vendor its dependencies and provide a lock file.
Use in offline environments
When vendoring apps for usage in offline environments, you must supply a lock file. For information on npm lockfiles, see npm-package-locks in the NPM documentation.
For information on npm-package-lock.json
files, see
package-lock.json in the NPM
documentation.
This lock file informs the package manager of the exact versions of dependencies and transitive dependencies to look for when running npm install
or yarn install
. For this reason, you must keep package.json
, the vendored node_modules
directory, and your lock file synchronized to avoid network calls.
The package-lock.json
file is only supported by NPM 5.x and later. For earlier
versions of NPM, provide a
npm-shrinkwrap.json file instead.
Versions 1.5.28 and later of the Node.js buildpack include the ability to use Yarn in offline mode.
To do so, you must mirror the Yarn registry locally by providing an npm-packages-offline-cache
directory:
$ cd APP-DIR $ yarn config set yarn-offline-mirror ./npm-packages-offline-cache $ yarn config set yarn-offline-mirror-pruning true $ cp ~/.yarnrc . $ rm -rf node_modules/ yarn.lock # if they were previously generated $ yarn install
When you push the app, the buildpack looks for an npm-packages-offline-cache
directory at the top level of the app directory.
If this directory exists, the buildpack runs Yarn in offline mode. Otherwise, it runs Yarn normally, which may require an Internet connection.
You do not have to provide a node_modules
directory when running Yarn in offline mode, as the offline cache provides the dependencies.
For more information about using an offline mirror with Yarn, see the Yarn Blog.
Integrity check
By default, the Node.js buildpack uses npm to download dependencies. Note, that npm does not perform integrity checks of the downloaded packages, which is a security risk.
If missing dependencies are detected, the buildpack runs npm install
for non-vendored dependencies or npm rebuild
for dependencies that are already vendored. This might result in code being downloaded and run without verification.
You can use Yarn as an alternative that verifies dependencies.
OpenSSL support
The nodejs-buildpack packages binaries of Node.js with OpenSSL that are statically linked. The Node.js buildpack supports Node.js 4.x and later, which relies on the Node.js release cycle to provide OpenSSL updates. The binary-builder enables static OpenSSL compilation.
Proxy support
If you need to use a proxy to download dependencies during staging, you can set
the http_proxy
and/or https_proxy
environment variables. For more information, see Using a Proxy.
BOSH configured custom trusted certificate support
Node.js hardcodes root CA certs in its source code. To use BOSH configured custom trusted certificates, a developer must pass the specified CAs to the tls.connect function as extra arguments.
Help and support
Join the #buildpacks channel in our Slack community if you need any further assistance.
For more information about using and extending the Node.js buildpack in Cloud Foundry, see the Node.js GitHub repository.
You can find current information about this buildpack in the Node.js buildpack release page in GitHub.
View the source for this page in GitHub