diff --git a/dev/topics/rtl.sh b/dev/topics/rtl.sh
index ae68c91..cc9c390 100644
--- a/dev/topics/rtl.sh
+++ b/dev/topics/rtl.sh
@@ -30,7 +30,7 @@ runuser -u "$(logname)" -- xdg-open "http://$ip:3000"
 rtl_src=~/s/RTL
 git clone https://github.com/Ride-The-Lightning/RTL "$rtl_src"
 
-nix build -o /tmp/nix-bitcoin-dev/nodejs --inputs-from . nixpkgs#nodejs-16_x
+nix build -o /tmp/nix-bitcoin-dev/nodejs --inputs-from . nixpkgs#nodejs-18_x
 # Start a shell in a sandbox
 env --chdir "$rtl_src" nix-bitcoin-firejail --whitelist="$rtl_src" --whitelist=/tmp/nix-bitcoin-dev/nodejs
 PATH=/tmp/nix-bitcoin-dev/nodejs/bin:"$PATH"
diff --git a/pkgs/clightning-rest/default.nix b/pkgs/clightning-rest/default.nix
index 4688663..16706a3 100644
--- a/pkgs/clightning-rest/default.nix
+++ b/pkgs/clightning-rest/default.nix
@@ -1,7 +1,7 @@
 { lib
 , stdenvNoCC
-, nodejs-16_x
-, nodejs-slim-16_x
+, nodejs-18_x
+, nodejs-slim-18_x
 , fetchNodeModules
 , fetchurl
 , makeWrapper
@@ -17,8 +17,8 @@ let self = stdenvNoCC.mkDerivation {
   };
 
   passthru = {
-    nodejs = nodejs-16_x;
-    nodejsRuntime = nodejs-slim-16_x;
+    nodejs = nodejs-18_x;
+    nodejsRuntime = nodejs-slim-18_x;
 
     nodeModules = fetchNodeModules {
       inherit (self) src nodejs;
diff --git a/pkgs/lib.nix b/pkgs/lib.nix
index ab6b23e..522740e 100644
--- a/pkgs/lib.nix
+++ b/pkgs/lib.nix
@@ -41,8 +41,12 @@ let self = {
     RestrictAddressFamilies = self.defaultHardening.RestrictAddressFamilies + " AF_NETLINK";
   };
 
-  # nodejs applications require memory write execute for JIT compilation
-  nodejs = { MemoryDenyWriteExecute = false; };
+  nodejs = {
+    # Required for JIT compilation
+    MemoryDenyWriteExecute = false;
+    # Required by nodejs >= 18
+    SystemCallFilter = self.defaultHardening.SystemCallFilter ++ [ "@pkey" ];
+  };
 
   # Allow takes precedence over Deny.
   allowLocalIPAddresses = {
diff --git a/pkgs/rtl/default.nix b/pkgs/rtl/default.nix
index 22c0691..9c4847a 100644
--- a/pkgs/rtl/default.nix
+++ b/pkgs/rtl/default.nix
@@ -1,7 +1,7 @@
 { lib
 , stdenvNoCC
-, nodejs-16_x
-, nodejs-slim-16_x
+, nodejs-18_x
+, nodejs-slim-18_x
 , fetchNodeModules
 , fetchpatch
 , fetchurl
@@ -18,8 +18,8 @@ let self = stdenvNoCC.mkDerivation {
   };
 
   passthru = {
-    nodejs = nodejs-16_x;
-    nodejsRuntime = nodejs-slim-16_x;
+    nodejs = nodejs-18_x;
+    nodejsRuntime = nodejs-slim-18_x;
 
     nodeModules = fetchNodeModules {
       inherit (self) src nodejs;