Release Notes for Node.js 18

Red Hat build of Node.js 18

For use with Node.js 18 LTS

Red Hat Customer Content Services

Abstract

This Release Note contains important information related to Node.js 18 LTS.

Preface

Date of release: 2023-01-31

Chapter 1. Required Infrastructure Component Versions

The following infrastructure components are required when using the Red Hat build of Node.js. Except for components that are explicitly designated as supported, Red Hat does not provide support for these components.

Component nameVersion

Nodeshift

2.1.1

npm 8

8.19.2

OpenShift Container Platform (OCP)[a]

3.11, 4.5

git

2.0 or later

oc command line tool

3.11 or later[b]

[a] OCP is supported by Red Hat
[b] The version of the oc CLI tool should correspond to the version of OCP that you are using.

Chapter 2. Features

This section contains information about feature changes introduced in the Red Hat build of Node.js 18 release.

2.1. New and Changed features

Node.js 18 LTS has the following new features and enhancements that the Red Hat build of Node.js supports.

For detailed changes in Node.js 18 LTS, see the upstream release notes and upstream documentation.

2.1.1. V8 JavaScript engine upgraded to v10.2

This release includes an upgrade of the V8 JavaScript engine to v10.2, which is part of Chromium 101.

The upgraded V8 JavaScript engine includes the following new features and enhancements:

For more information about the changes that are available in the V8 JavaScript Engine, see the V8 blog.

2.1.2. Default values for HTTP timeouts

This release includes the following enhancements for HTTP timeouts:

  • The server.headersTimeout property, which limits the amount of time that the parser waits to receive the complete HTTP headers, now has a default value of 60000 milliseconds (60 seconds).
  • The server.requestTimeout property, which limits the amount of time that the server waits to receive the entire request from the client, now has a default value of 300000 milliseconds (5 minutes).

If these timeouts expire, the server responds with a 408 error and closes the connection without forwarding the request to the request listener.

Note

To protect against denial-of-service attacks in situations where a reverse proxy is not deployed in front of the server, ensure that you set these timeout values to a value other than zero.

2.1.3. Blob and BroadcastChannel APIs in the global scope

The following APIs are now fully supported and available as global objects:

  • The Blob class encapsulates immutable, raw data that can be safely shared across multiple worker threads. Blob is a subclass of the Buffer class.
  • The BroadcastChannel class enables asynchronous one-to-many communication with all other BroadcastChannel instances that are bound to the same channel name. BroadcastChannel extends the EventTarget class.

In the previous release, these APIs were Technology Preview features only.

2.2. Deprecated features

The following features are deprecated in the Red Hat build of Node.js 18 release.

Note

For more information about deprecated or removed features in this release, see the nodejs.org website.

2.2.1. Runtime deprecation of string coercion in fs methods for writing or appending files

This release includes the runtime deprecation of implicit object-to-string coercion when an object has its own toString property that is passed as a parameter in any of the following methods:

  • fs.write()
  • fs.writeFile()
  • fs.appendFile()
  • fs.writeFileSync()
  • fs.appendFileSync()

As an alternative to string coercion, convert objects to primitive strings instead.

2.2.2. Option types coercion in dns.lookup and dnsPromises.lookup methods

This release removes the coercion of option types that are passed as a parameter in the dns.lookup() and dnsPromises.lookup() methods. If you use any of the following combinations of option type and value, Node.js now throws an ERR_INVALID_ARG_TYPE error:

  • A non-nullish non-integer value for the family option
  • A non-nullish non-number value for the hints option
  • A non-nullish non-boolean value for the all option
  • A non-nullish non-boolean value for the verbatim option

2.2.3. Runtime deprecation of multipleResolves

This release includes the runtime deprecation of the multipleResolves process event. For example: 

process.on('multipleResolves', handler)

The multipleResolves event did not work with V8 promise combinators, which affected the usefulness and reliability of this event in tracking potential errors when using the Promise constructor. For example, the Promise.race() method could also trigger a multipleResolves event, which did not necessarily indicate an error.

2.2.4. Support for thenable objects

This release removes the ability to return thenable objects in stream implementation methods. The use of thenable objects could lead to unexpected issues if, for example, a user implemented the function in callback style but used an async method. This type of implementation resulted in an invalid mix of promise and callback semantics.

For example: 

const w = new Writable({
  async final(callback) {
    await someOp();
    callback();
  },
});

As an alternative to thenable objects, use callbacks instead and avoid using the async function for stream implementation methods.

2.2.5. tls.parseCertString()

This release removes the tls.parseCertString() method, which was a parser helper to parse the certificate subject and issuer strings. The tls.parseCertString() method did not handle multi-value Relative Distinguished Names (RDNs) correctly, which could lead to incorrect representations and security issues.

Additionally, _tls_common.translatePeerCertificate no longer translates the subject and issuer properties.

Note

Earlier releases of Node.js recommended the use of the querystring.parse() method as an alternative to tls.parseCertString(). However, because querystring.parse() also does not handle all certificate subjects correctly, this release no longer recommends the use of querystring.parse() as an alternative.

2.3. Technology Preview features

The following features are available as Technology Preview features in the Node.js 18 LTS release.

2.3.1. Fetch API

An experimental fetch API is available as a global object. The fetch API is based on Undici, which is an HTTP/1.1 client for Node.js, and the node-fetch module, which provides a Node.js implementation of the Fetch Web API.

For example: 

const res = await fetch('https://nodejs.org/api/documentation.json');
if (res.ok) {
  const data = await res.json();
  console.log(data);
}

Because of this enhancement, the following global objects are now available for use:

  • fetch (a browser-compatible version of the fetch() function)
  • FormData (a browser-compatible version of the FormData interface)
  • Headers (a browser-compatible version of the Headers interface)
  • Request (a browser-compatible version of the Request interface)
  • Response (a browser-compatible version of the Response interface)

You can disable the fetch API by using the --no-experimental-fetch command-line option.

2.3.2. Web Streams API in the global scope

The Web Streams API was introduced as a Technology Preview feature in the Red Hat build of Node.js 16 release. In this release, Node.js now exposes the Web Streams API in the global scope. This supersedes the behavior in the previous release where the Web Streams API was only accessible by using the stream/web core module.

Because of this enhancement, the following APIs are now available as global objects:

ReadableStreamReadableStreamDefaultReaderReadableStreamBYOBReaderReadableStreamBYOBRequestReadableByteStreamControllerReadableStreamDefaultController, TransformStreamTransformStreamDefaultControllerWritableStreamWritableStreamDefaultWriterWritableStreamDefaultControllerByteLengthQueuingStrategy, CountQueuingStrategyTextEncoderStreamTextDecoderStreamCompressionStreamDecompressionStream

2.3.3. ESM Loader Hooks API supports multiple custom loaders

The ESM Loader Hooks API was introduced as a Technology Preview feature in the Red Hat build of Node.js 16 release. The ESM Loader Hooks API now supports multiple custom loaders.

To enable multiple loaders to work together, this feature uses a process called chaining, which is analogous to a promise chain. For example, first-loader calls second-loader, second-loader calls third-loader, and so on.

Note

If a custom loader does not intentionally call the next loader in the chain, the custom loader must signal a short circuit.

For more information, see the Node.js ECMAScript modules documentation.

2.3.4. Watch mode

You can now run Node.js applications in watch mode by using the node --watch option.

Running an application in watch mode means that the process restarts if you modify an imported file.

2.4. Supported architectures

Node.js builder images and RPM packages are available and supported for use with the following CPU architectures:

  • AMD x86_64
  • ARM64
  • IBM Z (s390x) in the OpenShift environment
  • IBM Power Systems (ppc64le) in the OpenShift environment

Chapter 3. Release components

Chapter 4. Fixed issues

This release incorporates all of the fixed issues in the community release of Node.js 18 LTS.

Chapter 5. Known issues

There are no known issues affecting this release.

Chapter 6. Known issues affecting required infrastructure components

There are no known issues affecting infrastructure components required by this release.

Legal Notice

Copyright © 2023 Red Hat, Inc.
The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/. In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version.
Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law.
Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries.
Linux® is the registered trademark of Linus Torvalds in the United States and other countries.
Java® is a registered trademark of Oracle and/or its affiliates.
XFS® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries.
MySQL® is a registered trademark of MySQL AB in the United States, the European Union and other countries.
Node.js® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
The OpenStack® Word Mark and OpenStack logo are either registered trademarks/service marks or trademarks/service marks of the OpenStack Foundation, in the United States and other countries and are used with the OpenStack Foundation's permission. We are not affiliated with, endorsed or sponsored by the OpenStack Foundation, or the OpenStack community.
All other trademarks are the property of their respective owners.