Developer Briefing — April 19, 2022
Node.js 18 debuted on April 19 2022 as the project’s ‘Current’ release line. In addition to an update to V8 10.1 and planned promotion to long‑term support (LTS) status in October 2022 with the codename Hydrogen (supported through April 2025), version 18 introduces a suite of developer‑friendly features: an experimental global `fetch()` API and Web Streams API enable browser‑style HTTP requests and streaming data without external libraries【32182385584562†L34-L63】, a new `node:test` module simplifies writing TAP‑compliant tests【32182385584562†L100-L124】, and global availability of `Blob` and `BroadcastChannel` makes cross‑platform code easier to write【32182385584562†L88-L98】. Other improvements include a `--watch` flag for automatic restarts during development, prefix‑only core module imports, default support for OpenSSL 3 (bringing FIPS 140‑3 certified crypto), updated toolchains and compiler requirements for Linux, macOS and AIX, and default HTTP server timeout values. Together, these changes modernise Node’s runtime and prepare it for contemporary application architectures.
Executive summary. Node.js is a popular JavaScript runtime used for everything from API back‑ends to command‑line tooling. On April 19 2022 the Node.js team released Node.js 18, starting the next semi‑annual release cycle and kicking off a six‑month ‘Current’ period before long‑term support (LTS) designation in October 2022. This briefing summarises the major new features and platform changes introduced in Node 18, explains how they impact developers and operations teams, and provides guidance for adopting the release in production.
Context and release cadence
Node.js follows a predictable release schedule with new major versions every six months. Each release enters a ‘Current’ phase for six months and then becomes an LTS release maintained for 30 months. Node 18 replaces Node 17 as the Current release and will be supported until April 2025 when it reaches end‑of‑life. The codename for Node 18 LTS is Hydrogen; Node 18 brings stability and performance improvements along with more browser‑compatible APIs. Organisations running Node 16 should begin planning their upgrade path, as Node 16 will enter maintenance in September 2023.
New browser‑compatible APIs
Global fetch() API. Node 18 makes the browser‑style fetch() API available
universally by default【32182385584562†L34-L63】. Previously developers relied on modules such as
node-fetch or axios for HTTP requests. The built‑in implementation from the
Undici project provides spec‑compliant fetch, FormData, Headers,
Request, and Response objects【32182385584562†L61-L63】. As of Node 18 the API is
still marked “experimental” and can be disabled with the --no‑experimental‑fetch
flag. Because the API is globally available, migrating codebases to use
fetch() can simplify dependency management and improve portability between
browser and server environments.
Web Streams API. In addition to fetch(), Node 18 exposes the Web Streams API
on the global scope【32182385584562†L71-L84】. This makes classes such as
ReadableStream, WritableStream and TransformStream available without
importing additional modules. The Web Streams API enables developers to consume
and produce stream data using the same patterns as in browsers—for example,
transforming a stream of network responses or piping compressed data through
CompressionStream and DecompressionStream. Because the streams
implementation remains experimental, the Node project encourages community
participation and testing.
Other global APIs. Two additional browser APIs—Blob and BroadcastChannel—are now
available globally【32182385584562†L88-L98】. Blob provides an immutable data container for
binary and text data, while BroadcastChannel enables one‑to‑many messaging across
worker threads or between different browser contexts. Exposing these APIs reduces
polyfill usage and simplifies cross‑platform code.
Experimental test runner
Node 18 introduces a core test runner module (node:test)【32182385584562†L100-L124】. The
module provides a TAP‑compliant testing interface, letting developers define tests
and subtests using the familiar t.test() pattern. While community tools like
Jest and Mocha remain more feature‑rich, the built‑in runner makes it easier to
bundle simple test suites without additional dependencies. The module is
available using the node: prefix (e.g., import test from 'node:test') and
supports features such as skipping tests, running callback‑based tests and
reporting in TAP format. Because the runner is experimental, it may change
before LTS; however, it signals the Node project’s intent to provide first‑party
observability and testing tools.
Prefix‑only core modules and --watch flag
To clarify which modules are part of Node core, version 18 now allows importing
core modules only using the node: prefix. This convention helps differentiate
core modules from userland packages and reduces accidental shadowing. The release
also adds a new --watch flag that watches source files and automatically
restarts the process on changes, similar to third‑party tools like nodemon. The
flag can be combined with --watch-path to specify which directories or files to
observe【475149748111583†L232-L243】. For teams using watch mode, this reduces the
overhead of running external watchers and improves the development feedback loop.
Performance and engine upgrades
V8 10.1 upgrade. Node 18 includes version 10.1 of the V8 JavaScript engine.
The upgrade brings new ECMAScript features—such as Array.prototype.findLast and
Array.prototype.findLastIndex—as well as enhanced internationalisation APIs
(Intl.Locale and Intl.supportedValuesOf)【475149748111583†L340-L349】. It also improves
performance of class fields and private methods【475149748111583†L340-L350】. Developers should
check for any breaking changes around serialization (the data format of
v8.serialize has changed) and ensure their applications are tested on the new
engine.
OpenSSL 3.0 and security improvements. Node 18 is compiled against OpenSSL 3.0, which introduces a new FIPS 140‑3 validated cryptographic module and updated algorithms. For security‑sensitive environments, using Node 18 ensures compliance with modern cryptographic standards. The release also raises minimum toolchain requirements: Linux binaries are built on RHEL 8 (glibc 2.28), macOS builds require macOS 10.15+, and AIX builds require Power 8【32182385584562†L130-L140】. Prebuilt binaries for 32‑bit Windows are initially unavailable due to V8 build issues【32182385584562†L141-L144】, so teams should plan accordingly.
HTTP server timeout defaults. The default HTTP server timeouts have been
adjusted: headersTimeout is now 60 seconds and requestTimeout is 5 minutes【475149748111583†L375-L383】.
These new values mitigate slow loris attacks while still allowing long‑running
requests. For high‑traffic services, verify that your application logic handles
these timeouts gracefully.
Undici adoption and Web Socket improvements. Node 18 ships the
undici HTTP client library in core, providing a modern, spec‑compliant
implementation of HTTP 1.1. The release also adds support for HTTP/2 response
trailing headers and builds on top of the experimental Web Socket global.
Applications that previously depended on third‑party clients may consider
migrating to Undici for lower overhead and built‑in support.
Developer impact and upgrade considerations
Version 18 emphasises improved ergonomics and cross‑platform parity. Migrating to
Node 18 gives developers immediate access to fetch() and Web Streams without
polyfills and introduces new core tooling such as node:test and --watch.
However, there are key considerations:
- Dependency compatibility. Ensure that key dependencies (e.g., Express,
Fastify, Prisma) are compatible with Node 18. Most major libraries
already support Node 18; check the
enginesfield inpackage.json. - Toolchain readiness. Review CI/CD pipelines to ensure they use updated build environments (RHEL 8 or later on Linux)【32182385584562†L130-L140】. For Windows, confirm 64‑bit builds are used.
- Feature flags. The fetch API and Web Streams are experimental; be prepared for API changes before the October 2022 LTS release.
- Security posture. Adopt OpenSSL 3.0 features and update cipher suites. If FIPS compliance is required, enable the FIPS provider at startup.
- Performance tuning. Test workloads under V8 10.1 to identify performance regressions or improvements and adjust timeouts as needed.
Implications for organisations and communities
Because Node.js powers serverless functions, microservices and edge runtimes, the release of Node 18 will ripple across infrastructure. Enterprise teams should allocate time to test the release in staging environments and plan adoption before Node 16 enters maintenance. The new test runner and watch flag make local development smoother and reduce reliance on external tools. Expanded browser‑compatible APIs help unify client and server codebases, simplifying training and onboarding. With OpenSSL 3.0 and improved toolchain support, Node 18 also addresses regulatory requirements and raises the security baseline.
Zeph Tech analysis and recommendations
The Node 18 release underscores Node.js’s evolution from a server‑side runtime to a full‑stack platform. Zeph Tech recommends that teams:
- Upgrade non‑production environments to Node 18 to familiarise developers
with
fetch(), Web Streams and the test runner. - Review build infrastructure and ensure toolchains meet the new minimum requirements; update container base images accordingly.
- Refactor HTTP clients to use the global fetch API where appropriate and evaluate Undici for high‑throughput scenarios.
- Enable the experimental test runner for simple projects and gradually migrate unit tests, but retain mature frameworks for complex suites.
- Monitor the Node.js release schedule; upgrade to the LTS version once Node 18 transitions in October 2022 and actively test pre‑release builds.
With these steps, organisations can take advantage of the modern APIs and performance improvements introduced in Node 18 while maintaining stability and security.
Continue in the Developer pillar
Return to the hub for curated research and deep-dive guides.
Latest guides
-
Secure Software Supply Chain Tooling Guide — Zeph Tech
Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…
-
AI-Assisted Development Governance Guide — Zeph Tech
Govern GitHub Copilot, Azure AI, and internal generative assistants with controls aligned to NIST AI RMF 1.0, EU AI Act enforcement timelines, OMB M-24-10, and enterprise privacy…
-
Developer Enablement & Platform Operations Guide — Zeph Tech
Plan AI-assisted development, secure SDLC controls, and runtime upgrades using Zeph Tech research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.