← Back to all briefings
Developer 5 min read Published Updated Credibility 88/100

Runtime Briefing — Node.js 18 Enters Active LTS

Node.js 18 entered long-term support as the Hydrogen release line, locking in global fetch, test runner, and OpenSSL 3 foundations that organisations must adopt before Node.js 16 End-of-Life in September 2023.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: On 25 October 2022 the Node.js project promoted Node.js 18 to Long-Term Support (LTS) under the codename “Hydrogen.” The LTS release locks in features introduced across the 18.x line—global fetch(), the built-in test runner, Web Streams, Blob, BroadcastChannel, V8 10.2, and OpenSSL 3.0.7—and provides 30 months of support (active until October 2023, then maintenance until April 2025). Organisations currently running Node.js 14 or 16 must plan migrations to Node.js 18 LTS to maintain security coverage, especially since Node.js 16 reaches end of life in September 2023.

What’s in Node.js 18 LTS

  • Web platform APIs. Node.js 18 stabilises global fetch(), FormData, Headers, and Request/Response objects, enabling browser-compatible HTTP clients. Web Streams and Blob provide interoperable streaming primitives.
  • Built-in test runner. Introduced experimentally in Node.js 18.9, the node --test runner offers zero-dependency unit testing with TAP output and subtests.
  • OpenSSL 3. Node.js 18 links against OpenSSL 3, aligning with modern cryptography requirements and FIPS 140-3 roadmaps. Organisations must ensure native addons support the new crypto APIs.
  • V8 JavaScript engine updates. V8 10.2 includes performance improvements, class fields, and the Error.cause property for improved debugging.
  • Platform enhancements. Node.js 18 ships with npm 8, corepack for package manager shims, and node --watch (experimental) for file watching.

Migration considerations

  • Dependency compatibility. Audit package.json dependencies for Node.js 18 support. Check engines fields, update TypeScript targets, and ensure native modules provide prebuilt binaries for Node-API 8.
  • Testing. Run automated suites across Node.js 16 and Node.js 18 to detect regressions. Pay special attention to crypto, HTTP/2, and TLS integrations after the OpenSSL update.
  • Runtime configuration. Review environment variables and CLI flags that changed defaults (e.g., NODE_OPTIONS=--openssl-legacy-provider no longer required). Update container base images and CI pipelines to install Node.js 18.
  • Observability. Verify APM agents (Datadog, New Relic, Elastic) support Node.js 18. Some instrumentation requires updates for the new async hooks and Web Streams APIs.

Outcome testing and assurance

  • Performance benchmarks. Compare throughput and latency between Node.js 16 and 18 for representative workloads. Evaluate improvements from fetch/Web Streams and ensure no regressions occur.
  • Security validation. Run penetration testing or vulnerability scans to ensure TLS configurations remain compliant after migrating to OpenSSL 3. Review CSP and JWT libraries for compatibility.
  • Operational drills. Execute canary deployments, monitor error rates, and capture metrics (CPU, memory, GC pauses). Validate auto-scaling triggers in cloud environments.
  • Developer workflow trials. Encourage teams to trial the built-in test runner and node --watch to streamline local development. Collect feedback and update internal tooling accordingly.

Timeline management

Node.js 18 is in active LTS until October 2023, after which it enters maintenance mode. Plan major feature rollouts and dependency upgrades before the maintenance phase to take advantage of active support. Track Node.js security releases and subscribe to Node.js security mailing lists.

Organisations should schedule decommissioning of Node.js 16 environments ahead of September 2023. For workloads unable to migrate immediately, document risk acceptance, implement compensating controls, and plan expedited upgrades.

By adopting Node.js 18 LTS, engineering teams gain access to modern web APIs, improved security foundations, and an extended support window that aligns with enterprise maintenance requirements.

Application modernization opportunities

Node.js 18 LTS enables organisations to rationalise legacy code that depends on request libraries or custom HTTP wrappers now superseded by fetch and Web Streams. Platform teams can create modernization playbooks that replace deprecated packages (request, node-fetch polyfills, custom promise wrappers) with native APIs, reducing maintenance burden. Evaluate logging frameworks and observability pipelines to leverage the new diagnostics_channel improvements and align with OpenTelemetry instrumentation.

DevOps and CI/CD alignment

Update CI pipelines to use the official Node.js 18 container images, GitHub Actions runners, or Azure DevOps tasks. Ensure caching strategies (npm ci, pnpm, yarn) are compatible with npm 8. Configure vulnerability scanning for container images and dependencies using tools like Trivy, Snyk, or GitHub Dependabot, and enforce policy gates before production deployment.

Infrastructure teams should review container orchestration limits, as Node.js 18’s memory profile may differ from prior versions. Capture performance benchmarks, adjust horizontal pod autoscaler targets, and validate autoscaling for serverless workloads (AWS Lambda, Google Cloud Functions, Azure Functions) that now default to Node.js 18 runtimes.

Governance and change management

Document upgrade plans in change management systems, capturing stakeholder approvals, rollback strategies, and communication timelines. Provide release notes summaries to product teams highlighting user-facing benefits (faster APIs, improved crypto compliance). Update disaster recovery runbooks to ensure backup images and environment snapshots use Node.js 18.

Training and community engagement

Offer workshops on using the built-in test runner, fetch API, and Web Streams. Encourage engineers to participate in the Node.js Mentorship program or contribute to ecosystem packages to accelerate compatibility fixes. Maintain internal wikis with sample code, migration checklists, and troubleshooting guides capturing lessons learned during early rollouts.

Long-term roadmap

Plan for subsequent upgrades to Node.js 20 (April 2023) and Node.js 22 (2024) by establishing evergreen testing pipelines. Organisations that institutionalise regular runtime upgrades reduce technical debt and security exposure. Track emerging proposals like Fetch Mocking, Permission Model, and Single Executable Applications to anticipate future tooling investments.

When coordinating cross-team migrations, establish a Node.js 18 champions network that meets regularly to share blockers, performance data, and success stories. Provide leadership with burndown charts that track percentage of services migrated, remaining technical debt, and key risks requiring escalation.

Security operations

Coordinate with security operations centres (SOCs) to ensure log pipelines capture Node.js 18-specific telemetry—such as warnings from the test runner, fetch deprecation notices, or OpenSSL errors. Update intrusion detection signatures and runtime protection policies to account for new process names, container images, or network behaviours introduced during the migration.

Ensure third-party vendors and managed service providers supporting Node.js workloads commit to Node.js 18 compatibility in their contracts. Update vendor questionnaires to include runtime support timelines, patch delivery expectations, and vulnerability disclosure commitments.

Document lessons learned from earlier runtime upgrades (Node.js 14→16) and reuse proven tactics—such as feature flags, blue/green deployments, and rollback automation—to de-risk the Node.js 18 rollout. Capture post-migration retrospectives to inform future transitions.

Establish quantitative success criteria—such as target percentages of automated test coverage, performance benchmarks, and error rate thresholds—to declare migration complete. Regularly report progress to leadership and celebrate milestones to maintain momentum.

Timeline plotting source publication cadence sized by credibility.
3 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Node.js LTS
  • Platform lifecycle
  • JavaScript operations
  • Upgrade planning
Back to curated briefings