News / Technology

That New Node Smell: Node.js Gets Another Long-Term Support Release

21 Oct 2016 9:21am, by

Ready for a Long Term Node Relationship?

In just seven short years, Node.js has gone from scrappy, Linux-only JavaScript runtime environment to genuine web-dominating juggernaut. The platform, distributed by the Node.js Foundation, has five million downloads a month and runs under the hood of everything from cloud stacks and API engines to mobile websites — and even honest-to-god robots.

Node.js is also increasingly embraced by the enterprise and sharing economy sectors. Behemoth companies like Walmart, Netflix and the New York Times have based server-side operations on Node, and Uber and AirBnB depend on Node.js to match up customers and rides/lodging on the fly.

However, large organizations with complex environments have been challenged by the need to continually upgrade their Node worlds as patches and updates are released. In response to the needs of mid to large enterprise clients, particularly those having a zero tolerance to instability, the Node.js Project just released a Long Term Support strategy for Node.js v6.9.0, code name “Boron.”

Consistent with the project’s LTS plan to name versions in alphabetical order from the periodic table of elements, Node.js collaborators chose “Boron” as the codename for v6 LTS.  Node v4 — created in September 2015 when Node.js v0.12 and io.js v3.3 were merged together as Node v4.0 — was christened “Argon.” (The process.release.lts property in this release contains the string “Boron” for easily checking if a node process is running on an LTS version. In other release versions, however, this property will have no value).

Dan Shaw, co-founder of enterprise Node.js distributor NodeSource, said he is excited — both as an open-source contributor and a business owner — about this “path of least surprise” enterprise version of Node.js.

“The surface area of Node.js touches the world,” said Shaw. “We can attribute that steady growth to how good a job the core tech committee has done at making sure the experience for end users is stable, stable, stable. Great release notes, great insight into what’s happening, and just a really reliable platform for creating applications.”

“The pleasant reality for today’s Node developer is that, in moving one version to the next, there aren’t an extraordinary amount of things you can expect to be broken, and there are great new features,” he continued.

As one example, Shaw cites a contribution from the Google team that brings Node debugging to the Chrome DevTools — a “rich debugging pipeline into the Node.js system” that is yet another sign of Node.js’s maturation in the market.

nodelts

Smooth Move from “Current” to “LTS”

The foundation announced on Tuesday that Node.js v6 will be the LTS release line until April 2018, with new features landing infrequently and only after approval by the foundation’s Core Technical Committee (acting on recommendations from the project’s LTS Working Group). This will be followed by an additional 12-month “maintenance mode” — covering only critical bug and security fixes — for a total long-term support period of 30 months.

“The LTS plan is a contract from the Node.js project to developers that promises developers stability and support for almost three years,” said Mikeal Rogers, community manager at the Node.js Foundation. “Node.js v6 has a lot of great features that focus on performance, security enhancements and increased reliability. If you are a company that wants to put Node.js into production without throwing a ton of developers on the technology every six months for an upgrade, this is a perfect release line for you.”

Node.js only recently fully embraced semantic versioning protocols, which will be followed as part of the LTS-covered Node.js V6.  Thus, new features will be semver-minor and limited to bug fixes, security updates, non-semver-major npm updates, and performance improvements shown to have minimal risk of breaking existing dependent applications.

Evens & Odds, Sixes & Sevens

Node.js v 6, code name “Boron,” was released in April 2016, consistent with the project’s habit of cutting new even-numbered semver-major releases every April, followed six months later in October by new odd-numbered versions.

The odd numbered releases are testing grounds for new features and are intended for users who can tolerate a bit of instability and who have reasonable ease of upgrade for their Node.js deployments. These are supported for eight months, focus on continued updates and iterations of the platform.

“If you have a robust test environment setup, then direct upgrade to Node.js v6 is what we would suggest. If you don’t feel comfortable making that big of a version leap, then Node.js v4 is also a good upgrade” — Mikeal Rogers.

Node.js v7, which was released last month in beta, is set for formal launch the week of October 25th. It is a “checkpoint release” for the Node.js project and will focus on stability, incremental improvement over Node.js v6, and updating to the latest versions of Google’s V8 JavaScript engine, and the libuv asynchronous library.

According to the foundation’s statement, “Node.js v7 will ship with JavaScript Engine V8 5.4, which focuses on performance improvements linked to memory. Included in this are new JavaScript language features such as the exponentiation operator, new Object property iterators, and experimental support for async functions. To note, the async function support will be unsupported until V8 5.5 ships. These features are still in experimental mode, so you can play around with them, but they likely contain bugs and should not be used in production.”

Given it is an odd numbered release, v7’s end of life is slated for June 2017. More information about fun new features and breaking changes in Node.js v7 is available at on GitHub.

Node Giveth, and Node Taketh Away

As these new enterprise-oriented iterations of Node join the herd, legacy versions are being shuttered. Node.js v0.10 will reach “End of Life” on October 31st, and Node.js v0.12 in December 2016. There will be no further releases on either of these lines, including security or stability patches.

The project has compelling reasons for the house cleaning: After December 31, “We won’t be able to get OpenSSL updates for those versions. So that means we won’t be able to provide any security updates. Additionally, the Node.js Core team has been maintaining the version of V8 included in Node.js v0.10 alone since the Chromium team retired it four years ago. This represents a risk for users as the team will no longer maintain this.”

NodeSource’s Shaw observed, “There are still a fair amount of v0.10 users out in the ecosystem.” They get stuck there, he said, because of time — startups where there are other urgencies, or organizations with limited staff to go in, test things and make the changes. “Those back on 10 or 12, those really ancient versions, there is real limitation to what the Node team can do to support or maintain those,” says Shaw. “We need to encourage everyone to move to the LTS workflow. The water is great. It just works.”

Node.js project personnel are urging users to upgrade — not just from v0.10 and v0.12, but also anyone lingering on v5, the last checkpoint release. Newer even-numbered Node releases are more stable, and run more modern versions of V8, OpenSSL, and other critical dependencies.

“If you have a robust test environment setup, then direct upgrade to Node.js v6 is what we would suggest. If you don’t feel comfortable making that big of a version leap, then Node.js v4 is also a good upgrade,” Rogers said. However, he cautions anyone going that route that only 18 months remain to then transition to the current LTS version, v6, from Node.js v4,  which will cease maintenance in April 2018.

At the current rate of download, Node.js v6 will take over the current LTS line v4 in downloads by the end of the year. This is a good thing: v6 will be the LTS line and in maintenance mode for the next 30 months. Node.js v4 will stop being maintained in April 2018.

Monkeying Around With Node

Bottom line: it’s time to update.

The Next Event Horizon

Once you’re done all that upgrading, you might be interested in current thoughts for what comes next for Node.js. Last month, steering committee member James Snell gave a  “Node.js Core State of the Union” keynote address at Node.js Interactive Amsterdam, detailing where Node.js core has been over the past year and what is coming next.

Upshot: the Node world can look forward to improvements in language compatibility, adopting modern web standards, internal growth for VM neutrality and API development, and support for growing Node.js use cases.

Feature image via Pixabay.


A digest of the week’s most important stories & analyses.

View / Add Comments