End-Of-Life (EOL)
What is EOL Software?
End-Of-Life software is software that is no longer maintained by its creators. Node.js has releases going back to 2015, and it's simply not feasible to maintain all release lines in perpetuity. Major versions are released, patched, and designated End-Of-Life on a schedule.
View the Node.js release schedule.
Why Using EOL Software is Dangerous
When a version reaches End-Of-Life, it means that it will no longer receive updates, including security patches. This can leave applications running on these versions vulnerable to security issues and bugs that will never be fixed.
End-Of-Life versions are dangerous. They are now completely unsupported, meaning they receive no updates, including security patches.
The security implications are immediate and serious. For example, when new security releases reveal issues and patches against major lines, the security advisory notes, "End-of-Life versions are always affected when a security release occurs", meaning all earlier versions have these same vulnerabilities but will never receive patches.
EOL Versions
| Node.js (コードネーム) | 最終更新日 | Vulnerabilities | Details |
|---|---|---|---|
| v23 | 2High2Medium | 詳細 | |
| v21 | 7High5Medium | 詳細 | |
| v19 | 1High3Medium2Low | 詳細 | |
| v18 (Hydrogen) | 15High19Medium4Low | 詳細 | |
| v17 | 1High3Medium1Low | 詳細 | |
| v16 (Gallium) | 11High18Medium4Low | 詳細 | |
| v15 | 1Critical6High1Medium1Low | 詳細 | |
| v14 (Fermium) | 2Critical16High16Medium5Low | 詳細 | |
| v13 | 1Critical2High | 詳細 | |
| v12 (Erbium) | 3Critical17High9Medium3Low | 詳細 | |
| v11 | 3High1Medium | 詳細 | |
| v10 (Dubnium) | 3Critical18High3Medium1Low | 詳細 | |
| v9 | 1Critical5High1Medium1Low | 詳細 | |
| v8 (Carbon) | 1Critical13High2Medium1Low | 詳細 | |
| v7 | 4High2Medium | 詳細 | |
| v6 (Boron) | 1Critical18High12Medium | 詳細 | |
| v5 | 16High8Medium | 詳細 | |
| v4 (Argon) | 2Critical18High9Medium | 詳細 | |
| v0 | 2Critical4High | 詳細 |
Commercial Support
We understand that some organizations face constraints that prevent immediate upgrades, such as legacy codebases, compliance requirements, or complex dependency chains. If your company cannot upgrade immediately but needs continued security support for End-Of-Life versions of Node.js, commercial support is available through HeroDevs.
As part of the OpenJS Ecosystem Sustainability Program partnership, HeroDevs provides Never-Ending Support (NES) for Node.js versions past their official maintenance phase. This includes security patches, compliance assistance, and technical support to help bridge the gap while you plan your upgrade strategy.
However, this should be viewed as a temporary solution—the goal should always be to upgrade to actively supported versions.