Node.js 20 introduces permissions model

The Node.js Permission Model allows developers to restrict access to the file system, child processes, and worker threads during execution.

access control / authentication / privileges / security / key
Cybrain / Getty Images

Node.js 20 is available. The latest version of the popular JavaScript runtime introduces a permissions model for restricting resource access during execution. It’s currently an experimental feature, requiring a special flag to enable.

Introduced April 18, Node.js 20 can be accessed from nodejs.org as the “Current” release, carrying the latest features of the platform. It is slated to enter LTS (long-term support) status October 24, which typically guarantees bug fixes for at least 30 months.

With the experimental Node.js permission model, developers can restrict access to specific resources including the file system, child processes, and worker threads. Developers can use permissions to prevent applications from accessing or modifying sensitive data or running potentially harmful code. The API for this capability exists behind the flag --experimental-permission.

Also in Node.js 20, custom ECMAScript module loader hooks now run on a dedicated thread, isolated from the main thread. This separation creates a separate scope for loaders and ensures no cross-contamination between loaders and application code.

Other new features and changes in Node.js 20:

  • Node.js 20 binaries for Arm64 Windows are available, providing native execution on the platform.
  • The import.meta.resolve() function now returns synchronously, though user loader resolve hooks still can be defined as async functions.
  • The test_runner module has been marked as stable and is ready for production use.
  • Web Crypto API function argents now are coerced and validated as per their Web IDL definitions. This improves interoperability with other implementations of the API.
  • The WASI (WebAssembly System Interface) now must be specified.
  • The V8 JavaScript/WebAssembly engine is updated to version 11.3, bringing new JavaScript API capabilities including WebAssembly Tail Call, methods that change Array and TypedArray by copy, and a resizable ArrayBuffer and a growable SharedArrayBuffer.
  • The latest version of the URL parser, Ada 2.0, brings significant performance improvements to URL parsing. Ada 2.0 has been integrated into the Node.js codebase, ensuring that all parts of an application can benefit from the better performance.

The Node.js 19 release, which boosted HTTP throughput, arrived last October.

Copyright © 2023 IDG Communications, Inc.