Even though October signals the end of summer in my part of the world, it’s one of my favorite times of year because it means a new Node.js major release AND a new LTS version. Today, I’m happy to share that the Node.js community is releasing Node.js 19 and that next week Node.js 18 will be promoted to Long Term Support (LTS). It’s all very predictable due to the community’s well defined release process.
As per the Node.js release process, Node.js 19 will not be promoted to LTS as only even-numbered versions are promoted to LTS. For production deployments we recommend that you stick to LTS releases. However, we hope that you will try out Node.js 19 and provide feedback on the new functionality and features to help pave the way for future releases. If you are still on the Node.js 14 release line, now is a good time to start planning for a move to 16 or 18, since support for the 14 line ends in April.
With Node.js 18 being promoted to LTS, it will now make its way into the next minor release of Red Hat Enterprise Linux (RHEL). If you want to test out the RHEL version of Node.js 18 in advance, we’ve provided Centos stream based containers this year so that you can do that.
If you follow Red Hat’s work in the Node.js project, or have been following our regular updates, you’ll see that our strategy is to focus our community work on aspects we believe are important to our customers, including:
Those aspects, along with working with our customers and internal teams and sharing our experience in the Node.js reference architecture, keeps us pretty busy.
Node.js 19 - What's new?
With over 1,150 commits since the last release, lots of work went into Node.js 19. Having said that, much of the work was behind the scenes fixing or refactoring existing features so the number of headline features is limited this time. Some of the interesting ones to mention include:
Note: this is an example of how features flow back quickly to earlier releases and this already made it into the Node.js 18 release line before 19 was released!. I still thought it was interesting to mention anyway!
If you have ever used nodemon to speed your development process you’ll be happy that Node.js 19 includes an experimental “--watch” command line option. This feature starts Node.js in watch mode so that Node.js will restart automatically when files are updated. Note that it’s only supported on Windows and macOS, which are the most commonly used platforms for development.
Stable Webcrypto API
The Web Crypto API is now stable in Node.js 19.
keep-alive enabled by default on global Agents
In Node.js 19, http.globalAgent and https.globalAgent use keep-alive by default which in most cases will result in better performance overall. You can read more about that option in the documentation here.
Progress on Diagnostic Channel
Diagnostic channel events have been added for process and worker. It’s great to see ongoing progress on improving diagnostics in Node.js.
While the Node.js 18 line now includes the same version of npm that will be shipped with Node.js 19, it started with version 8.6.0 so new versions continue to keep us up to date on the npm front.
Unlike the previous release, Node.js 19 brings no major changes to the platform levels supported. As always, any operating systems that have gone EOL will no longer be supported but the base requirements as outlined in BUILDING.md have not changed.
Node.js 18 being promoted to LTS
With the promotion of Node.js 18 to LTS, it’s now suitable for use in production. As with every release, Node.js brings features and functionally that makes moving up a good choice. These include:
You can check out the details in our previous blog, Welcome Node.js 18.
Major releases are a good time to look at what has been accomplished in the project, not just what is in the release itself. The project’s approach to features means that many features are backported into existing release lines and are therefore not “new” in an major release. This is great for users who get new features faster, but means we sometimes miss out on a chance to celebrate.
Lots of great work has been going on in the project over the last 6 months, with progress being made on the Next-10 effort and the project’s top 10 technical priorities. The community just held a great Collaborator summit (site sponsored by Red Hat) where we reviewed the technical priorities with next steps being to adjust and update based on those discussions. Keep an eye out for those updates soon!
Some additional things I’d like to highlight for celebration:
The pace of experimental features like fetch, test runner, and watch has picked up over the last year, as well as progress on ES6 and loaders in particular. I’m looking forward to that continuing.
Support from the Open Source Security Foundation has enabled us to make progress on improving our security processes and response times. There has been work on tracking vulnerabilities in dependencies, defining a security model, and work on a permissions system. It’s great to be making progress on these non-functional aspects as security in open source will only grow in importance going forward.
If you have questions about vulnerabilities you see reported in one of the dependencies for Node.js the first place to look is now the nodejs-dependency-vuln-assessment repository. There are scripts that automatically check Node.js dependencies for vulnerabilities against published CVEs and GitHubs vulnerability databases and open issues if they have not yet been addressed in Node.js (which is currently only running for main and 18.x but we plan to expand to all release lines in the future). Often these vulnerabilities do not affect Node.js due to the way they are used. In that case, the issue provides a good place to document that and communicate that assessment to the broader community.
A big thank you
We’d like to thank all of the people who contribute to Node.js releases, including Rafael Gonzaga and Ruy Adorno, on the Node.js community releaser team, who created and coordinated the Node.js 19 release. We also want to thank Beth Griggs from Red Hat who created and coordinated past Node.js releases and helped Rafael and Ruy get up to speed for this release. The community has a large cast of contributors working across the Node.js project and each release is the result of all of their hard work.
As a side note, I’d also like to thank the companies/individuals who have stepped up to help with security releases as security release stewards or as part of the security triage team, along with all of those who make security releases happen. The major releases are the big splash, but security releases are just as important. I’d like to see more companies committing to help with security triage, security stewardship as well as fixing vulnerabilities.
You can read about all the new features and changes from the community post here. To learn more about the Node.js community and how you can contribute, check out the project repository and website. If you want to read more about what Red Hat is up to on the Node.js front, head to the Node.js developers page here. Finally, if you’re a Red Hat customer, visit the customer portal for more information.