Skip to content

使用社区的风险节点#

¥Risks when using community nodes

从 npm 安装社区节点意味着你将来自公共来源的未经验证的代码安装到你的 n8n 实例中。这存在一些风险。

¥Installing community nodes from npm means you are installing unverified code from a public source into your n8n instance. This has some risks.

风险包括:

¥Risks include:

  • 系统安全:社区节点拥有对 n8n 运行所在机器的完全访问权限,可以执行任何操作,包括恶意操作。

¥System security: community nodes have full access to the machine that n8n runs on, and can do anything, including malicious actions.

  • 数据安全:你使用的任何社区节点都可以访问工作流中的数据。

¥Data security: any community node that you use has access to data in your workflows.

  • 重大变更:节点开发者可能会在其节点的新版本中引入重大变更。破坏性变更是指会破坏先前功能的更新。取决于节点版本控制方法。如果节点开发者选择升级到包含重大变更的版本,则可能会导致所有使用该节点的流程崩溃。升级节点时请务必小心。

¥Breaking changes: node developers may introduce breaking changes in new versions of their nodes. A breaking change is an update that breaks previous functionality. Depending on the node versioning approach that a node developer chooses, upgrading to a version with a breaking change could cause all workflows using the node to break. Be careful when upgrading your nodes.

n8n vets verified community nodes

除了 npm 上公开的社区节点外,n8n 还会检查一些节点并将其作为 节点面板中的已验证社区节点 提供。这些节点必须满足一系列数据和系统安全要求才能获得批准。

¥In addition to publicly available community nodes from npm, n8n inspects some nodes and makes them available as verified community node inside the nodes panel. These nodes have to meet a set of data and system security requirements for approval.

举报不良社区节点#

¥Report bad community nodes

你可以将不良社区节点举报至 security@n8n.io

¥You can report bad community nodes to security@n8n.io

禁用社区节点#

¥Disable community nodes

如果你自行托管 n8n,可以通过将 N8N_COMMUNITY_PACKAGES_ENABLED 设置为 false 来禁用社区节点。在 n8n 云平台上,访问 云管理面板 并从那里禁用社区节点。请参阅 troubleshooting 了解更多信息。

¥If you are self-hosting n8n, you can disable community nodes by setting N8N_COMMUNITY_PACKAGES_ENABLED to false. On n8n cloud, visit the Cloud Admin Panel and disable community nodes from there. See troubleshooting for more information.