A Node.js Single Executable Application (SEA) is a packaging feature that bundles a Node.js app and its runtime dependencies into one standalone executable. Instead of requiring a separate Node.js installation, the program can run as a single binary on a target system. This is useful for legitimate software distribution because it simplifies deployment and reduces missing-dependency problems.
In cyber security, SEA matters because the outer executable can look routine while hiding JavaScript-based logic inside. Attackers may use it to make malware or loaders seem like normal software, which can slow down triage and reduce suspicion from users and basic filters. Defenders should not assume a binary is benign just because it is “just Node.js.” Useful checks include signature validation, file origin, unpacking behavior, network activity, and access to browser profiles, tokens, or other sensitive data. SEA is a packaging format, not a security control, so trust still depends on the code and its delivery path.