Node.js 25 Release Notes
The Node.js 25 release introduces significant performance, security, and API improvements, continuing to align Node.js more closely with modern web standards. This version focuses on faster execution, enhanced developer experience, and more secure-by-default configurations.
- Upgraded V8 engine to version 14.1, delivering faster
JSON.stringify()operations. - New built-in Base64 and Hex conversion for
Uint8Array. - Improvements to WebAssembly and JIT pipeline optimization.
- Expanded Permission Model with
--allow-netfor fine-grained network control. - Web Storage API enabled by default, providing consistent browser-like data handling.
- ErrorEvent is now available as a global object.
- Deprecated APIs like
SlowBufferhave been fully removed. - Added portable compile cache for faster startup across different environments.
- Introduced JSPI (JavaScript Promise Integration) for WebAssembly.
Performance Improvements
Node.js 25 delivers noticeable speed gains through its upgraded V8 14.1 engine.
The new engine improves JSON.stringify() performance, particularly for large or deeply nested objects,
making data serialization faster and more efficient.
In addition, built-in support for converting Uint8Array data to base64 and hex
formats reduces the need for external utilities, streamlining encoding operations in high-performance applications.
Ongoing optimizations in WebAssembly and the Just-In-Time (JIT) compilation pipeline also contribute to faster execution times and smoother integration between JavaScript and native code modules.
Security and Permissions
Security is a key focus in Node.js 25. The Permission Model continues to evolve,
allowing developers to define clear runtime access boundaries. A new flag, --allow-net,
enables fine-grained network access control, helping prevent unintended outbound connections.
Node.js is moving toward a secure-by-default philosophy — applications now require explicit permission for sensitive operations, reducing the attack surface and promoting safer deployment practices.
Web Standard Enhancements
Node.js 25 continues improving web compatibility by enabling more standardized APIs by default:
- Web Storage API (
localStorage/sessionStorage) is now active by default. - ErrorEvent is available globally, improving error handling consistency with browsers.
- JSPI (JavaScript Promise Integration) support for WebAssembly simplifies bridging async JavaScript and WASM functions.
Deprecated and Removed APIs
Several long-deprecated APIs have been officially removed in this release to streamline maintenance and encourage modern best practices.
The most notable removal is SlowBuffer, which had been deprecated for multiple versions.
Developers are encouraged to migrate existing code to use Buffer.allocUnsafe() or Buffer.from()
as safer and more efficient alternatives.
Developer Experience Improvements
Node.js 25 enhances the developer workflow with a portable compile cache, improving cold-start performance across different machines and environments. This means cached compilation artifacts can be reused more efficiently, reducing startup times for large applications.
Conclusion
The Node.js 25 release focuses on performance, security, and standards compliance. By upgrading to the latest V8 engine, improving WebAssembly and permission models, and cleaning up deprecated APIs, Node.js continues evolving into a faster, safer, and more modern runtime for JavaScript developers.