Node.js 8 brings sanity to native module dependencies

In addition to runtime, URL parsing, and buffer improvements, the new release promises to preserve native module dependencies across upgrades

Node.js 8 brings sanity to native module dependencies

Node.js, the popular server-side JavaScript platform, has been upgraded with improvements related to the runtime, buffer security, URL parsing, and preserving dependencies on native modules across major Node.js upgrades.

On the module dependencies front, Node.js 8.0.0, released today by the Node.js Foundation, introduces the Node.js API, or N-API, albeit still behind an experimental flag. The N-API is designed to eliminate the breakage of dependencies on native modules that happens between release lines.

Although native modules are a small portion of the modular ecosystem, 30 percent of all JavaScript modules rely indirectly on native modules, which are written in C or C++ and are bound to the Chrome V8 JavaScript engine. “Every time Node.js has a major release update, package maintainers have to update these dependencies,” the foundation said.

The upgrade also features the V8 5.8 JavaScript runtime, improving performance and offering developer-facing APIs. With the V8 5.8 engine, Node is set up for a transition to the Turbofan and Ignition compiler pipeline, enabling lower memory consumption and faster application startup times. The V8 5.8 engine has forward ABI (application binary interface) compatibility with V8 5.9 and the upcoming V8 6.0 release, the foundation said. The Node 8 line is expected to move to V8 5.9 and possibly V8 6.0 at some point. TurboFan and Ignition will be enabled by default with V8 5.9.

In the buffer realm, the zero-filling buffer and a new buffer are added by default. “The benefit of the zero-filling buffer helps with security and privacy to prevent information leaks,” the foundation said. “However, the downside with this buffer is that folks using it will take performance hits, but this can be avoided by migrating to buffer.allocUnsafe().” Developers should use this function only if they are aware of risks and have the know-how to avoid these problems.

With the Node 8 release, the WHATWG URL parser moves from an experimental stage to being fully supported. The URL implementation and API in WHATWG matches what is available in browsers such as Chrome, Firefox, Edge, and Safari, enabling the sharing of code using URLs across these different environments.

Also featured in Node 8 is the newly released NPM 5 client. Other capabilities include insights via tracing and async tracking features. The async_hooks module, updated in Node 8, provides a diagnostics API for monitoring the Node event loop, making it easier to debug and track changes and enabling tooling providers to pinpoint performance degradation. An experimental inspector core module, meanwhile, lets developers use the debug protocol used by the Chrome inspector to inspect running JavaScript code. Finally, improved promises support, via the util.promisify() API, lets developers wrap callback APIs to return promises with little overhead.

Node 8 replaces Node 7 in the current release line and will become the Long Term Support release in October. The LTS line is focused on stability and security and is recommended for enterprise deployments.

Copyright © 2017 IDG Communications, Inc.