Node.js APIs might be deprecated for any of the following reasons:
- Use of the API is unsafe.
- An improved alternative API is available.
- Breaking changes to the API are expected in a future major release.
Node.js uses four kinds of deprecations:
- Documentation-only
- Application (non-
node_modules
code only) - Runtime (all code)
- End-of-Life
A Documentation-only deprecation is one that is expressed only within the
Node.js API docs. These generate no side-effects while running Node.js.
Some Documentation-only deprecations trigger a runtime warning when launched
with --pending-deprecation
flag (or its alternative,
NODE_PENDING_DEPRECATION=1
environment variable), similarly to Runtime
deprecations below. Documentation-only deprecations that support that flag
are explicitly labeled as such in the
list of Deprecated APIs.
An Application deprecation for only non-node_modules
code will, by default,
generate a process warning that will be printed to stderr
the first time
the deprecated API is used in code that's not loaded from node_modules
.
When the --throw-deprecation
command-line flag is used, a Runtime
deprecation will cause an error to be thrown. When
--pending-deprecation
is used, warnings will also be emitted for
code loaded from node_modules
.
A runtime deprecation for all code is similar to the runtime deprecation
for non-node_modules
code, except that it also emits a warning for
code loaded from node_modules
.
An End-of-Life deprecation is used when functionality is or will soon be removed from Node.js.
Occasionally, the deprecation of an API might be reversed. In such situations, this document will be updated with information relevant to the decision. However, the deprecation identifier will not be modified.
Type: End-of-Life
OutgoingMessage.prototype.flush()
has been removed. Use
OutgoingMessage.prototype.flushHeaders()
instead.
Type: End-of-Life
The _linklist
module is deprecated. Please use a userland alternative.
Type: End-of-Life
The _writableState.buffer
has been removed. Use _writableState.getBuffer()
instead.
Type: End-of-Life
The CryptoStream.prototype.readyState
property was removed.
Type: Application (non-node_modules
code only)
The Buffer()
function and new Buffer()
constructor are deprecated due to
API usability issues that can lead to accidental security issues.
As an alternative, use one of the following methods of constructing Buffer
objects:
Buffer.alloc(size[, fill[, encoding]])
: Create aBuffer
with initialized memory.Buffer.allocUnsafe(size)
: Create aBuffer
with uninitialized memory.Buffer.allocUnsafeSlow(size)
: Create aBuffer
with uninitialized memory.Buffer.from(array)
: Create aBuffer
with a copy ofarray
Buffer.from(arrayBuffer[, byteOffset[, length]])
- Create aBuffer
that wraps the givenarrayBuffer
.Buffer.from(buffer)
: Create aBuffer
that copiesbuffer
.Buffer.from(string[, encoding])
: Create aBuffer
that copiesstring
.
Without --pending-deprecation
, runtime warnings occur only for code not in
node_modules
. This means there will not be deprecation warnings for
Buffer()
usage in dependencies. With --pending-deprecation
, a runtime
warning results no matter where the Buffer()
usage occurs.
Type: End-of-Life
Within the child_process
module's spawn()
, fork()
, and exec()
methods, the options.customFds
option is deprecated. The options.stdio
option should be used instead.
Type: End-of-Life
In an earlier version of the Node.js cluster
, a boolean property with the name
suicide
was added to the Worker
object. The intent of this property was to
provide an indication of how and why the Worker
instance exited. In Node.js
6.0.0, the old property was deprecated and replaced with a new
worker.exitedAfterDisconnect
property. The old property name did not
precisely describe the actual semantics and was unnecessarily emotion-laden.
Type: Documentation-only
The node:constants
module is deprecated. When requiring access to constants
relevant to specific Node.js builtin modules, developers should instead refer
to the constants
property exposed by the relevant module. For instance,
require('node:fs').constants
and require('node:os').constants
.
Type: End-of-Life
Use of the crypto.pbkdf2()
API without specifying a digest was deprecated
in Node.js 6.0 because the method defaulted to using the non-recommended
'SHA1'
digest. Previously, a deprecation warning was printed. Starting in
Node.js 8.0.0, calling crypto.pbkdf2()
or crypto.pbkdf2Sync()
with
digest
set to undefined
will throw a TypeError
.
Beginning in Node.js v11.0.0, calling these functions with digest
set to
null
would print a deprecation warning to align with the behavior when digest
is undefined
.
Now, however, passing either undefined
or null
will throw a TypeError
.
Type: End-of-Life
The crypto.createCredentials()
API was removed. Please use
tls.createSecureContext()
instead.
Type: End-of-Life
The crypto.Credentials
class was removed. Please use tls.SecureContext
instead.
Type: End-of-Life
Domain.dispose()
has been removed. Recover from failed I/O actions
explicitly via error event handlers set on the domain instead.
Type: End-of-Life
Calling an asynchronous function without a callback throws a TypeError
in Node.js 10.0.0 onwards. See nodejs#12562.
Type: End-of-Life
The fs.read()
legacy String
interface is deprecated. Use the Buffer
API as mentioned in the documentation instead.
Type: End-of-Life
The fs.readSync()
legacy String
interface is deprecated. Use the
Buffer
API as mentioned in the documentation instead.
Type: End-of-Life
The GLOBAL
and root
aliases for the global
property were deprecated
in Node.js 6.0.0 and have since been removed.
Type: End-of-Life
Intl.v8BreakIterator
was a non-standard extension and has been removed.
See Intl.Segmenter
.
Type: End-of-Life
Unhandled promise rejections are deprecated. By default, promise rejections
that are not handled terminate the Node.js process with a non-zero exit
code. To change the way Node.js treats unhandled rejections, use the
--unhandled-rejections
command-line option.
Type: End-of-Life
In certain cases, require('.')
could resolve outside the package directory.
This behavior has been removed.
Type: End-of-Life
The Server.connections
property was deprecated in Node.js v0.9.7 and has
been removed. Please use the Server.getConnections()
method instead.
Type: End-of-Life
The Server.listenFD()
method was deprecated and removed. Please use
Server.listen({fd: <number>})
instead.
Type: End-of-Life
The os.tmpDir()
API was deprecated in Node.js 7.0.0 and has since been
removed. Please use os.tmpdir()
instead.
Type: End-of-Life
The os.getNetworkInterfaces()
method is deprecated. Please use the
os.networkInterfaces()
method instead.
Type: End-of-Life
The REPLServer.prototype.convertToContext()
API has been removed.
Type: Runtime
The node:sys
module is deprecated. Please use the util
module instead.
Type: End-of-Life
util.print()
has been removed. Please use console.log()
instead.
Type: End-of-Life
util.puts()
has been removed. Please use console.log()
instead.
Type: End-of-Life
util.debug()
has been removed. Please use console.error()
instead.
Type: End-of-Life
util.error()
has been removed. Please use console.error()
instead.
Type: Documentation-only
The SlowBuffer
class is deprecated. Please use
Buffer.allocUnsafeSlow(size)
instead.
Type: Documentation-only
The ecdh.setPublicKey()
method is now deprecated as its inclusion in the
API is not useful.
Type: Documentation-only
The domain
module is deprecated and should not be used.
Type: Documentation-only
The events.listenerCount(emitter, eventName)
API is
deprecated. Please use emitter.listenerCount(eventName)
instead.
Type: Documentation-only
The fs.exists(path, callback)
API is deprecated. Please use
fs.stat()
or fs.access()
instead.
Type: Documentation-only
The fs.lchmod(path, mode, callback)
API is deprecated.
Type: Documentation-only
The fs.lchmodSync(path, mode)
API is deprecated.
Type: Deprecation revoked
The fs.lchown(path, uid, gid, callback)
API was deprecated. The
deprecation was revoked because the requisite supporting APIs were added in
libuv.
Type: Deprecation revoked
The fs.lchownSync(path, uid, gid)
API was deprecated. The deprecation was
revoked because the requisite supporting APIs were added in libuv.
Type: Documentation-only
The require.extensions
property is deprecated.
Type: Runtime
The punycode
module is deprecated. Please use a userland alternative
instead.
Type: End-of-Life
The NODE_REPL_HISTORY_FILE
environment variable was removed. Please use
NODE_REPL_HISTORY
instead.
Type: End-of-Life
The tls.CryptoStream
class was removed. Please use
tls.TLSSocket
instead.
Type: Documentation-only
The tls.SecurePair
class is deprecated. Please use
tls.TLSSocket
instead.
Type: Runtime
The util.isArray()
API is deprecated. Please use Array.isArray()
instead.
Type: End-of-Life
The util.isBoolean()
API has been removed. Please use
typeof arg === 'boolean'
instead.
Type: End-of-Life
The util.isBuffer()
API has been removed. Please use
Buffer.isBuffer()
instead.
Type: End-of-Life
The util.isDate()
API has been removed. Please use
arg instanceof Date
instead.
Type: End-of-Life
The util.isError()
API has been removed. Please use
Object.prototype.toString(arg) === '[object Error]' || arg instanceof Error
instead.
Type: End-of-Life
The util.isFunction()
API has been removed. Please use
typeof arg === 'function'
instead.
Type: End-of-Life
The util.isNull()
API has been removed. Please use
arg === null
instead.
Type: End-of-Life
The util.isNullOrUndefined()
API has been removed. Please use
arg === null || arg === undefined
instead.
Type: End-of-Life
The util.isNumber()
API has been removed. Please use
typeof arg === 'number'
instead.
Type: End-of-Life
The util.isObject()
API has been removed. Please use
arg && typeof arg === 'object'
instead.
Type: End-of-Life
The util.isPrimitive()
API has been removed. Please use
arg === null || (typeof arg !=='object' && typeof arg !== 'function')
instead.
Type: End-of-Life
The util.isRegExp()
API has been removed. Please use
arg instanceof RegExp
instead.
Type: End-of-Life
The util.isString()
API has been removed. Please use
typeof arg === 'string'
instead.
Type: End-of-Life
The util.isSymbol()
API has been removed. Please use
typeof arg === 'symbol'
instead.
Type: End-of-Life
The util.isUndefined()
API has been removed. Please use
arg === undefined
instead.
Type: End-of-Life
The util.log()
API has been removed because it's an unmaintained
legacy API that was exposed to user land by accident. Instead,
consider the following alternatives based on your specific needs:
-
Third-Party Logging Libraries
-
Use
console.log(new Date().toLocaleString(), message)
By adopting one of these alternatives, you can transition away from util.log()
and choose a logging strategy that aligns with the specific
requirements and complexity of your application.
Type: Runtime
The util._extend()
API is deprecated because it's an unmaintained
legacy API that was exposed to user land by accident.
Please use target = Object.assign(target, source)
instead.
Type: End-of-Life
The fs.SyncWriteStream
class was never intended to be a publicly accessible
API and has been removed. No alternative API is available. Please use a userland
alternative.
Type: End-of-Life
--debug
activates the legacy V8 debugger interface, which was removed as
of V8 5.8. It is replaced by Inspector which is activated with --inspect
instead.
Type: Documentation-only
The node:http
module ServerResponse.prototype.writeHeader()
API is
deprecated. Please use ServerResponse.prototype.writeHead()
instead.
The ServerResponse.prototype.writeHeader()
method was never documented as an
officially supported API.
Type: Runtime
The tls.createSecurePair()
API was deprecated in documentation in Node.js
0.11.3. Users should use tls.Socket
instead.
Type: End-of-Life
The node:repl
module's REPL_MODE_MAGIC
constant, used for replMode
option,
has been removed. Its behavior has been functionally identical to that of
REPL_MODE_SLOPPY
since Node.js 6.0.0, when V8 5.0 was imported. Please use
REPL_MODE_SLOPPY
instead.
The NODE_REPL_MODE
environment variable is used to set the underlying
replMode
of an interactive node
session. Its value, magic
, is also
removed. Please use sloppy
instead.
Type: Runtime
The node:http
module OutgoingMessage.prototype._headers
and
OutgoingMessage.prototype._headerNames
properties are deprecated. Use one of
the public methods (e.g. OutgoingMessage.prototype.getHeader()
,
OutgoingMessage.prototype.getHeaders()
,
OutgoingMessage.prototype.getHeaderNames()
,
OutgoingMessage.prototype.getRawHeaderNames()
,
OutgoingMessage.prototype.hasHeader()
,
OutgoingMessage.prototype.removeHeader()
,
OutgoingMessage.prototype.setHeader()
) for working with outgoing headers.
The OutgoingMessage.prototype._headers
and
OutgoingMessage.prototype._headerNames
properties were never documented as
officially supported properties.
Type: Documentation-only
The node:http
module OutgoingMessage.prototype._renderHeaders()
API is
deprecated.
The OutgoingMessage.prototype._renderHeaders
property was never documented as
an officially supported API.
Type: End-of-Life
node debug
corresponds to the legacy CLI debugger which has been replaced with
a V8-inspector based CLI debugger available through node inspect
.
Type: End-of-Life
DebugContext has been removed in V8 and is not available in Node.js 10+.
DebugContext was an experimental API.
Type: End-of-Life
async_hooks.currentId()
was renamed to async_hooks.executionAsyncId()
for
clarity.
This change was made while async_hooks
was an experimental API.
Type: End-of-Life
async_hooks.triggerId()
was renamed to async_hooks.triggerAsyncId()
for
clarity.
This change was made while async_hooks
was an experimental API.
Type: End-of-Life
async_hooks.AsyncResource.triggerId()
was renamed to
async_hooks.AsyncResource.triggerAsyncId()
for clarity.
This change was made while async_hooks
was an experimental API.
Type: End-of-Life
Accessing several internal, undocumented properties of net.Server
instances
with inappropriate names is deprecated.
As the original API was undocumented and not generally useful for non-internal code, no replacement API is provided.
Type: End-of-Life
The REPLServer.bufferedCommand
property was deprecated in favor of
REPLServer.clearBufferedCommand()
.
Type: End-of-Life
REPLServer.parseREPLKeyword()
was removed from userland visibility.
Type: End-of-Life
tls.parseCertString()
was a trivial parsing helper that was made public by
mistake. While it was supposed to parse certificate subject and issuer strings,
it never handled multi-value Relative Distinguished Names correctly.
Earlier versions of this document suggested using querystring.parse()
as an
alternative to tls.parseCertString()
. However, querystring.parse()
also does
not handle all certificate subjects correctly and should not be used.
Type: Runtime
Module._debug()
is deprecated.
The Module._debug()
function was never documented as an officially
supported API.
Type: End-of-Life
REPLServer.turnOffEditorMode()
was removed from userland visibility.
Type: End-of-Life
Using a property named inspect
on an object to specify a custom inspection
function for util.inspect()
is deprecated. Use util.inspect.custom
instead. For backward compatibility with Node.js prior to version 6.4.0, both
can be specified.
Type: Documentation-only
The internal path._makeLong()
was not intended for public use. However,
userland modules have found it useful. The internal API is deprecated
and replaced with an identical, public path.toNamespacedPath()
method.
Type: Runtime
fs.truncate()
fs.truncateSync()
usage with a file descriptor is
deprecated. Please use fs.ftruncate()
or fs.ftruncateSync()
to work with
file descriptors.
Type: End-of-Life
REPLServer.prototype.memory()
is only necessary for the internal mechanics of
the REPLServer
itself. Do not use this function.
Type: End-of-Life.
The ecdhCurve
option to tls.createSecureContext()
and tls.TLSSocket
could
be set to false
to disable ECDH entirely on the server only. This mode was
deprecated in preparation for migrating to OpenSSL 1.1.0 and consistency with
the client and is now unsupported. Use the ciphers
parameter instead.
Type: End-of-Life
Since Node.js versions 4.4.0 and 5.2.0, several modules only intended for
internal usage were mistakenly exposed to user code through require()
. These
modules were:
v8/tools/codemap
v8/tools/consarray
v8/tools/csvparser
v8/tools/logreader
v8/tools/profile_view
v8/tools/profile
v8/tools/SourceMap
v8/tools/splaytree
v8/tools/tickprocessor-driver
v8/tools/tickprocessor
node-inspect/lib/_inspect
(from 7.6.0)node-inspect/lib/internal/inspect_client
(from 7.6.0)node-inspect/lib/internal/inspect_repl
(from 7.6.0)
The v8/*
modules do not have any exports, and if not imported in a specific
order would in fact throw errors. As such there are virtually no legitimate use
cases for importing them through require()
.
On the other hand, node-inspect
can be installed locally through a package
manager, as it is published on the npm registry under the same name. No source
code modification is necessary if that is done.
Type: End-of-Life
The AsyncHooks sensitive API was never documented and had various minor issues.
Use the AsyncResource
API instead. See
nodejs#15572.
Type: End-of-Life
runInAsyncIdScope
doesn't emit the 'before'
or 'after'
event and can thus
cause a lot of issues. See nodejs#14328.
Type: Deprecation revoked
Importing assert directly was not recommended as the exposed functions use
loose equality checks. The deprecation was revoked because use of the
node:assert
module is not discouraged, and the deprecation caused developer
confusion.
Type: End-of-Life
Node.js used to support all GCM authentication tag lengths which are accepted by
OpenSSL when calling decipher.setAuthTag()
. Beginning with Node.js
v11.0.0, only authentication tag lengths of 128, 120, 112, 104, 96, 64, and 32
bits are allowed. Authentication tags of other lengths are invalid per
NIST SP 800-38D.
Type: End-of-Life
The crypto.DEFAULT_ENCODING
property only existed for compatibility with
Node.js releases prior to versions 0.9.3 and has been removed.
Type: Documentation-only
Assigning properties to the top-level this
as an alternative
to module.exports
is deprecated. Developers should use exports
or module.exports
instead.
Type: Runtime
The crypto.fips
property is deprecated. Please use crypto.setFips()
and crypto.getFips()
instead.
Type: Runtime
Using assert.fail()
with more than one argument is deprecated. Use
assert.fail()
with only one argument or use a different node:assert
module
method.
Type: Runtime
timers.enroll()
is deprecated. Please use the publicly documented
setTimeout()
or setInterval()
instead.
Type: Runtime
timers.unenroll()
is deprecated. Please use the publicly documented
clearTimeout()
or clearInterval()
instead.
Type: Runtime
Users of MakeCallback
that add the domain
property to carry context,
should start using the async_context
variant of MakeCallback
or
CallbackScope
, or the high-level AsyncResource
class.
Type: End-of-Life
The embedded API provided by AsyncHooks exposes .emitBefore()
and
.emitAfter()
methods which are very easy to use incorrectly which can lead
to unrecoverable errors.
Use asyncResource.runInAsyncScope()
API instead which provides a much
safer, and more convenient, alternative. See
nodejs#18513.
Type: Compile-time
Certain versions of node::MakeCallback
APIs available to native addons are
deprecated. Please use the versions of the API that accept an async_context
parameter.
Type: End-of-Life
process.assert()
is deprecated. Please use the assert
module instead.
This was never a documented feature.
Type: End-of-Life
The --with-lttng
compile-time option has been removed.
Type: End-of-Life
Using the noAssert
argument has no functionality anymore. All input is
verified regardless of the value of noAssert
. Skipping the verification
could lead to hard-to-find errors and crashes.
Type: Documentation-only (supports --pending-deprecation
)
Using process.binding()
in general should be avoided. The type checking
methods in particular can be replaced by using util.types
.
This deprecation has been superseded by the deprecation of the
process.binding()
API (DEP0111).
Type: Documentation-only (supports --pending-deprecation
)
When assigning a non-string property to process.env
, the assigned value is
implicitly converted to a string. This behavior is deprecated if the assigned
value is not a string, boolean, or number. In the future, such assignment might
result in a thrown error. Please convert the property to a string before
assigning it to process.env
.
Type: End-of-Life
decipher.finaltol()
has never been documented and was an alias for
decipher.final()
. This API has been removed, and it is recommended to use
decipher.final()
instead.
Type: End-of-Life
crypto.createCipher()
and crypto.createDecipher()
have been removed
as they use a weak key derivation function (MD5 with no salt) and static
initialization vectors.
It is recommended to derive a key using
crypto.pbkdf2()
or crypto.scrypt()
with random salts and to use
crypto.createCipheriv()
and crypto.createDecipheriv()
to obtain the
Cipher
and Decipher
objects respectively.
Type: End-of-Life
This was an undocumented helper function not intended for use outside Node.js core and obsoleted by the removal of NPN (Next Protocol Negotiation) support.
Type: End-of-Life
Deprecated alias for zlib.bytesWritten
. This original name was chosen
because it also made sense to interpret the value as the number of bytes
read by the engine, but is inconsistent with other streams in Node.js that
expose values under these names.
Type: End-of-Life
Some previously supported (but strictly invalid) URLs were accepted through the
http.request()
, http.get()
, https.request()
,
https.get()
, and tls.checkServerIdentity()
APIs because those were
accepted by the legacy url.parse()
API. The mentioned APIs now use the WHATWG
URL parser that requires strictly valid URLs. Passing an invalid URL is
deprecated and support will be removed in the future.
Type: Documentation-only
The produceCachedData
option is deprecated. Use
script.createCachedData()
instead.
Type: Documentation-only (supports --pending-deprecation
)
process.binding()
is for use by Node.js internal code only.
While process.binding()
has not reached End-of-Life status in general, it is
unavailable when the permission model is enabled.
Type: Runtime
The node:dgram
module previously contained several APIs that were never meant
to accessed outside of Node.js core: Socket.prototype._handle
,
Socket.prototype._receiving
, Socket.prototype._bindState
,
Socket.prototype._queue
, Socket.prototype._reuseAddr
,
Socket.prototype._healthCheck()
, Socket.prototype._stopReceiving()
, and
dgram._createSocketHandle()
.
Type: End-of-Life
Cipher.setAuthTag()
and Decipher.getAuthTag()
are no longer available. They
were never documented and would throw when called.
Type: End-of-Life
The crypto._toBuf()
function was not designed to be used by modules outside
of Node.js core and was removed.
Type: Documentation-only (supports --pending-deprecation
)
In recent versions of Node.js, there is no difference between
crypto.randomBytes()
and crypto.pseudoRandomBytes()
. The latter is
deprecated along with the undocumented aliases crypto.prng()
and
crypto.rng()
in favor of crypto.randomBytes()
and might be removed in a
future release.
Type: Deprecation revoked
The legacy URL API is deprecated. This includes url.format()
,
url.parse()
, url.resolve()
, and the legacy urlObject
. Please
use the WHATWG URL API instead.
Type: End-of-Life
Previous versions of Node.js exposed handles to internal native objects through
the _handle
property of the Cipher
, Decipher
, DiffieHellman
,
DiffieHellmanGroup
, ECDH
, Hash
, Hmac
, Sign
, and Verify
classes.
The _handle
property has been removed because improper use of the native
object can lead to crashing the application.
Type: Runtime
Previous versions of Node.js supported dns.lookup()
with a falsy host name
like dns.lookup(false)
due to backward compatibility.
This behavior is undocumented and is thought to be unused in real world apps.
It will become an error in future versions of Node.js.
Type: Documentation-only (supports --pending-deprecation
)
process.binding('uv').errname()
is deprecated. Please use
util.getSystemErrorName()
instead.
Type: End-of-Life
Windows Performance Counter support has been removed from Node.js. The
undocumented COUNTER_NET_SERVER_CONNECTION()
,
COUNTER_NET_SERVER_CONNECTION_CLOSE()
, COUNTER_HTTP_SERVER_REQUEST()
,
COUNTER_HTTP_SERVER_RESPONSE()
, COUNTER_HTTP_CLIENT_REQUEST()
, and
COUNTER_HTTP_CLIENT_RESPONSE()
functions have been deprecated.
Type: Runtime
The undocumented net._setSimultaneousAccepts()
function was originally
intended for debugging and performance tuning when using the
node:child_process
and node:cluster
modules on Windows. The function is not
generally useful and is being removed. See discussion here:
nodejs#18391
Type: Runtime
Please use Server.prototype.setSecureContext()
instead.
Type: Runtime
Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.
Type: End-of-Life
This property is a reference to the instance itself.
Type: Runtime
The node:_stream_wrap
module is deprecated.
Type: Runtime
The previously undocumented timers.active()
is deprecated.
Please use the publicly documented timeout.refresh()
instead.
If re-referencing the timeout is necessary, timeout.ref()
can be used
with no performance impact since Node.js 10.
Type: Runtime
The previously undocumented and "private" timers._unrefActive()
is deprecated.
Please use the publicly documented timeout.refresh()
instead.
If unreferencing the timeout is necessary, timeout.unref()
can be used
with no performance impact since Node.js 10.
Type: Runtime
Modules that have an invalid main
entry (e.g., ./does-not-exist.js
) and
also have an index.js
file in the top level directory will resolve the
index.js
file. That is deprecated and is going to throw an error in future
Node.js versions.
Type: Runtime
The _channel
property of child process objects returned by spawn()
and
similar functions is not intended for public use. Use ChildProcess.channel
instead.
Type: End-of-Life
Use module.createRequire()
instead.
Type: End-of-Life
The legacy HTTP parser, used by default in versions of Node.js prior to 12.0.0,
is deprecated and has been removed in v13.0.0. Prior to v13.0.0, the
--http-parser=legacy
command-line flag could be used to revert to using the
legacy parser.
Type: Runtime
Passing a callback to worker.terminate()
is deprecated. Use the returned
Promise
instead, or a listener to the worker's 'exit'
event.
Type: Documentation-only
Prefer response.socket
over response.connection
and
request.socket
over request.connection
.
Type: Documentation-only (supports --pending-deprecation
)
The process._tickCallback
property was never documented as
an officially supported API.
Type: Runtime
WriteStream.open()
and ReadStream.open()
are undocumented internal
APIs that do not make sense to use in userland. File streams should always be
opened through their corresponding factory methods fs.createWriteStream()
and fs.createReadStream()
) or by passing a file descriptor in options.
Type: Documentation-only
response.finished
indicates whether response.end()
has been
called, not whether 'finish'
has been emitted and the underlying data
is flushed.
Use response.writableFinished
or response.writableEnded
accordingly instead to avoid the ambiguity.
To maintain existing behavior response.finished
should be replaced with
response.writableEnded
.
Type: Runtime
Allowing a fs.FileHandle
object to be closed on garbage collection is
deprecated. In the future, doing so might result in a thrown error that will
terminate the process.
Please ensure that all fs.FileHandle
objects are explicitly closed using
FileHandle.prototype.close()
when the fs.FileHandle
is no longer needed:
const fsPromises = require('node:fs').promises;
async function openAndClose() {
let filehandle;
try {
filehandle = await fsPromises.open('thefile.txt', 'r');
} finally {
if (filehandle !== undefined)
await filehandle.close();
}
}
Type: Documentation-only
process.mainModule
is a CommonJS-only feature while process
global
object is shared with non-CommonJS environment. Its use within ECMAScript
modules is unsupported.
It is deprecated in favor of require.main
, because it serves the same
purpose and is only available on CommonJS environment.
Type: Documentation-only
Calling process.umask()
with no argument causes the process-wide umask to be
written twice. This introduces a race condition between threads, and is a
potential security vulnerability. There is no safe, cross-platform alternative
API.
Type: Documentation-only
Use request.destroy()
instead of request.abort()
.
Type: Documentation-only (supports --pending-deprecation
)
The node:repl
module exported the input and output stream twice. Use .input
instead of .inputStream
and .output
instead of .outputStream
.
Type: Documentation-only
The node:repl
module exports a _builtinLibs
property that contains an array
of built-in modules. It was incomplete so far and instead it's better to rely
upon require('node:module').builtinModules
.
Type: Runtime
Transform._transformState
will be removed in future versions where it is
no longer required due to simplification of the implementation.
Type: Documentation-only (supports --pending-deprecation
)
A CommonJS module can access the first module that required it using
module.parent
. This feature is deprecated because it does not work
consistently in the presence of ECMAScript modules and because it gives an
inaccurate representation of the CommonJS module graph.
Some modules use it to check if they are the entry point of the current process.
Instead, it is recommended to compare require.main
and module
:
if (require.main === module) {
// Code section that will run only if current file is the entry point.
}
When looking for the CommonJS modules that have required the current one,
require.cache
and module.children
can be used:
const moduleParents = Object.values(require.cache)
.filter((m) => m.children.includes(module));
Type: Documentation-only
socket.bufferSize
is just an alias for writable.writableLength
.
Type: Documentation-only
The crypto.Certificate()
constructor is deprecated. Use
static methods of crypto.Certificate()
instead.
Type: Runtime
In future versions of Node.js, recursive
option will be ignored for
fs.rmdir
, fs.rmdirSync
, and fs.promises.rmdir
.
Use fs.rm(path, { recursive: true, force: true })
,
fs.rmSync(path, { recursive: true, force: true })
or
fs.promises.rm(path, { recursive: true, force: true })
instead.
Type: Runtime
Using a trailing "/"
to define subpath folder mappings in the
subpath exports or subpath imports fields is deprecated. Use
subpath patterns instead.
Type: Documentation-only.
Prefer message.socket
over message.connection
.
Type: End-of-Life
The process.config
property provides access to Node.js compile-time settings.
However, the property is mutable and therefore subject to tampering. The ability
to change the value will be removed in a future version of Node.js.
Type: Runtime
Previously, index.js
and extension searching lookups would apply to
import 'pkg'
main entry point resolution, even when resolving ES modules.
With this deprecation, all ES module main entry point resolutions require
an explicit "exports"
or "main"
entry with the exact file extension.
Type: Runtime
The 'gc'
, 'http2'
, and 'http'
{PerformanceEntry} object types have
additional properties assigned to them that provide additional information.
These properties are now available within the standard detail
property
of the PerformanceEntry
object. The existing accessors have been
deprecated and should no longer be used.
Type: End-of-Life
Using a non-nullish non-integer value for family
option, a non-nullish
non-number value for hints
option, a non-nullish non-boolean value for all
option, or a non-nullish non-boolean value for verbatim
option in
dns.lookup()
and dnsPromises.lookup()
throws an
ERR_INVALID_ARG_TYPE
error.
Type: Runtime
The 'hash'
and 'mgf1Hash'
options are replaced with 'hashAlgorithm'
and 'mgf1HashAlgorithm'
.
Type: Runtime
The remapping of specifiers ending in "/"
like import 'pkg/x/'
is deprecated
for package "exports"
and "imports"
pattern resolutions.
Type: Documentation-only
Move to {Stream} API instead, as the http.ClientRequest
,
http.ServerResponse
, and http.IncomingMessage
are all stream-based.
Check stream.destroyed
instead of the .aborted
property, and listen for
'close'
instead of 'abort'
, 'aborted'
event.
The .aborted
property and 'abort'
event are only useful for detecting
.abort()
calls. For closing a request early, use the Stream
.destroy([error])
then check the .destroyed
property and 'close'
event
should have the same effect. The receiving end should also check the
readable.readableEnded
value on http.IncomingMessage
to get whether
it was an aborted or graceful destroy.
Type: End-of-Life
An undocumented feature of Node.js streams was to support thenables in implementation methods. This is now deprecated, use callbacks instead and avoid use of async function for streams implementation methods.
This feature caused users to encounter unexpected problems where the user implements the function in callback style but uses e.g. an async method which would cause an error since mixing promise and callback semantics is not valid.
const w = new Writable({
async final(callback) {
await someOp();
callback();
},
});
Type: Documentation-only
This method was deprecated because it is not compatible with
Uint8Array.prototype.slice()
, which is a superclass of Buffer
.
Use buffer.subarray
which does the same thing instead.
Type: End-of-Life
This error code was removed due to adding more confusion to the errors used for value type validation.
Type: Runtime.
This event was deprecated because it did not work with V8 promise combinators which diminished its usefulness.
Type: Documentation-only
The process._getActiveHandles()
and process._getActiveRequests()
functions are not intended for public use and can be removed in future
releases.
Use process.getActiveResourcesInfo()
to get a list of types of active
resources and not the actual references.
Type: End-of-Life
Implicit coercion of objects with own toString
property, passed as second
parameter in fs.write()
, fs.writeFile()
, fs.appendFile()
,
fs.writeFileSync()
, and fs.appendFileSync()
is deprecated.
Convert them to primitive strings.
Type: Documentation-only
These methods were deprecated because they can be used in a way which does not hold the channel reference alive long enough to receive the events.
Use diagnostics_channel.subscribe(name, onMessage)
or
diagnostics_channel.unsubscribe(name, onMessage)
which does the same
thing instead.
Type: End-of-Life
Values other than undefined
, null
, integer numbers, and integer strings
(e.g., '1'
) are deprecated as value for the code
parameter in
process.exit()
and as value to assign to process.exitCode
.
Type: End-of-Life
The --trace-atomics-wait
flag has been removed because
it uses the V8 hook SetAtomicsWaitCallback
,
that will be removed in a future V8 release.
Type: Runtime
Package imports and exports targets mapping into paths including a double slash (of "/" or "\") are deprecated and will fail with a resolution validation error in a future release. This same deprecation also applies to pattern matches starting or ending in a slash.
Type: Documentation-only
The well-known MODP groups modp1
, modp2
, and modp5
are deprecated because
they are not secure against practical attacks. See RFC 8247 Section 2.4 for
details.
These groups might be removed in future versions of Node.js. Applications that rely on these groups should evaluate using stronger MODP groups instead.
Type: Runtime
The implicit suppression of uncaught exceptions in Node-API callbacks is now deprecated.
Set the flag --force-node-api-uncaught-exceptions-policy
to force Node.js
to emit an 'uncaughtException'
event if the exception is not handled in
Node-API callbacks.
Type: Documentation-only (supports --pending-deprecation
)
url.parse()
behavior is not standardized and prone to errors that
have security implications. Use the WHATWG URL API instead. CVEs are not
issued for url.parse()
vulnerabilities.
Type: Runtime
url.parse()
accepts URLs with ports that are not numbers. This behavior
might result in host name spoofing with unexpected input. These URLs will throw
an error in future versions of Node.js, as the WHATWG URL API does already.
Type: Documentation-only
In a future version of Node.js, message.headers
,
message.headersDistinct
, message.trailers
, and
message.trailersDistinct
will be read-only.
Type: Runtime
In a future version of Node.js, the asyncResource
property will no longer
be added when a function is bound to an AsyncResource
.
Type: Documentation-only
In a future version of Node.js, assert.CallTracker
,
will be removed.
Consider using alternatives such as the mock
helper function.
Type: Runtime
Calling util.promisify
on a function that returns a will ignore
the result of said promise, which can lead to unhandled promise rejections.
Type: Documentation-only
The util.toUSVString()
API is deprecated. Please use
String.prototype.toWellFormed
instead.
Type: Documentation-only
F_OK
, R_OK
, W_OK
and X_OK
getters exposed directly on node:fs
are
deprecated. Get them from fs.constants
or fs.promises.constants
instead.
Type: End-of-Life
The util.types.isWebAssemblyCompiledModule
API has been removed.
Please use value instanceof WebAssembly.Module
instead.
Type: Runtime
The dirent.path
is deprecated due to its lack of consistency across
release lines. Please use dirent.parentPath
instead.
Type: Runtime
Calling Hash
class directly with Hash()
or new Hash()
is
deprecated due to being internals, not intended for public use.
Please use the crypto.createHash()
method to create Hash instances.
Type: Runtime
Calling fs.Stats
class directly with Stats()
or new Stats()
is
deprecated due to being internals, not intended for public use.
Type: Runtime
Calling Hmac
class directly with Hmac()
or new Hmac()
is
deprecated due to being internals, not intended for public use.
Please use the crypto.createHmac()
method to create Hmac instances.
Type: Runtime
Applications that intend to use authentication tags that are shorter than the
default authentication tag length must set the authTagLength
option of the
crypto.createDecipheriv()
function to the appropriate length.
For ciphers in GCM mode, the decipher.setAuthTag()
function accepts
authentication tags of any valid length (see DEP0090). This behavior
is deprecated to better align with recommendations per NIST SP 800-38D.
Type: Documentation-only
OpenSSL 3 has deprecated support for custom engines with a recommendation to
switch to its new provider model. The clientCertEngine
option for
https.request()
, tls.createSecureContext()
, and tls.createServer()
;
the privateKeyEngine
and privateKeyIdentifier
for tls.createSecureContext()
;
and crypto.setEngine()
all depend on this functionality from OpenSSL.
Type: Documentation-only
Instantiating classes without the new
qualifier exported by the node:zlib
module is deprecated.
It is recommended to use the new
qualifier instead. This applies to all Zlib classes, such as Deflate
,
DeflateRaw
, Gunzip
, Inflate
, InflateRaw
, Unzip
, and Zlib
.
Type: Documentation-only
Instantiating classes without the new
qualifier exported by the node:repl
module is deprecated.
It is recommended to use the new
qualifier instead. This applies to all REPL classes, including
REPLServer
and Recoverable
.