io.js 1.6.4 发布，此版本值得关注的更新如下：
- npm: upgrade npm to 2.7.5. See npm CHANGELOG.md for details. Includes two important security fixes. Summary:
email@example.com: Normalize symbolic links that point to targets outside the extraction root. This prevents packages containing symbolic links from overwriting targets outside the expected paths for a package. Thanks to Tim Cuthbertson and the team at Lift Security for working with the npm team to identify this issue. (@othiym23)
firstname.lastname@example.org: Package versions can be no more than 256 characters long. This prevents a situation in which parsing the version number can use exponentially more time and memory to parse, leading to a potential denial of service. Thanks to Adam Baldwin at Lift Security for bringing this to our attention. (@isaacs)
eab6184#7766 One last tweak to ensure that GitHub shortcuts work with private repositories. (@iarna)
a840a13#7746 Only fix up git URL paths when there are paths to fix up. (@othiym23)
- openssl: preliminary work has been done for an upcoming upgrade to OpenSSL 1.0.2a#1325 (Shigeki Ohtsu). See #589 for additional details.
- timers: a minor memory leak when timers are unreferenced was fixed, alongside some related timers issues #1330 (Fedor Indutny). This appears to have fixed the remaining leak reported in #1075.
- android: it is now possible to compile io.js for Android and related devices #1307 (Giovanny Andres Gongora Granada).
IO.js 是为 v8″ target=”_blank”>V8 引擎编写的基于事件 IO 的实现。
* `gcc` and `g++` 4.8 or newer, or
* `clang` and `clang++` 3.3 or newer
* Python 2.6 or 2.7
* GNU Make 3.81 or newer
* libexecinfo (FreeBSD and OpenBSD only)