Node.js 20 Release Notes
Node.js 20.0.0 is a major version that brings experimental tools, speed boosts, and fresh dependencies. It adds a new Permission Model to limit access, makes the Test Runner stable for real-world use, and switches to the faster Ada 2.0 URL parser. This release focuses on security, better module handling, and support for new hardware like ARM64 on Windows.
Key updates include changes to custom ESM loaders for safer code isolation, upgrades to the V8 engine for modern JavaScript, and improvements in Web Crypto for web standards. Node.js 20 enters Long Term Support with active maintenance until April 2026, making it a solid choice for production apps. It includes over 100 commits across core areas, with fixes for stability and performance in servers, scripts, and tools.
Permission Model
This experimental feature helps control what code can access, like files, child processes, or worker threads. Turn it on with the --experimental-permission flag to block risky actions and protect sensitive data.
It runs checks before operations, so apps can run untrusted code safely. This is great for shared environments or when loading third-party modules without full trust.
Custom ESM Loader Hooks
Loader hooks now work on their own thread, separate from your main app code. This stops issues where loaders might mess with the rest of the program.
import.meta.resolve() works right away without waiting, just like in browsers. You can also use async hooks for resolving modules, giving more flexibility in how imports load.
V8 Engine Updates
Node.js 20 uses V8 version 11.3 from Chromium 113. This adds three new JavaScript features, like better array handling and faster execution for common tasks.
The update improves overall speed and memory use, especially for apps with lots of dynamic code. It also fixes some build issues on Windows for smoother development.
Stable Test Runner
The test_runner module is now ready for production -- no more experimental label. It lets you write and run tests right in Node.js without extra tools.
Features include subtests for grouping, hooks for setup and teardown, and watch mode for quick re-runs. This makes testing faster and easier to integrate into your workflow.
Ada 2.0 URL Parser
The new Ada 2.0 parser is much quicker at handling URLs. It speeds up functions like url.domainToASCII and url.domainToUnicode without needing ICU for hostnames.
This cuts down on startup time and memory for apps that parse lots of links, like web servers or crawlers. It's a drop-in replacement with better efficiency.
Single Executable Apps (SEA)
Building SEAs now uses a JSON config to inject a blob, instead of plain JS files. This lets you pack multiple files into one executable for easy sharing.
It's simpler to bundle resources like scripts and data, making standalone apps more portable across machines without install steps.
Web Crypto API Improvements
Arguments in Web Crypto now follow WebIDL rules for checking and converting. This matches what browsers do, so code works the same across platforms.
Better validation means fewer errors in encryption or signing tasks, and it opens doors for sharing crypto logic between Node.js and web apps.
ARM64 Windows Support
Official builds now cover ARM64 on Windows, with MSI installers, zips, and executables. The test system runs full checks on this setup.
This brings Node.js to more devices, like new Windows laptops with ARM chips, for native speed without emulation.
WASI Version Changes
Creating a new WASI() instance requires picking a version -- no automatic default anymore. Update your code to specify one explicitly.
This ensures compatibility as WASI evolves, helping WebAssembly apps run consistently in different Node.js setups.
Deprecations
url.parse() warns if you pass invalid ports -- it will error out later. Switch to the WHATWG URL API for future-proof parsing.
Other deprecations include old crypto constants like SSL_OP_* and ALPN_ENABLED, pushing toward secure modern options.
Breaking Changes
Several updates might need code tweaks. For example, process.exit() no longer forces numbers to integers, and HTTP servers reject array options.
The File class is now stable and global. Buffer and stream encodings get stricter checks, and net connections auto-pick families by default.
V8 bumps to version 115, so native addons must rebuild. Crypto drops old defaults like DEFAULT_ENCODING, and async hooks deprecate the bind property.
Migration and Support
Moving to Node.js 20 is mostly smooth, but test for deprecations and rebuild addons. Use node --test to check the stable runner, and add versions to WASI calls.
For HTTP, avoid array options and handle port warnings in URLs. Crypto users should drop obsolete constants. Full LTS support runs until April 2026, with security fixes beyond.
Start new projects here for the latest features, but stick to 18 LTS for critical apps until you're ready. Docs and tools help spot issues during upgrades.