← Back to all briefings
Developer 6 min read Published Updated Credibility 88/100

Node.js 18 Enters Active LTS

Node.js 18 entered long-term support as the Hydrogen release line, locking in global fetch, test runner, and OpenSSL 3 foundations that teams must adopt before Node.js 16 End-of-Life in September 2023.

Kodi C.

Editor & Research Lead

Fact-checked and reviewed — Kodi C.

Developer pillar illustration for Zeph Tech briefings
Developer enablement and platform engineering briefings

On 25 October 2022 the Node.js project promoted Node.js 18 to Long-Term Support (LTS) under the codename “Hydrogen.” The LTS release locks in features introduced across the 18.x line—global fetch(), the built-in test runner, Web Streams, Blob, BroadcastChannel, V8 10.2, and OpenSSL 3.0.7—and provides 30 months of support (active until October 2023, then maintenance until April 2025). Teams currently running Node.js 14 or 16 must plan migrations to Node.js 18 LTS to maintain security coverage, especially since Node.js 16 reaches end of life in September 2023.

What’s in Node.js 18 LTS

  • Web platform APIs. Node.js 18 stabilizes global fetch(), FormData, Headers, and Request/Response objects, enabling browser-compatible HTTP clients. Web Streams and Blob provide interoperable streaming primitives.
  • Built-in test runner. Introduced experimentally in Node.js 18.9, the node --test runner offers zero-dependency unit testing with TAP output and subtests.
  • OpenSSL 3. Node.js 18 links against OpenSSL 3, aligning with modern cryptography requirements and FIPS 140-3 roadmaps. Teams must ensure native addons support the new crypto APIs.
  • V8 JavaScript engine updates. V8 10.2 includes performance improvements, class fields, and the Error.cause property for improved debugging.
  • Platform improvements. Node.js 18 ships with npm 8, corepack for package manager shims, and node --watch (experimental) for file watching.

Migration considerations

  • Dependency compatibility. Audit package.json dependencies for Node.js 18 support. Check engines fields, update TypeScript targets, and ensure native modules provide prebuilt binaries for Node-API 8.
  • Testing. Run automated suites across Node.js 16 and Node.js 18 to detect regressions. Pay special attention to crypto, HTTP/2, and TLS integrations after the OpenSSL update.
  • Runtime configuration. Review environment variables and CLI flags that changed defaults (for example, NODE_OPTIONS=--openssl-legacy-provider no longer required). Update container base images and CI pipelines to install Node.js 18.
  • Observability. Verify APM agents (Datadog, New Relic, Elastic) support Node.js 18. Some instrumentation requires updates for the new async hooks and Web Streams APIs.

Outcome testing and assurance

  • Performance benchmarks. Compare throughput and latency between Node.js 16 and 18 for representative workloads. Evaluate improvements from fetch/Web Streams and ensure no regressions occur.
  • Security validation. Run penetration testing or vulnerability scans to ensure TLS configurations remain compliant after migrating to OpenSSL 3. Review CSP and JWT libraries for compatibility.
  • Operational drills. Execute canary deployments, monitor error rates, and capture metrics (CPU, memory, GC pauses). Validate auto-scaling triggers in cloud environments.
  • Developer workflow trials. Encourage teams to trial the built-in test runner and node --watch to simplify local development. Collect feedback and update internal tooling as needed.

Timeline management

Node.js 18 is in active LTS until October 2023, after which it enters maintenance mode. Plan major feature rollouts and dependency upgrades before the maintenance phase to take advantage of active support. Track Node.js security releases and subscribe to Node.js security mailing lists.

Teams should schedule decommissioning of Node.js 16 environments ahead of September 2023. For workloads unable to migrate immediately, document risk acceptance, implement compensating controls, and plan speed up upgrades.

By adopting Node.js 18 LTS, engineering teams gain access to modern web APIs, improved security foundations, and an extended support window that aligns with enterprise maintenance requirements.

Application modernization opportunities

Node.js 18 LTS enables teams to rationalise legacy code that depends on request libraries or custom HTTP wrappers now superseded by fetch and Web Streams. Platform teams can create modernization playbooks that replace deprecated packages (request, node-fetch polyfills, custom promise wrappers) with native APIs, reducing maintenance burden. Evaluate logging frameworks and observability pipelines to use the new diagnostics_channel improvements and align with OpenTelemetry instrumentation.

DevOps and CI/CD alignment

Update CI pipelines to use the official Node.js 18 container images, GitHub Actions runners, or Azure DevOps tasks. Ensure caching strategies (npm ci, pnpm, yarn) are compatible with npm 8. Configure vulnerability scanning for container images and dependencies using tools like Trivy, Snyk, or GitHub Dependabot, and enforce policy gates before production deployment.

Infrastructure teams should review container orchestration limits, as Node.js 18’s memory profile may differ from prior versions. Capture performance benchmarks, adjust horizontal pod autoscaler targets, and validate autoscaling for serverless workloads (AWS Lambda, Google Cloud Functions, Azure Functions) that now default to Node.js 18 runtimes.

Governance and change management

Document upgrade plans in change management systems, capturing stakeholder approvals, rollback strategies, and communication timelines. Provide release notes summaries to product teams highlighting user-facing benefits (faster APIs, improved crypto compliance). Update disaster recovery runbooks to ensure backup images and environment snapshots use Node.js 18.

Training and community engagement

Offer workshops on using the built-in test runner, fetch API, and Web Streams. Encourage engineers to participate in the Node.js Mentorship program or contribute to ecosystem packages to accelerate compatibility fixes. Maintain internal wikis with sample code, migration checklists, and troubleshooting guides capturing lessons learned during early rollouts.

Long-term roadmap

Plan for subsequent upgrades to Node.js 20 (April 2023) and Node.js 22 (2024) by establishing evergreen testing pipelines. Teams that institutionalise regular runtime upgrades reduce technical debt and security exposure. Track emerging proposals like Fetch Mocking, Permission Model, and Single Executable Applications to anticipate future tooling investments.

When coordinating cross-team migrations, set up a Node.js 18 champions network that meets regularly to share blockers, performance data, and success stories. Provide leadership with burndown charts that track percentage of services migrated, remaining technical debt, and key risks requiring escalation.

Security operations

Coordinate with security operations centers (SOCs) to ensure log pipelines capture Node.js 18-specific telemetry—such as warnings from the test runner, fetch deprecation notices, or OpenSSL errors. Update intrusion detection signatures and runtime protection policies to account for new process names, container images, or network behaviors introduced during the migration.

Ensure third-party vendors and managed service providers supporting Node.js workloads commit to Node.js 18 compatibility in their contracts. Update vendor questionnaires to include runtime support timelines, patch delivery expectations, and vulnerability disclosure commitments.

Document lessons learned from earlier runtime upgrades (Node.js 14→16) and reuse proven tactics—such as feature flags, blue/green deployments, and rollback automation—to de-risk the Node.js 18 rollout. Capture post-migration retrospectives to inform future transitions.

Establish quantitative success criteria—such as target percentages of automated test coverage, performance benchmarks, and error rate thresholds—to declare migration complete. Regularly report progress to leadership and celebrate milestones to maintain momentum.

More on this topic

Further reading from our research library.

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • Secure Software Supply Chain Tooling Guide

    Engineer developer platforms that deliver verifiable provenance, SBOM distribution, vendor assurance, and runtime integrity aligned with SLSA v1.0, NIST SP 800-204D, and CISA SBOM…

  • AI-Assisted Development Governance Guide

    Govern GitHub Copilot, Azure AI, and internal generative assistants with controls aligned to NIST AI RMF 1.0, EU AI Act enforcement timelines, OMB M-24-10, and enterprise privacy…

  • Developer Enablement & Platform Operations Guide

    Plan AI-assisted development, secure SDLC controls, and runtime upgrades using our research on GitHub Copilot, GitHub Advanced Security, and major language lifecycles.

Coverage intelligence

Published
Coverage pillar
Developer
Source credibility
88/100 — high confidence
Topics
Node.js LTS · Platform lifecycle · JavaScript operations · Upgrade planning
Sources cited
3 sources (nodejs.org, github.com)
Reading time
6 min

Source material

  1. Node.js 18 LTS (Hydrogen) — Node.js Project
  2. Node.js Release Schedule — Node.js Project
  3. Node.js 18.x Release Notes — Node.js Project
  • Node.js LTS
  • Platform lifecycle
  • JavaScript operations
  • Upgrade planning
Back to curated briefings

Comments

Community

We publish only high-quality, respectful contributions. Every submission is reviewed for clarity, sourcing, and safety before it appears here.

    Share your perspective

    Submissions showing "Awaiting moderation" are in review. Spam, low-effort posts, or unverifiable claims will be rejected. We verify submissions with the email you provide, and we never publish or sell that address.

    Verification

    Complete the CAPTCHA to submit.