Node.js 18 Released With Improved Security, Fetch API, and Next-10 Strategic Initiatives

Node.js 18 is available now! It adds multiple key features of enterprise and small- to medium-sized enterprises including increased security support, the Fetch API, and it is part of delivering on the larger Next-10 strategic initiative within Node.js that is pushing forward key priorities including modernizing HTTP and keeping Node.js on the forefront of web development. 

As part of increased security support, Node.js has been announced as the first pilot open source community to be supported by OpenSSF’s Alpha-Omega Project. Alpha-Omega is committing $300k to bolster the Node.js security team and vulnerability remediation efforts through the rest of 2022, with a focus on supporting better open source security standards and practices.

“The Node.js team continues to do fantastic work. The open governance structure for Node.js has led to tangible improvements in security and forward-thinking planning, and the main features of Node.js 18 will be highly valuable to enterprises of all sizes,” said Robin Ginn, OpenJS Foundation executive director. “Whether you’re a new user or already have Node.js broadly implemented, now’s a good time to install and test Node.js 18.”

Following its long-established release schedule, Node.js 18 is a Current release, which means it’s the right time for testing by enterprises, before being suitable for production usage when it is promoted to long-term support (LTS) in October 2022.

“The Node.js project contributors and collaborators continue to do an excellent job, and I want to thank them all. We continue to improve and grow, and I believe Node.js is a real open source success story,” said Bethany Griggs, Node.js Technical Steering Committee member, and Senior Software Engineer at Red Hat. “As always, current releases, like Node.js 18, are the perfect time to test in your own unique development environment. If you’re a Node.js user, please try out Node.js 18 and give us feedback. Your feedback directly contributes to our ability to move new features into stable releases more quickly.” 

For comprehensive information on specific Node.js features, see the Node.js team release announcement written by the Node.js project contributors: LINK

There are three key reasons to evaluate and upgrade to Node.js 18: Security, APIs, Future Planning.

Security

This is the first version that will be later promoted to LTS with OpenSSL 3.0. OpenSSL 3.0 is a major new stable version of the popular and widely used cryptography library. OpenSSL contains an open-source implementation of the SSL and TLS protocols, which provide the ability to secure communications across networks. Among other key features, OpenSSL 3.0 contains a FIPS Module that has been submitted for validation. The Federal Information Processing Standards (FIPS) are a set of requirements enforced by the US government which govern cryptographic usage in the public sector. This is a key step forward in the cryptographic support in Node.js.

The Node.js project follows a well planned security release process, with regular outbound communications and more. In the last year, Node.js has formalized rotations around security. The commitment to take slots in the security release steward rotation is made by companies in order to ensure individuals who act as security stewards have the support and recognition from their employer to be able to prioritize security releases. 

APIs

Node.js 18 is adding even tighter synergy between front-end and back-end APIs. One of the key premises of Node.js is that JavaScript skills can be applied to the back-end. With Node.js 18, Fetch is globally available by default. The Fetch API provides an interface for fetching resources including across networks. It will seem familiar to anyone who has used XMLHttpRequest, but the new API provides a more powerful and flexible feature set.

“Node.js 18 will enable the Fetch API as a default. It’s been available since Node.js 17, but this moves forward Node.js application development, and it’s exciting to be a part of the process of improving Node.js in key fundamental areas,” said Michaël Zasso, Scientific research software engineer and co-founder at Zakodium, member of the Node.js Technical Steering Committee. “I would like to thank multiple team members and contributors, and in particular I would like to thank users who push us and support us. Thank you!”

XMLHttpRequest has been used by web developers enabling ajax and a whole new kind of interactive exposure. However, it has been slowly succeeded by Fetch API. Fetch API is Promise based, providing a cleaner and more concise syntax.

Future Planning

The Next-10 effort has elevated technical priorities which have led to discussions around modernizing http. The purpose of the Next-10 project is to work collaboratively on the strategic directions for the next 10 years of Node.js. Fetch API is one direct result of this process. The full Next-10 repository is available here: https://github.com/nodejs/next-10 

Node.js Training and Certification

The OpenJS Node.js Services Developer (JSNSD) and OpenJS Node.js Application Developer (JSNAD) certifications are available now. Node.js training courses are available to help you prepare for the exams: Node.js Application Development (LFW211) and the Node.js Services Development (LFW212). Discounts are available to members!

OpenJS Resources

Click here to learn more about how you could be a part of the OpenJS Foundation, and view these additional resources:

• OpenJS Certification Program
• OpenJS Latest News and Blogs
• Open JS Slack Workspace 
• OpenJS World is June 6–10, 2022!

About OpenJS Foundation

The OpenJS Foundation is committed to supporting the healthy growth of the JavaScript ecosystem and web technologies by providing a neutral organization to host and sustain projects and collaboratively fund activities for the benefit of the community at large. The OpenJS Foundation is currently home to 39 open source JavaScript projects, including Appium, Dojo, Electron, jQuery, Node.js, and webpack. It is supported by 30 corporate and end-user members, including GoDaddy, Google, IBM, Intel, Joyent, Microsoft, and Netflix. These members recognize the interconnected nature of the JavaScript ecosystem and the importance of providing a central home for projects which represent significant shared value. 

About Linux Foundation
Founded in 2000, the Linux Foundation is supported by more than 1000 members and is the world’s leading home for collaboration on open source software, open standards, and open hardware. Linux Foundation projects like Linux, Kubernetes, Node.js, and more are considered critical to developing the world’s most important infrastructure. Its development methodology leverages established best practices and addresses the needs of contributors, users, and solution providers to create sustainable models for open collaboration. For more information, please visit their website.