The latest release of Node.js under the microscope

By: Colin Ihrig

On November 17th, 2015, the Node.js team released version 5.1.0. If you glance over the official release blog post, you’ll notice that the release contains 136 individual commits, a larger than average number. There are a few reasons for this, which I’ll briefly touch on here.

First, you’ll notice that 65 of the commits – roughly 48% of the total – target the documentation (labeled as doc). Node’s documentation is always in need of improvement and often serves as a good starting point for new contributors. In this particular release, a large number of the documentation commits (32) can be attributed to pull request #3662. This PR sorts the documentation, which makes information easier to locate.

Node’s tests are another area that can always be improved. The 5.1.0 release contains 22 commits that address the tests. Some of these commits add new tests to prevent regressions. However, many of them fix “flaky tests” (tests that fail only occasionally, for seemingly no reason). The Node.js continuous integration (CI) setup runs hundreds of tests on numerous platforms for each commit. Because flaky tests reduce our confidence in the CI results, fixes for flaky tests are extremely valuable.

The topic of the CI brings me to my third and final point about the number of commits in this release. A security vulnerability was found in Jenkins, the software powering Node’s CI. To the best of our knowledge, the CI was not exploited. However, Node’s build team did their due diligence, and brought the CI back to a secure state. During this time, the CI was somewhat unreliable. Because we could not test our code up to the normal standards, it was inappropriate to make a release.

So, now that the CI is back in working order, what does this release contain besides test and documentation changes? For starters, there are a number of bug fixes. For example, thechild_processmodule’ssend() function, and the clustermodule’s suicideproperty now behave as documented. Among other bug fixes, the REPL no longer crashes if its history file cannot be opened.

Release 5.1.0 also updates several of Node’s dependencies. Specifically, V8 was updated to version (sorry, no new ES6 features), and the http-parser was updated to version 2.6.0, which adds support for the LINK, UNLINK, BIND, REBIND  and UNBIND HTTP methods, among other things.

Finally, what Node release would be complete without a new version of npm? This release updates the bundled version of npm from 3.3.6 to 3.3.12 (see npm release notes).

Node 5.1.0 is the latest in the stable release line. We recommend using the stable release line if you are able to upgrade relatively painlessly, or if your use case for Node.js is not deemed mission critical. If you are unable or unwilling to track the stable release line for whatever reason, then you are strongly advised to use the Argon LTS release line (Node 4.2.x).

By: Colin Ihrig

Colin Ihrig is a senior software engineer at nearForm. He is a Node.js collaborator and a member of the Node.js Core Technical Committee. Colin is also a member of the hapi.js core team. He is the author of several books, including Pro Node.js for Developers and Full Stack JavaScript Development with MEAN (co-author).