What type of hardware are you using: Virtual machine What YunoHost version are you running: 12.0.17 How are you able to access your server: The webadmin
SSH
Describe your issue
This is not really a new post but I stumbled upon this forum thread but it’s now closed. But I was wondering about @Aleks message about this /etc/cron.daily/node_update file and why it’s safe to remove it.
I don’t receive the error emails mentioned in the original question, but I do have this file. Is it normal? Should I remove it? I have node related apps so it seems this file could make sense, so I’m wondering why it’d be safe to remove it.
Thanks a lot for any insights
If someone is able to merge this thread with the original and reopen it, feel free to do so as it would be more straightforward
Not sure why you are not receiving an email error, but anyway :
this old mechanism was designed a long time ago and was meant to auto-update node JS versions … Which sounds like a nice to have in theory, but in practice :
your system downloaded plenty of nodejs regularly, piling up and taking space (up to several GB) without anything cleaning them up, and then once you wanted to clean them up it wasnt even obvious which one should be cleaned and which should be kept
app services that were using nodejs were not actually restarted, so the new nodejs versions were not even actually used … And we probably don’t want to just yolo-restart app services at some random time of the day during which people may be using it.
There was probably other issues like lack of proper tracking of which app used which nodejs version exactly and making everything a big mess.
So tl;dr : this mechanism was dropped, no automatic upgrade of nodejs version. Each app is tied to a specific X.Y.Z nodejs version after installation. And upgrading the app will bump it to whichever new, up-to-date X.Y.Z nodejs version is relevant. Old nodejs versions are automatically cleaned up. I doubt that trying to somehow magically upgrade nodejs versions everyday bringed any significant gain in term of security. I expect the vast majority of security issues to be coming from libraries themselves, or maybe using a super-old, unsupported major version of node, rather than because you’re using 20.1.2 instead of 20.1.5 or whatever…
Hey @Aleks, thanks a lot for the in-depth answer. Great to understand the whole story and yes it seems to make much more sense to make apps upgrade node when then upgrade than magically doing it for them.
When I get a moment I’ll try to understand why I’m not getting the email errors, and I’ll remove the cron eventually.
