JavaScript runtime Node.js 20 introduces experimental access restrictions

The community behind the open-source JavaScript runtime Node.js has released major version 20. In October 2023, it is scheduled to replace the previous release with long-term support – Node.js 18 – and maintain this status until October 2024. The innovations include the introduction of the Permission Model and an update of the JavaScript engine V8 to version 11.3. The Test Runner is now considered stable.

The experimental permission model serves to restrict access to specific resources during execution in order to increase security. The API hides behind the flag --experimental-permission. If the flag is activated, access to all available permissions is restricted.

Currently, the Permission Model refers, among other things, to access to the file system, which includes both writing (--allow-fs-write) as well as reading (--allow-fs-read) regards. Access to the child_process (--allow-child-process) and up worker_threads (--allow-worker) can also be controlled with it.

Examples from the Node.js team show how to set read and write access for the entire file system

$ node --experimental-permission --allow-fs-read=* --allow-fs-write=* index.js

or how write access can refer to a specific folder, in this case /tmp/:

$ node --experimental-permission --allow-fs-write=/tmp/ --allow-fs-read=/home/index.js index.js

Further details on the new permission model can be found in the documentation.

The organizers will judge on June 21 and 22, 2023 dpunkt.verlag, heise Developer and iX the enterprise JavaScript conference enterJS in Darmstadt. JavaScript and TypeScript language innovations, new and established tools and frameworks – including React, SvelteKit and Astro – as well as accessibility and software architecture will be discussed in more than 35 lectures.

All-day workshops are available both on-site and online.

Excerpt from the program:

As usual, the new Node.js version also updates the JavaScript engine used, V8. In version 11.3, which is part of Chromium 113, the engine focuses on higher performance and new language features. These include additional methods for Array.prototype and TypedArray.prototype. They allow changes to the array by making a copy of it with the change. The original remains unchanged.

Beside it has the Node.js module test_runner reached stable status. It contains the building blocks for writing and running tests, including describe, it/testhooks for structuring test files and node --test for running multiple tests in parallel. However, parts of the test runner are still unstable, including reporters and code coverage.

The Node.js blog shows an example use of the test runner:

import { test, mock } from 'node:test';
import assert from 'node:assert';
import fs from 'node:fs';

mock.method(fs, 'readFile', async () => "Hello World");
test('synchronous passing test', async 
  // This test passes because it does not throw an exception.
  assert.strictEqual(await fs.readFile('a.txt'), "Hello World");

In addition to these innovations, Node.js 20 also emphasizes performance, especially since a new dedicated performance team was involved in the development. Various parts of the runtime have undergone an overhaul, for example URL, fetch() and EventTarget.

All further details can be found in the Node.js blog and in the release notes.


To home page

Related Posts

Hot News


usefull links

robis robis robis