Run Node.js Application

Checkout and Build the Application

A Hello World Node.js application is provided in our GitHub repository. Clone the repository:

git clone https://github.com/gingercybersecurity/ginger-nodejs

You will also need to install Node v25. This may be done using the Node Version Manager (nvm) and Node Package Manager (npm).

# Download and install nvm:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.40.3/install.sh | bash
# in lieu of restarting the shell
\. "$HOME/.nvm/nvm.sh"
# Download and install Node.js:
nvm install 25

Next you will need to prepare the application as a single binary. Rather than running node server.js directly, the application is compiled into a Node.js Single Executable Application (SEA). This produces a self-contained binary that cannot modify itself at runtime, which is a requirement for the integrity measurements Ginger takes of the image. A mutable binary would produce non-deterministic measurements and break attestation. The SEA config also sets --jitless and --predictable. These carry some performance cost — JIT compilation is disabled and V8 uses a fixed-layout heap — but they eliminate the unpredictable memory write patterns that JIT produces. Without those, Ginger can take accurate runtime attestation of the binary's memory state.

cd www
mkdir -p ../dist
node --build-sea sea-config.json

Now that you've completed the first step of getting the code, installing node, and preparing the binary, you can continue on to the Deployment Steps to create the disk image and launch your virtual machine.