diff --git a/flake.nix b/flake.nix
index 40384c9..ccc68c9 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,7 +10,13 @@
     overlay = final: prev: {
       AriaNg =
         let
-          nodeDependencies = (prev.callPackage ./build-dependencies.nix { pkgs = prev; }).shell.nodeDependencies;
+          # mark nodejs 10 as secure, YOLO
+          # it is somewhat acceptable, because it only gets used for the build
+          # upstream recommends using node 8, so using node 10 is the more secure option
+          # https://github.com/mayswind/AriaNg/issues/606#issuecomment-842461874
+          nodejs = prev.nodejs-10_x.overrideAttrs (o: o // { meta = o.meta // { knownVulnerabilities = [ ]; }; });
+
+          nodeDependencies = (prev.callPackage ./build-dependencies.nix { pkgs = prev; inherit nodejs; }).shell.nodeDependencies;
         in
         prev.stdenvNoCC.mkDerivation {
           pname = "AriaNg";
@@ -22,7 +28,7 @@
             ln -s ${nodeDependencies}/lib/node_modules ./node_modules
 
             # shebang uses nodejs-12_x?
-            ${prev.nodejs-10_x}/bin/node ${nodeDependencies}/bin/gulp clean build
+            ${nodejs}/bin/node ${nodeDependencies}/bin/gulp clean build
           '';
 
           installPhase = ''