Community

Node.js Introduces Never-Ending Support (NES) in Collaboration with HeroDevs


The OpenJS Foundation is excited to share that Node.js Never-Ending-Support is now available for outdated versions of Node.js through its partnership with HeroDevs. Data shows that two thirds of Node.js users do not upgrade, putting themselves at risk. Providing long-term support for legacy versions of Node.js is part of the OpenJS Ecosystem Sustainability Program (ESP), designed to secure outdated software while creating new revenue streams for our projects and commercial partners.

Developers and companies alike have repeatedly asked the Node.js open source project team to extend the Long Term Support (LTS) range from the current 3 years to 5 or more. This poses significant challenges, the biggest of which is OpenSSL release strategy, which does not offer visibility more than a couple of years in advance. As a result, the Node.js maintainers couldn’t extend LTS past this window.

Upgrading open source software versions is always the preferred choice. However, if this is a short or long term challenge, this Node.js NES from HeroDevs is a good solution. This includes the commercial and post-LTS version of OpenSSL.

This collaboration strengthens HeroDevs' role as a key partner in the ESP, enabling them to offer Never-Ending Support (NES) for Node.js to organizations that rely on older versions. The partnership ensures ongoing security, compliance, and stability for businesses using legacy Node.js applications.

As Node.js remains a core technology in enterprise-level applications, many companies face the challenge of maintaining outdated versions that no longer receive official updates. These applications are vulnerable to cyberattacks without regular security patches, jeopardizing data integrity and compliance with industry regulations. Through this partnership, HeroDevs will provide critical support, allowing businesses to safely extend the lifecycle of their Node.js applications without the risks associated with unsupported software.

HeroDevs' ongoing security updates for deprecated Node.js versions will enable businesses to continue operating securely while planning their migration to newer versions, ensuring they meet essential regulatory requirements like PCI, HIPAA, SOC2, and FedRAMP.

This partnership aligns with HeroDevs' mission to provide dependable, long-term support for companies using end-of-life software. By ensuring older versions of Node.js remain secure and operational, HeroDevs helps businesses mitigate security risks and maintain compliance, minimizing the challenges of running unsupported software.

Keeping Node.js up to date is always best for security. Node.js has a well documented and predictable release schedule. Alongside this NES milestone, the Node.js maintainers recently released the latest release of Node.js 23.1. This version brings enhancements that will help developers build more resilient and performant applications, reflecting our commitment to the continued growth and sustainability of the Node.js ecosystem.

You can also help ensure your Node.js version is secure, by using npx is-my-node-vulnerable. Created by the Node.js security team, this tool checks for known vulnerabilities to help safeguard your projects. 

Read more here and here.