Today, the Node.js Project is releasing Node.js 10.0.0. In October 2018, the Node.js 10.x release line will become the new active Long Term Support release line. Long Term Support release lines focus on stability, extended support and provide a reliable platform for applications of any scale. Most Node.js users and companies are on Long Term Support lines. Companies using Node.js span multiple industries and sizes from Nordstrom to Lowe’s Home Improvement to PayPal to Walmart, and many more.

In the next six months, enterprises should pay close attention and work on upgrading paths to migrate to this release line.

Node.js 10.x focuses mainly on incremental improvements, and is the first Node.js release line to upgrade to OpenSSL version 1.1.0. The release is equipped with the Google V8 v6.6 JavaScript engine, and includes performance enhancements, error handling improvements, and improved diagnostics around trace events and post mortem.

This release line also brings Node.js API (N-API) out of experimental mode. N-API is a stable module API that is independent from changes in V8 allowing modules to run against newer versions of Node.js without recompilation.

More on features and downloading Node.js 10.0.0 will be posted here when the release is available this afternoon (PT time).

“Node.js 10.0.0 is the seventh major release of the project since the launch of the Node.js Foundation in 2015,” said James Snell, Node.js TSC member and release manager for 10.0.0. “This release continues the project’s commitment to delivering improved stability, performance, and reliability for all Node.js users. While there are a handful of new features, the standout changes in 10.0.0 are improvements to error handling and diagnostics that will improve the overall developer experience.”

“The Long Term Support strategy of Node.js, first adopted in 2015, has brought more maturity to the Node.js project and has attracted more enterprises to adopt Node.js,” said Mark Hinkle, Executive Director of the Node.js Foundation. “Node.js is an extremely versatile platform being used to build APIs, IoT and mobile apps, and much more. It is growing in every industry from aerospace to retail. It is a testament to the growing Node.js developer community to see this consistent and continued momentum.”

More details on additions and improvements to Node.js 10 below.

N-API adds ABI stability to Node.js; helps module maintainers and production deployments

Node.js 10 adds the ABI stable module APIs (N-API) as an officially supported API layer. N-API aims to solve two problems in the ecosystem today, namely, reducing the maintenance cost for native modules and reducing friction in upgrading Node.js versions in production deployments for module consumers.

Upgrading to newer Node.js versions becomes simpler because the module breakage between the Node.js versions will no longer be a concern with N-API modules. This is a win-win situation for both developers and consumers. To increase the utility of this feature, N-API is also being ported back to Node.js version 8.x and 6.x and will be available in their next release.

“N-API brings much needed ABI stability to Node.js, which is a huge milestone and step forward in Node.js evolution,” said Arunesh Chandra, Sr. Program Manager Microsoft. “A stable & VM Diverse native module ecosystem will unleash more developer productivity and growth in years to come.”

VM Diverse describes a state of Node.js in which Node Core is neutral to the specific variant of the JS Engine that is powering it via open standards and open APIs. In a VM Diverse world, Node.js (and its native modules) would work seamlessly on different JavaScript VMs and their specific versions on a variety of different devices and workloads. It gives developers the ability to extend the reach of the Node.js ecosystem, so they can reuse code to target more devices and workloads.

VM Diversity will especially be helpful as Node.js becomes more common in IoT. With many VM vendors optimizing for different hardware profiles, Node.js will be able to extend to various VM platforms, giving JavaScript and Node.js users alike the flexibility to use this language and platform anywhere and everywhere. Developers will also be able to use the smaller, focused runtime of Node.js without a full VM, which will drastically improve performance in this environment.

A special thank you to the N-API team that has put an incredible amount of effort into the features and evangelism to bringing this project together. You can find more information on parties that participated here.

Modernized cryptographic support

Node.js 10.x is the first release line to upgrade to OpenSSL version 1.1.0. Node.js is now able to take full advantage of the significant work in code quality, clean-up and modernization undertaken by the OpenSSL team — supported by the Core Infrastructure Initiative, a Linux Foundation project. Node.js can now extend its cryptographic support to the much requested ChaCha20 cipher and Poly1305 authenticator. Together these contribute to the modern cryptographic landscape and expand the options available for using “AEAD” cipher suites, the current gold-standard for encrypted communication on the web.

With the recent finalization of the TLS 1.3 specification, a huge step forward for the security of the web, the OpenSSL team is preparing to release its 1.1.1 release line, the primary feature of which is TLS 1.3 support. Node.js’ move to OpenSSL 1.1.0 sets it up for an easy API and ABI stable upgrade after OpenSSL 1.1.1 is released later next month. Before Node.js 10 reaches LTS in October, it should already have brand new TLS 1.3 support, underpinned by the most modern and comprehensive cryptographic library available.

Error Handling Improvements

Node.js 10.x makes good progress on adopting error codes in order to ease consistent error checking. Previously any changes to the text for an error needed to be delayed until a semver major release, meaning error changes couldn’t be made (even correcting a typo in an error) until the next major version of Node.js shipped. Node.js major versions ship every six months. The use of error codes allows message text to be updated without breaking applications (as applications should be using the error code).

More on this implementation can be found in Michael Dawson of IBM’s post.

Performance Improvements

The latest V8 comes with promise, async generator and array performance improvements that will greatly benefit the performance of applications built with Node.js.

Improvements for promises and async functions closes the gap between async functions and desugarded promise chains for better performance results. The throughput performance of Array#reduce was increased by more than 10 for holey double arrays. In addition, the performance of async generators and async iteration was improved significantly. Data on the improvements can be found on the V8 Project blog post.

The V8 team is working to continue to improve the performance of async functions and async generators with upcoming releases.

Improved diagnostics trace and post mortem

Post mortem diagnostics and debugging are essential when using a Node.js application in production. Improvements on this space have continually grown in the last few releases and there is a dedicated working group that focuses on diagnostics in Node.js.

In Node.js 10, new trace events are now emitted for performance API user timing events, providing increased visibility of timing and performance issues in user code. Additionally, a new API has been introduced allowing user code to enable and disable trace events on demand at runtime, providing improved flexibility in diagnosing issues in Node.js applications at runtime.

npm version 6 coming to Node.js 10.x release line

Node.js 10.0.0 ships with npm 5.6.x. However, it is expected that the Node.js 10.x release line will be updated with npm version 6 early in its lifetime. Version 6 of the JavaScript package installer focuses on performance, stability, and security, offering performance improvements of up to 1700% compared to prior versions of npm. More information on npm@6 is available at https://go.npm.me/npm6

Experimental Promisfied Versions of the ‘fs’ Functions

The `fs/promises` API provides experimental promisified versions of the `fs` functions. While earlier versions of Node.js made an initial step to make using promises easier through util.promisify(), its use still incurs extra steps and overhead. The experimental promisified version of the ‘fs’ functions is the first step towards providing Node.js APIs that support promises directly and in the most efficient manner.

New JavaScript Language Capabilities

The full list of new JavaScript language features can be found here. A few key new capabilities include:

Function.prototype.toString() now returns exact slices of source code text, including whitespace and comments.

V8 6.6 also ships with more mitigations for side-channel vulnerabilities to help prevent information leaks to untrusted JavaScript and WebAssembly code. Node.js assumes you’re only running trusted code, but if you’re interested in enabling this in Node.js see the V8 6.6 docs.*

THANK YOU!

There were a lot of folks who worked hard on bringing this release to life. As always thank you for your hard work and continued support. If this was your first time contributing to Node.js Core, glad to have you onboard! The release manager for Node.js 10.0.0 is James Snell.

There are additional changes happening with the Node.js Release lines; to read an update on what to expect with release line changes in the month of April, please read this blog post.

*This blog post was updated at 1:00pm ET on April 24. Orignally the post implied that the untrusted code mitgations were enabled by default. We updated this to provide more context. Thank you to Gus Caplan for the adjusted edits. Additionally, Node.js 10 ships with npm 5.6.x.