惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
罗磊的独立博客
F
Fortinet All Blogs
人人都是产品经理
人人都是产品经理
量子位
V
Visual Studio Blog
Blog — PlanetScale
Blog — PlanetScale
M
MIT News - Artificial intelligence
B
Blog RSS Feed
腾讯CDC
博客园_首页
aimingoo的专栏
aimingoo的专栏
博客园 - 三生石上(FineUI控件)
博客园 - Franky
S
SegmentFault 最新的问题
N
Netflix TechBlog - Medium
小众软件
小众软件
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
L
LINUX DO - 热门话题
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Martin Fowler
Martin Fowler
D
Docker
P
Privacy & Cybersecurity Law Blog
S
Securelist
V
V2EX
Jina AI
Jina AI
阮一峰的网络日志
阮一峰的网络日志
T
Tor Project blog
The Hacker News
The Hacker News
Microsoft Azure Blog
Microsoft Azure Blog
AWS News Blog
AWS News Blog
The GitHub Blog
The GitHub Blog
有赞技术团队
有赞技术团队
T
The Exploit Database - CXSecurity.com
Help Net Security
Help Net Security
酷 壳 – CoolShell
酷 壳 – CoolShell
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - 叶小钗
Recent Announcements
Recent Announcements
Cloudbric
Cloudbric
Y
Y Combinator Blog
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Latest news
Latest news
MongoDB | Blog
MongoDB | Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recorded Future
Recorded Future
V2EX - 技术
V2EX - 技术

Node.js Blog

Node.js — Security Bug Bounty Program Paused Due to Loss of Funding Node.js — Node.js 25.9.0 (Current) Node.js — Developing a minimally HashDoS resistant, yet quickly reversible integer hash for V8 Node.js — Node.js 25.8.2 (Current) Node.js — Node.js 24.14.1 (LTS) Node.js — Node.js 22.22.2 (LTS) Node.js — Node.js 20.20.2 (LTS) Node.js — Tuesday, March 24, 2026 Security Releases Node.js — Node.js 25.8.1 (Current) Node.js — Evolving the Node.js Release Schedule Node.js — Node.js 22.22.1 (LTS) Node.js — Node.js 20.20.1 (LTS) Node.js — Node.js 25.8.0 (Current) Node.js — Node.js 25.7.0 (Current) Node.js — Node.js 24.14.0 (LTS) Node.js — New HackerOne Signal Requirement for Vulnerability Reports Node.js — Node.js 25.6.1 (Current) Node.js — Node.js 24.13.1 (LTS) Node.js — Node.js 25.6.0 (Current) Node.js — OpenSSL Security Advisory Assessment, January 2026 Node.js — Node.js 25.5.0 (Current) Node.js — Chalk to Node.js util styleText Node.js — Node.js 25.4.0 (Current) Node.js — Mitigating Denial-of-Service Vulnerability from Unrecoverable Stack Space Exhaustion for React, Next.js, and APM Users Node.js — Node.js 22.22.0 (LTS) Node.js — Node.js 25.3.0 (Current) Node.js — Node.js 24.13.0 (LTS) Node.js — Node.js 20.20.0 (LTS) Node.js — Tuesday, January 13, 2026 Security Releases Node.js — Node.js 24.12.0 (LTS) Node.js — Node.js 20.19.6 (LTS) Node.js — Node.js 25.2.1 (Current) Node.js — Node.js 24.11.1 (LTS) Node.js — Node.js 25.2.0 (Current) Node.js — Node.js 25.1.0 (Current) Node.js — Node.js 22.21.1 (LTS) Node.js — Node.js 24.11.0 (LTS) Node.js — Node.js v20 to v22 Node.js — Node.js v14 to v16 Node.js — Node.js v12 to v14 Node.js — Node.js 22.21.0 (LTS) Node.js — Node.js 25.0.0 (Current) Node.js — Node.js 24.10.0 (Current) Node.js — Node.js 24.9.0 (Current) Node.js — Node.js 22.20.0 (LTS) Node.js — Node.js 24.8.0 (Current) Node.js — Node.js 20.19.5 (LTS) Node.js — Node.js 22.19.0 (LTS) Node.js — Node.js 24.7.0 (Current) Node.js — Node.js 24.6.0 (Current) Node.js — Node.js 22.18.0 (LTS) Node.js — Node.js 24.5.0 (Current) Node.js — Node.js 20.19.4 (LTS) Node.js — Node.js 22.17.1 (LTS) Node.js — Node.js 24.4.1 (Current) Node.js — Tuesday, July 15, 2025 Security Releases Node.js — Node.js 24.4.0 (Current) Node.js — Node.js LGBTQIA+ Stories: Emelia Smith Node.js — Open sourced identity Node.js — Node.js 22.17.0 (LTS) Node.js — Node.js 24.3.0 (Current) Node.js — Node.js 20.19.3 (LTS) Node.js — In Memory of Mikeal Rogers: A Builder of Communities Node.js — Node.js 24.2.0 (Current) Node.js — Beware of End-of-Life Node.js Versions - Upgrade or Seek Post-EOL Support Node.js — Trip report: Node.js collaboration summit (2025 Paris) Node.js — Node.js 22.16.0 (LTS) Node.js — Node.js 24.1.0 (Current) Node.js — Node.js 24.0.2 (Current) Node.js — Node.js 23.11.1 (Current) Node.js — Node.js 22.15.1 (LTS) Node.js — Node.js 20.19.2 (LTS) Node.js — Wednesday, May 14, 2025 Security Releases Node.js — Node.js 24.0.1 (Current) Node.js — Node.js 24.0.0 (Current) Node.js — Node.js Test CI Security Incident Node.js — Node.js 22.15.0 (LTS) Node.js — Node.js 20.19.1 (LTS) Node.js — Making Node.js Downloads Reliable Node.js — Node.js 23.11.0 (Current) Node.js — Node.js 23.10.0 (Current) Node.js — Node.js 20.19.0 (LTS) Node.js — Updates on CVE for End-of-Life Versions Node.js — Node.js 23.9.0 (Current) Node.js — Node.js 18.20.7 (LTS) Node.js — Node.js 20.18.3 (LTS) Node.js — Node.js 9.3.0 (Current) Node.js — Data Confidentiality/Integrity Vulnerability, December 2017 Node.js — Node.js 9.2.1 (Current) Node.js — Node.js 8.9.3 (LTS) Node.js — Node.js 4.8.7 (Maintenance) Node.js — Node.js 8.9.2 (LTS) Node.js — Node.js 6.12.1 (LTS) Node.js — Node.js 9.2.0 (Current) Node.js — Node.js 8.9.1 (LTS) Node.js — Node.js 9.1.0 (Current) Node.js — Node.js 0.10.35 (Stable) Node.js — Node.js 0.10.34 (Stable) Node.js — Node.js 0.10.29 (Stable) Node.js — Node.js 0.10.27 (Stable)
Node.js — Node.js v22 to v24
2025-10-28 · via Node.js Blog

AugustinMauroy, Richard Lau

Node.js v22 to v24

With the release of Node.js 24.11.0, the Node.js 24 release line has entered Long-Term Support (LTS) and will continue to receive updates through to the end of April 2028.

If you are migrating from Node.js 22 LTS, the following summarizes the breaking changes that came in Node.js 23.0.0 and Node.js 24.0.0.

Platform support

Node.js no longer provides pre-built binaries for:

  • 32-bit Windows (x86) as of Node.js 23.0.0.
  • 32-bit Linux on armv7 as of Node.js 24.0.0.

Pre-built binaries for macOS now require a minimum of macOS 13.5.

Pre-built binaries for Linux on arm64, ppc64le, s390x and x64 continue to be compatible with glibc 2.28 and above (no change from Node.js 22).

Please refer to additional notes if you are building Node.js from source.

Breaking changes

OpenSSL 3.5

Pre-built binaries of Node.js 24 LTS, or builds using the default build configuration options, include OpenSSL 3.5. Node.js 24 LTS uses the default security level from OpenSSL 3.5 of 2, which means that:

  • RSA, DSA and DH keys shorter than 2048 bits and ECC keys shorter than 224 bits are prohibited.
  • Any cipher suite using RC4 is also prohibited.

If you rely on older keys or weak ciphers, test your workloads against Node.js 24 builds (or adjust key/cipher choices) before upgrading.

Other behavioral changes and argument validation

The release includes a number of behavior and validation changes (stricter fetch() compliance, AbortSignal validation, stream/pipe errors now throwing, changes to Buffer behavior, path handling fixes on Windows, test runner defaults, and more).

C/C++ addons

Addons linking against V8 APIs may need updates for V8 13.6; C++20 support may be required where previously C++17 was used. Where possible, prefer NODE-API to reduce rebuild churn.

Building Node.js from source

If you are building Node.js from source, you may need to update your compiler toolchain:

  • For AIX and Linux platforms, the minimum supported version of gcc is 12.2.
  • For macOS the minimum supported version of Xcode is 16.1.

Node.js' configure script will warn if you attempt to build Node.js with a compiler toolchain that does not meet the minimum supported version but will not actively prevent you from trying.

Available Codemods

Some breaking changes or End of Life (EOL) deprecations in Node.js 23 and 24 have associated codemods to help you update your codebase. Below is a list of the available codemods for this migration:

crypto-rsa-pss-update

In DEP0154, the generateKeyPair and generateKeyPairSync methods in the crypto module deprecated the hash, mgf1Hash, and saltLength options for the 'rsa-pss' key type in favor of hashAlgorithm, mgf1HashAlgorithm, and saltLength respectively.

The source code for this codemod can be found in the crypto-rsa-pss-update directory.

You can find this codemod in the Codemod Registry.

npx codemod run @nodejs/crypto-rsa-pss-update

Example

const crypto = require("node:crypto");

crypto.generateKeyPair(
  "rsa-pss",
  {
    modulusLength: 2048,
-   hash: "sha256",
-   mgf1Hash: "sha1",
+   hashAlgorithm: "sha256",
+   mgf1HashAlgorithm: "sha1",
    saltLength: 32,
  },
  (err, publicKey, privateKey) => {
    // callback
  },
);

crypto.generateKeyPairSync("rsa-pss", {
  modulusLength: 2048,
- hash: "sha256",
+ hashAlgorithm: "sha256",
});

dirent-path-to-parent-path

This codemod transforms the usage of dirent.path to use dirent.parentPath.

See DEP0178.

You can find this codemod in the Codemod Registry.

npx codemod run @nodejs/dirent-path-to-parent-path

Examples

readdir

  const { readdir } = require('node:fs/promises');
  const entries = await readdir('/some/path', { withFileTypes: true });
  for (const dirent of entries) {
- console.log(dirent.path);
+ console.log(dirent.parentPath);
  }

opendir

  import { opendir } from 'node:fs/promises';
  const dir = await opendir('./');
  for await (const dirent of dir) {
-   console.log(`Found ${dirent.name} in ${dirent.path}`);
+   console.log(`Found ${dirent.name} in ${dirent.parentPath}`);
  }

fs-access-mode-constants

The fs module introduced a runtime deprecation for F_OK, R_OK, W_OK, and X_OK getters exposed directly on node:fs. Get them from fs.constants or fs.promises.constants instead.

This codemod handles DEP0176.

The source code for this codemod can be found in the fs-access-mode-constants directory.

You can find this codemod in the Codemod Registry.

npx codemod run @nodejs/fs-access-mode-constants

Example

  const fs = require('node:fs');

- fs.access('/path/to/file', fs.F_OK, callback);
+ fs.access('/path/to/file', fs.constants.F_OK, callback);
- fs.access('/path/to/file', fs.R_OK | fs.W_OK, callback);
+ fs.access('/path/to/file', fs.constants.R_OK | fs.constants.W_OK, callback);

fs-truncate-to-ftruncate

The fs.truncate function was deprecated (DEP0081) when used with a file descriptor. Use fs.ftruncate instead.

The source code for this codemod can be found in the fs-truncate-fd-deprecation directory.

You can find this codemod in the Codemod Registry.

npx codemod run @nodejs/fs-truncate-fd-deprecation

Example

- const { truncate, open, close } = require('node:fs');
+ const { ftruncate, open, close } = require('node:fs');

  open('file.txt', 'w', (err, fd) => {
    if (err) throw err;
-   truncate(fd, 10, (err) => {
+   ftruncate(fd, 10, (err) => {
      if (err) throw err;
      close(fd, () => {});
    });
  });

http2-priority-removal

This recipe removes HTTP/2 priority-related options and methods since priority signaling has been deprecated.

See DEP0194.

The source code for this codemod can be found in the http2-priority-removal directory.

You can find this codemod in the Codemod Registry.

npx codemod run @nodejs/http2-priority-removal

What this codemod does

  • Removes the priority property from http2.connect() call options
  • Removes the priority property from session.request() call options
  • Removes entire stream.priority() method call statements
  • Removes the priority property from client.settings() call options
  • Handles both CommonJS (require()) and ESM (import) imports

Examples

import http2 from "node:http2";

const session = http2.connect("https://example.com", {
- priority: { weight: 16, parent: 0, exclusive: false }
});

const stream = session.request({
  ":path": "/api/data",
- priority: { weight: 32 }
});
- stream.priority({ exclusive: true, parent: 0, weight: 128 });

const client = http2.connect("https://example.com");
-client.settings({ enablePush: false, priority: true });
+client.settings({ enablePush: false });

process-assert-to-node-assert

In Node.js v23 the DEP0100 deprecation was grantted to End of Life, and process.assert was removed in favor of using the assert module directly. This codemod will help you replace any references to process.assert with the appropriate import of the assert module and usage of assert().

The source code for this codemod can be found in the process-assert-to-node-assert directory.

You can find this codemod in the Codemod Registry.

npx codemod run @nodejs/process-assert-to-node-assert

Example

+ import assert from "node:assert";
- process.assert(condition, "Assertion failed");
+ assert(condition, "Assertion failed");

Additional Notes

This codemod use fs capability to read the package.json file and determine if the project is using ES modules or CommonJS. Based on this information, it adds the appropriate import statement for the assert module.

tls-create-secure-pair-to-tls-socket

This recipe transforms the usage from the deprecated createSecurePair() to TLSSocket().

See DEP0064.

The source code for this codemod can be found in the tls-create-secure-pair-to-tls-socket directory.

You can find this codemod in the Codemod Registry.

npx codemod run @nodejs/tls-create-secure-pair-to-tls

Examples

-const { createSecurePair } = require('node:tls');
+const { TLSSocket } = require('node:tls');

-const pair = createSecurePair(credentials, true, true, false);
+const socket = new TLSSocket(underlyingSocket, {
+  secureContext: credentials,
+  isServer: true,
+  requestCert: true,
+  rejectUnauthorized: false
+});