News

Open Source Node.js Hits v10, with Better Security, Performance, More

The open source Node.js project for server-side JavaScript today hit a major milestone with the release of version 10.0.0.

It marks the seventh major release of the cross-platform JavaScript runtime since the formation of the governing Node.js Foundation in 2015. Node.js itself debuted in 2009, promising a unified JavaScript-based Web application platform that allowed for creating dynamic sites with server-side code, rather than just static client code embedded in browsers.

Built on Chrome's V8 JavaScript engine, Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, says the Node.js Foundation, itself under the umbrella of The Linux Foundation. It's tightly associated with the widely used npm (which can be interpreted as "node package manager") ecosystem, described as the biggest collection of open source libraries anywhere.

Speaking of which, the brand-new Node.js 10.0 is expected to soon support npm version 6 (currently Node.js ships with npm 5.7.x). The company npm Inc., which maintains the npm software package management application, today announced that major update, called npm@6. The npm company said its JavaScript software installer tool includes new security features for developers working with open source code.

Security is also a major focus of the Node.js 10.x release line, which is the first to upgrade to OpenSSL version 1.1.0.

"Node.js is now able to take full advantage of the significant work in code quality, clean-up and modernization undertaken by the OpenSSL team -- supported by the Core Infrastructure Initiative, a Linux Foundation project," The Node.js Foundation said in a Medium post. "Node.js can now extend its cryptographic support to the much requested ChaCha20 cipher and Poly1305 authenticator. Together these contribute to the modern cryptographic landscape and expand the options available for using 'AEAD' cipher suites, the current gold-standard for encrypted communication on the Web."

Other new features in the 10.x release line include:

  • The Google V8 v6.6 JavaScript engine, featuring performance enhancements, error handling improvements, and better diagnostics around trace events and post mortem.
  • Node.js API (N-API), which now graduates out of experimental mode. N-API is described as "a stable module API that is independent from changes in V8 allowing modules to run against newer versions of Node.js without recompilation."
  • Error handling improvements with the progressive adoption of error codes in order to ease consistent error checking. "The use of error codes allows message text to be updated without breaking applications (as applications should be using the error code)," the Foundation said.
  • Performance improvements coming with the latest version of V8, which includes promise, async generator and array performance enhancements. "Improvements for promises and async functions closes the gap between async functions and desugarded promise chains for better performance results," the Foundation said. More information is available in this V8 blog post.

"In the next six months, enterprises should pay close attention and work on upgrading paths to migrate to this release line," the Foundation said, noting that in October it will become the new active Long Term Support release line.

More information on new features and downloading the new version will be available here (expected to be updated today, but still featuring 9.11.1 at the time of this writing).

About the Author

David Ramel is an editor and writer at Converge 360.