Raspberry Pi installation script and security

It's been 15 months or so since the debian install script was changed to prompt for tweeking the security.

I'm not sure how many times I have installed Node-red on an SD card since then, surely at least a dozen, mostly on Raspberry Pi Zero Twos; it's quite a long process.
Not once have I still been sitting in front of the screen during the 60 seconds timeout for the question "Would you like to customise the settings now (y/N) ?"

Can I suggest that this timeout is removed and replaced by an optional script argument --noCustomiseSettings or maybe --unattended?

Note that this prompt is issued at the very end of the install process so removing the timeout won't significantly delay the installation.

A seperate question: I think there was some discussion about an installer for WIndows. Has any progress been made?
https://nodered.org/docs/getting-started/windows still presents a bunch of command lines.
The documentation says "The instructions are specific to Windows 10."

Yep. Here it is. Give it a try! Feedback welcome!

Umm OK, but how do I run it?

The picture of the UI says it aims to install node.js v16 but accepts 14 to 18?

You'll find the installer in the Assets of the Releases.
Download the installer & run it - as you're used to.

The current release is configured to support Node 16, 18 & 20.

Sadly, needs an update already since Node.js v16 is beyond end of life. Might want to parameterise that somewhat - the Node.js lifecycle IS predictable so you could script it.

Not necessarily. Still good enough for a long time.
I might be wrong, but even Node-RED v3.1 still requires to support Node.js v14. You as well get a penalty from the scorecard if you don't...

Still doesn't mean that we should be encouraging the use of outdated installs I don't believe.

When working with Node.js services, you are inevitably on a treadmill of upgrades since it moves at pace, while outdated node.js installs are OK for home systems not connected to the outside world, they are not OK for anything connected to the Internet and not for commercial/production systems.

That Node-RED itself is now well behind is bothersome and a result of delays to the release of v4, originally slated to get a baseline of node.js v16 but hopefully, that will now update to v18 so that it catches up again.

Importantly, key external dependencies are also moving their baselines up and that will leave many of us with nodes that are forced to use outdated versions - I already hit that in UIBUILDER.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.