I've created an issue on nodejs' tracker to discuss this also: https://github.com/nodejs/node/issues/21897
Let me rephrase what you just said a bit, because I think you're getting it a bit incorrectly. People are distributing binaries through npm, and these binaries are expected to work directly when being loaded inside the nodejs runtime because there are ABI contracts from the nodejs runtime. These contracts include exposing OpenSSL symbols. More specifically, NodeJS extensions aren't supposed to link against OpenSSL directly. They get OpenSSL's symbols transitively through the NodeJS binary. This is also true for zlib and libuv. Ubuntu (transitively from Debian) is shipping a version of the NodeJS runtime that breaks these ABI contracts by linking in OpenSSL 1.1 instead of 1.0. More specifically, the symbols and ABI exposed from NodeJS 8.x are supposed to be that of OpenSSL 1.0, but since your runtime is linked against 1.1, it exposes this ABI instead, which transitively breaks native modules that are expecting the 1.0 ABI of OpenSSL. ** Bug watch added: github.com/nodejs/node/issues #21897 https://github.com/nodejs/node/issues/21897 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1779863 Title: Ubuntu nodejs package isn't ABI compatible with mainline nodejs. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/nodejs/+bug/1779863/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
