Development

A Perfect Ten: Node.js Foundation Launches v.10.0.0

3 May 2018 9:56am, by

The Node.js Foundation just released the newest version of everyone’s favorite lightweight JavaScript runtime built atop Chrome’s V8 JavaScript engine.  Node.js 10.0.0, comes fully equipped with up-to-the-minute JavaScript language features and includes performance enhancements, error handling improvements, and improved diagnostics. After six months, it will also become the official Long Term Support release line for Node.

“The 10.x release is breaking new ground in a number of different areas. It’s great to see the project taking on larger and longer-term efforts and delivering progress incrementally in each release,” said Michael Dawson, a collaborator and technical steering committee member as well as the IBM community lead for Node.js. “I think this shows how well the Node LTS process is working to provide new functionality in a regular and consumable manner.”

This is also the first Node.js release line to upgrade to OpenSSL v1.1.0, the latest version of the open source cryptography and toolkit for Transport Layer Security and Secure Sockets Layer (TLS/SSL) protocols. This is particularly significant given the recent ratification of the TLS 1.3 specification, which will be supported by OpenSSL’s v1.1.1 when released later this summer.

By including the current OpenSSL, Node.js 10.x paves the way for seamless and stable upgrades when the TLS-compliant version goes live. Convenience aside, the inclusion of a robust and commercial-grade library aligns Node.js with the paramount standard for encrypted communication via the web — yet another signal to enterprise users that Node.js is a solid and scalable backend choice for developing web apps, back-ends, and consolidating APIs, even on IoT or mobile platforms.

API Power

The new Node also unlocks multiple new API features. For example, a new API has been introduced allowing user code to enable and disable trace events on demand at runtime, providing improved flexibility in diagnosing issues in Node.js applications at runtime. Then there is a promises API — albeit currently experimental — aiming to eventually replace the existing “util.promisify()” function with Node.js APIs that directly support promises in the most efficient manner.

Additionally, v10 adds and officially supports the ABI stable Node.js API for native modules (N-API). A previous lack of API/ABI stability guarantees meant native add-ons needed to be updated or recompiled for every major Node.js release. Now, by providing an ABI-stable abstraction layer for native APIs in JavaScript VMs, native module devs can compile their module once per platform/architecture and make it available for any version of Node.js that implements N-API. (True even for versions of Node.js built with a different VM, like Node-ChakraCore). N-API is so handy that it is also being ported back to Node.js version 8.x and 6.x (and will be available in their next releases).

Indeed, this is so anticipated in part because the N-API effort was much-desired and community-wide. “Many thanks to all of the community members who stepped up to help move N-API forward and into 10.x as a supported feature,” said Dawson. “It is just such a significant milestone on the journey to making native addon development easier.”

Performance Boost

Performance also gets an upgrade. Coupled with the latest Chrome V8, Node.js v.10.0.0 comes with features including promises, async generator and async iteration, as well as improvements to array performance that have increased throughput response. (For example, Array.reduce() has improved by a factor of ten). All of these serve as a small but significant — and permanent — performance boost for applications built using Node.js.

“JavaScript has become a legitimate enterprise development platform largely due to Node.js providing client-server applications,” Mark Hinkle, Node.js executive director, told The New Stack. “Node.js 10 is another leap forward with features building even further upon stability and extensibility.”

Manage Those Packages More Securely, Too

Version 10 shipped with npm 5.6, even though npm, Inc released npm v6 on April 24th in sync with the new Node. Primarily, the npm v.6.0 release line is concerned with security. This was spurred in part by a survey showing that 97 percent of JavaScript developers worldwide rely on open source code at least in part for their projects, and that 77 percent of those are concerned about the security of doing so. To better document — and fix — module vulnerabilities and potential dependency conflicts, npm moved to acquire the Node Security Platform, the definitive source of known JS package vulnerabilities.

In fact, npm v.6 contains a new shortcut specifically to address this: npm-audit allows users to recursively analyze dependency trees to identify potential conflicts and insecurities. A proactive step allowing devs to swap out for updated or better-fit versions before anything breaks, “npm audit” totally rocks. (We just have to remember to, you know, run it).

Node v.10.x will update to npm v.6 in the coming months.

The Linux Foundation, which manages the Node.js Foundation is a sponsor of The New Stack.

A newsletter digest of the week’s most important stories & analyses.