Node.js v 12 arrived on schedule. It went into LTS in October and will be maintained until 2022. In the meantime, Node 13 became the Current version.

update node js latest version

Node.js LTS & Current Download for macOS:

Node.js LTS & Current Download for Windows:

For other downloads like Linux libraries, source codes, Docker images, etc.. please visit https://nodejs.org/en/download/

Node.js v12 - New Features You Shouldn't Miss

Here is a list of changes we consider essential to highlight:

  • V8 updated to version 7.4
    • Async stack traces arrived
    • Faster async/await implementation
    • New JavaScript language features
    • Performance tweaks & improvements
    • Progress on Worker threads, N-API
  • Default HTTP parser switched to llhttp
  • New experimental “Diagnostic Reports” feature

You can browse the full changelog here and read our deep-dive on Node.js v12 here.

Node.js LTS v12 Changelogs

Changelog for Node v12.16.1

Node.js 12.16.0 included 6 regressions that are being fixed in this release:

  • Accidental Unflagging of Self Resolving Modules: 12.16.0 included a large update to the ESM implementation. One of the new features, Self Referential Modules, was accidentally released without requiring the --experimental-modules flag. This release is being made to appropriately flag the feature.

  • Process Cleanup Changed Introduced WASM-Related Assertion: A change during Node.js process cleanup led to a crash in combination with specific usage of WASM. This has been fixed by partially reverted said change. A regression test and a full fix are being worked on and will likely be included in future 12.x and 13.x releases.

  • Use Largepages Runtime Option Introduced Linking Failure: A Semver-Minor change to introduce --use-largepages as a runtime option introduced a linking failure. This had been fixed in master but regressed as the fix has not yet gone out in a Current release. The feature has been reverted, but will be able to reland with a fix in a future Semver-Minor release.

  • Async Hooks was Causing an Exception When Handling Errors: Changes in async hooks internals introduced a case where an internal api call could be called with undefined causing a process to crash. The change to async hooks was reverted. A regression test and fix has been proposed and the change could re-land in a future Semver-Patch release if the regression is reliably fixed.

  • New Enumerable Read-Only Property on EventEmitter breaks @types/extend: A new property for enumerating events was added to the EventEmitter class. This broke existing code that was using the @types/extend module for extending classses as @types/extend was attemping to write over the existing field which the new change made read-only. As this is the first property on EventEmitter that is read-only this feature could be considered Semver-Major. The new feature has been reverted but could re-land in a future Semver-Minor release if a non breaking way of applying it is found.

  • Exceptions in the HTTP parser were not emitting an uncaughtException: A refactoring to Node.js interanls resulted in a bug where errors in the HTTP parser were not being emitted by process.on('uncaughtException') when the async_hooks after hook exists. The fix to this bug has been included in this release.

Changelog for Node v12.16.0

  • New assert APIs: The assert module now provides experimental assert.match() and assert.doesNotMatch() methods. They will validate that the first argument is a string and matches (or does not match) the provided regular expression.

  • Advanced serialization for IPC: The child_process and cluster modules now support a serialization option to change the serialization mechanism used for IPC.

  • CLI flags:

    • The new --trace-exit CLI flag makes Node.js print a stack trace whenever the Node.js environment is exited proactively (i.e. by invoking the process.exit() function or pressing Ctrl+C).
    • The new --trace-uncaught CLI flag makes Node.js print a stack trace at the time of throwing uncaught exceptions, rather than at the creation of the Error object, if there is any. This option is not enabled by default because it may affect garbage collection behavior negatively.
    • The --disallow-code-generation-from-strings V8 CLI flag is now whitelisted in the NODE_OPTIONS environment variable.
  • New crypto APIs: For DSA and ECDSA, a new signature encoding is now supported in addition to the existing one (DER). The verify and sign methods accept a dsaEncoding option, which can have one of two values:

    • 'der' (default): DER-encoded ASN.1 signature structure encoding (r, s).
    • 'ieee-p1363': Signature format r || s as proposed in IEEE-P1363.
  • A new method was added to Hash: Hash.prototype.copy. It makes it possible to clone the internal state of a Hash object into a new Hash object, allowing to compute the digest between updates.

  • Dependency updates:

    • libuv was updated to 1.34.0. This includes fixes to uv_fs_copyfile() and uv_interface_addresses() and adds two new functions: uv_sleep() and uv_fs_mkstemp().
    • V8 was updated to 7.8.279.23. This includes performance improvements to object destructuring, RegExp match failures and WebAssembly startup time.
  • New EventEmitter APIs:

    • The new EventEmitter.on static method allows to async iterate over events.
    • It is now possible to monitor 'error' events on an EventEmitter without consuming the emitted error by installing a listener using the symbol EventEmitter.errorMonitor.
  • Performance Hooks are no longer experimental: The perf_hooks module is now considered a stable API.

  • Introduction of experimental WebAssembly System Interface (WASI) support: A new core module, wasi, is introduced to provide an implementation of the WebAssembly System Interface specification. WASI gives sandboxed WebAssembly applications access to the underlying operating system via a collection of POSIX-like functions.

Changelog for Node v12.15.0 (LTS)

This is a security release. Vulnerabilities fixed:

  • CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
  • CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
  • CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the --insecure-http-parser command line flag, or the insecureHTTPParser http option. Using the insecure HTTP parser should be avoided.

Changelog for Node v12.14.1 (LTS)

  • crypto: fix key requirements in asymmetric cipher
  • deps:
    • update llhttp to 2.0.1
    • update nghttp2 to 1.40.0
  • v8: mark serdes API as stable

Changelog for Node v12.14.0 (LTS)

  • deps: update npm to 6.13.4

Changelog for Node v12.13.1 (LTS)

  • Experimental support for building Node.js with Python 3 is improved.
  • ICU time zone data is updated to version 2019c. This fixes the date offset in Brazil.

Changelog for Node v12.13.0 (LTS)

This release marks the transition of Node.js 12.x into Long Term Support (LTS) with the codename 'Erbium'. The 12.x release line now moves into "Active LTS" and will remain so until October 2020. After that time, it will move into "Maintenance" until end of life in April 2022.

Notable changes:

  • npm was updated to 6.12.0. It now includes a version of node-gyp that supports Python 3 for building native modules.

Changelog for Node v12.12.0 (LTS)

  • build: Add --force-context-aware flag to prevent usage of native node addons that aren't context aware
  • deprecations: Add documentation-only deprecation for process._tickCallback()
  • esm: Using JSON modules is experimental again
  • fs: Introduce opendir() and fs.Dir to iterate through directories
  • process: Add source-map support to stack traces by using --enable-source-maps
  • tls:
    • Honor pauseOnConnect option
    • Add option for private keys for OpenSSL engines

Changelog for Node v12.11.1 (LTS)

  • build: This release fixes a regression that prevented from building Node.js using the official source tarball
  • deps: Updated small-icu data to support "unit" style in the Intl.NumberFormat API

Changelog for Node v12.11.0 (LTS)

  • crypto:
    • Add oaepLabel option
  • deps: Update V8 to 7.7.299.11
    • More efficient memory handling
    • Stack trace serialization got faster
    • The Intl.NumberFormat API gained new functionality
    • For more information: https://v8.dev/blog/v8-release-77
  • events:
    • Add support for EventTarget in once
  • fs:
    • Expose memory file mapping flag UV_FS_O_FILEMAP
  • inspector:
    • New API - Session.connectToMainThread
  • process:
    • Initial SourceMap support via env.NODE_V8_COVERAGE
  • stream:
    • Make _write() optional when _writev() is implemented
  • tls:
    • Add option to override signature algorithms
  • util:
    • Add encodeInto to TextEncoder
  • worker:
    • The worker_thread module is now stable

Changelog for Node v12.10.0 (LTS)

  • deps:
    • Update npm to 6.10.3
  • fs:
    • Add recursive option to rmdir()
    • Allow passing true to emitClose option
    • Add *timeNs properties to BigInt Stats objects
  • net:
    • Allow reading data into a static buffer

Changelog for Node v12.9.0 (LTS)

  • crypto:
    • Added an oaepHash option to asymmetric encryption which allows users to specify a hash function when using OAEP padding
  • deps:
    • Updated V8 to 7.6.303.29
      • Improves the performance of various APIs such as JSON.parse and methods called on frozen arrays.
      • Adds the Promise.allSettled method.
      • Improves support of BigInt in Intl methods.
      • For more information: https://v8.dev/blog/v8-release-76
    • Updated libuv to 1.31.0
      • UV_FS_O_FILEMAP has been added for faster access to memory mapped files on Windows.
      • uv_fs_mkdir() now returns UV_EINVAL for invalid filenames on Windows. It previously returned UV_ENOENT.
      • The uv_fs_statfs() API has been added.
      • The uv_os_environ() and uv_os_free_environ() APIs have been added.
  • fs:
    • Added fs.writev, fs.writevSync and filehandle.writev (promise version) methods. They allow to write an array of ArrayBufferViews to a file descriptor
  • http:
    • Added three properties to OutgoingMessage.prototype: writableObjectMode, writableLength and writableHighWaterMark
  • stream:
    • Added an new property readableEnded to readable streams. Its value is set to true when the 'end' event is emitted.
  • Added an new property writableEnded to writable streams. Its value is set to true after writable.end() has been called.

Changelog for Node v12.8.0 (LTS)

  • assert:
    • Legacy mode deprecation (DEP0089) is revoked
  • crypto:
    • The outputLength option is added to crypto.createHash
    • The maxmem range is increased from 32 to 53 bits
  • n-api:
    • Added APIs for per-instance state management
  • report:
    • Network interfaces get included in the report
  • src:
    • v8.getHeapCodeStatistics() is now exported

Changelog for Node v12.7.0 (LTS)

  • deps:
    • Updated nghttp2 to 1.39.1
    • Updated npm to 6.10.0
  • esm:
    • Implemented experimental "pkg-exports" proposal. A new "exports" field can be added to a module's package.json file to provide custom subpath aliasing. See proposal-pkg-exports for more information
  • http:
    • Added response.writableFinished
    • Exposed headers, rawHeaders and other fields on an http.ClientRequest "information" event
  • inspector:
    • Added inspector.waitForDebugger()
  • policy:
    • Added --policy-integrity=sri CLI option to mitigate policy tampering. If a policy integrity is specified and the policy does not have that integrity, Node.js will error prior to running any code
  • readline,tty:
    • Exposed stream API from various methods which write characters
  • src:
    • Use cgroups to get memory limits. This improves the way we set the memory ceiling for a Node.js process. Previously we would use the physical memory size to estimate the necessary V8 heap sizes. The physical memory size is not necessarily the correct limit, e.g. if the process is running inside a docker container or is otherwise constrained. This change adds the ability to get a memory limit set by linux cgroups, which is used by docker containers to set resource constraints

Changelog for Node v12.6.0 (LTS)

  • build:
    • Experimental support for building Node.js on MIPS architecture is back
  • child_process:
    • The promisified versions of child_process.exec and child_process.execFile now both return a Promise which has the child instance attached to their child property
  • deps: Updated libuv to 1.30.1
    • Support for the Haiku platform has been added.
    • The maximum UV_THREADPOOL_SIZE has been increased from 128 to 1024.
    • uv_fs_copyfile() now works properly when the source and destination files are the same.
  • process:
    • A new method, process.resourceUsage() was added. It returns resource usage for the current process, such as CPU time
  • src:
    • Fixed an issue related to stdio that could lead to a crash of the process in some circumstances
  • stream:
    • Added a writableFinished property to writable streams. It indicates that all the data has been flushed to the underlying system
  • worker:
    • Fixed an issue that prevented worker threads to listen for data on stdin

Node.js Current v13 Changelogs

Changelog for Node 13.9.0 (Current)

  • async_hooks: add executionAsyncResource
  • crypto:
    • add crypto.diffieHellman
    • add DH support to generateKeyPair
    • simplify DH groups
    • add key type 'dh'
  • test: skip keygen tests on arm systems
  • perf_hooks: add property flags to GCPerformanceEntry
  • process: report ArrayBuffer memory in memoryUsage()
  • readline: make tab size configurable
  • report: add support for Workers
  • worker: add ability to take heap snapshot from parent thread
  • added new collaborators: add ronag to collaborators

Changelog for Node 13.8.0 (Current)

This is a security release. Vulnerabilities fixed:

  • CVE-2019-15606: HTTP header values do not have trailing OWS trimmed.
  • CVE-2019-15605: HTTP request smuggling using malformed Transfer-Encoding header.
  • CVE-2019-15604: Remotely trigger an assertion on a TLS server with a malformed certificate string.

Also, HTTP parsing is more strict to be more secure. Since this may cause problems in interoperability with some non-conformant HTTP implementations, it is possible to disable the strict checks with the --insecure-http-parser command line flag, or the insecureHTTPParser http option. Using the insecure HTTP parser should be avoided.

Changelog for Node 13.7.0 (Current)

  • deps:
    • upgrade to libuv 1.34.1
    • upgrade npm to 6.13.6
  • module:
    • add API for interacting with source maps
    • loader getSource, getFormat, transform hooks
    • logical conditional exports ordering
    • unflag conditional exports
  • process:
    • allow monitoring uncaughtException

Changelog for Node 13.6.0 (Current)

  • assert:
    • Implement assert.match() and assert.doesNotMatch()
  • events:
    • Add EventEmitter.on to async iterate over events
    • Allow monitoring error events
  • fs:
    • Allow overriding fs for streams
  • perf_hooks:
    • Move perf_hooks out of experimental
  • repl:
    • Implement ZSH-like reverse-i-search
  • tls:
    • Add PSK (pre-shared key) support

Changelog for Node 13.5.0 (Current)

  • cli:
    • add --trace-exit cli option
  • http,https:
    • increase server headers timeout
  • readline:
    • update ansi-regex
    • promote _getCursorPos to public api
  • repl:
    • add completion preview
  • util:
    • add Set and map size to inspect output
  • wasi:
    • require CLI flag to require() wasi module

Changelog for Node 13.4.0 (Current)

For more details about the vulnerability please consult the npm blog

  • deps:
    • update npm to 6.13.4
    • update uvwasi
    • upgrade to libuv 1.34.0
  • doc:
    • docs deprecate http finished
  • events:
    • add captureRejection option
  • http:
    • add captureRejection support
    • llhttp opt-in insecure HTTP header parsing
  • http2:
    • implement capture rection for 'request' and 'stream' events
  • net:
    • implement capture rejections for 'connection' event
  • repl:
    • support previews by eager evaluating input
  • stream:
    • add support for captureRejection option
  • tls:
    • implement capture rejections for 'secureConnection' event
    • expose IETF name for current cipher suite
  • worker:
    • add argv constructor option

Changelog for Node 13.3.0 (Current)

  • fs:
    Reworked experimental recursive rmdir(). The maxBusyTries option is renamed to maxRetries, and its default is set to 0. The emfileWait option has been removed, and EMFILE errors use the same retry logic as other errors. The retryDelay option is now supported. ENFILE errors are now retried.
  • http: Make maximum header size configurable per-stream or per-server
  • http2: Make maximum tolerated rejected streams configurable. Allow to configure maximum tolerated invalid frames.
  • wasi: Introduce initial WASI support

Changelog for Node 13.2.0 (Current)

  • addons: Deprecate one- and two-argument AtExit(). Use the three-argument variant of AtExit() or AddEnvironmentCleanupHook() instead
  • child_process,cluster:
    The serialization option is added that allows child process IPC to use the V8 serialization API (to e.g., pass through data types like sets or maps)
  • deps: Update V8 to 7.9, Update npm to 6.13.1
  • embedder: Exposes the ability to pass cli flags / options through an API as embedder. Allow adding linked bindings to Environment.
  • esm: Unflag --experimental-modules
  • stream: Add writable.writableCorked property
  • worker: Allow specifying resource limits
  • v8: The Serialization API is now stable

Changelog for Node 13.1.0 (Current)

  • cli: Added a new flag (--trace-uncaught) that makes Node.js print the stack trace at the time of throwing uncaught exceptions, rather than at the creation of the Error object, if there is any. This is disabled by default because it affects GC behavior.
  • crypto: Added Hash.prototype.copy() method. It returns a new Hash object with its internal state cloned from the original one.
  • dgram: Added source-specific multicast support. This adds methods to Datagram sockets to support RFC 4607 for IPv4 and IPv6.
  • fs: Added a bufferSize option to fs.opendir(). It allows to control the number of entries that are buffered internally when reading from the directory.

Changelog for Node 13.0.1 (Current)

  • deps: Fixed a bug in npm 6.12.0 where warnings are emitted on Node.js 13.x
  • esm: Changed file extension resolution order of --es-module-specifier-resolution=node to match that of the CommonJS loader

Changelog for Node 13.0.0 (Current)

  • assert:
    • If the validation function passed to assert.throws() or assert.rejects() returns a value other than true, an assertion error will be thrown instead of the original error to highlight the programming mistake
    • If a constructor function is passed to validate the instance of errors thrown in assert.throws() or assert.reject(), an assertion error will be thrown instead of the original error
  • build:
    • Node.js releases are now built with default full-icu support. This means that all locales supported by ICU are now included and Intl-related APIs may return different values than before.
    • The minimum Xcode version supported for macOS was increased to 10. It is still possible to build Node.js with Xcode 8 but this may no longer be the case in a future v13.x release.
  • child_process:
    • ChildProcess._channel (DEP0129) is now a Runtime deprecation
  • console:
    The output console.timeEnd() and console.timeLog() will now automatically select a suitable time unit instead of always using milliseconds.
  • deps:
    The V8 engine was updated to version 7.8. This includes performance improvements to object destructuring, memory usage and WebAssembly startup time.
  • domain:
    The domain's error handler is now executed with the active domain set to the domain's parent to prevent inner recursion.
  • fs:
    • The undocumented method FSWatcher.prototype.start() was removed
    • Calling the open() method on a ReadStream or WriteStream now emits a runtime deprecation warning. The methods are supposed to be internal and should not be called by user code.
    • fs.read/write, fs.readSync/writeSync and fd.read/write now accept any safe integer as their offset parameter. The value of offset is also no longer coerced, so a valid type must be passed to the functions.
  • http:
    • Aborted requests no longer emit the end or error events after aborted
    • Data will no longer be emitted after a socket error
    • The legacy HTTP parser (previously available under the --http-parser=legacy flag) was removed
    • The host option for HTTP requests is now validated to be a string value
    • The request.connection and response.connection properties are now runtime deprecated. The equivalent request.socket and response.socket should be used instead
  • http, http2:
    • The default server timeout was removed,
    • Brought 425 status code name into accordance with RFC 8470. The name changed from "Unordered Collection" to "Too Early".
  • lib:
    • The error.errno property will now always be a number. To get the string value, use error.code instead.
  • module:
    • module.createRequireFromPath() is deprecated. Use module.createRequire() instead.
  • src:
    • Changing the value of process.env.TZ will now clear the tz cache. This affects the default time zone used by methods such as Date.prototype.toString.
  • stream:
    • The timing and behavior of streams was consolidated for a number of edge cases. Please look at the individual commits below for more information.deps:
      Fixed a bug in npm 6.12.0 where warnings are emitted on Node.js 13.x.

Learn More Node.js from RisingStack

At RisingStack we've been writing JavaScript / Node tutorials for the community in the past 5 years. If you're beginner to Node.js, we recommend checking out our Node Hero tutorial series! The goal of this series is to help you get started with Node.js and make sure you understand how to write an application using it.

As a sequel to Node Hero, we have completed another series called Node.js at Scale - which focuses on advanced Node / JavaScript topics. Take a look!

Related topics

The Node.js Community