Skip to content

Final touches on EOL article #7849

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mcollina merged 2 commits into from
Jun 8, 2025
Merged

Final touches on EOL article #7849

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
813902a
Final touches on EOL article
mcollina Jun 8, 2025
ea3b62b
Update apps/site/pages/en/blog/announcements/node-18-eol-support.md
mcollina Jun 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
11 changes: 7 additions & 4 deletions apps/site/pages/en/blog/announcements/node-18-eol-support.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,16 @@ Many ask, “**Why does the Node.js project not fix vulnerabilities for all rele
If you are looking for additional proof points, here are a few examples of vulnerabilities that older versions of [Node.js](http://Node.js) are impacted:

- [https://nvd.nist.gov/vuln/detail/CVE-2025-23167](https://nvd.nist.gov/vuln/detail/CVE-2025-23167) affects 18, 16, 14 (llhttp) \- medium
- [https://nvd.nist.gov/vuln/detail/CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) affects 16 e 14 (openssl) \- medium
- [https://nvd.nist.gov/vuln/detail/CVE-2024-22019](https://nvd.nist.gov/vuln/detail/CVE-2024-22019) affects 16 e 14 (llhttp) \- high
- [https://nvd.nist.gov/vuln/detail/CVE-2023-5678](https://nvd.nist.gov/vuln/detail/CVE-2023-5678) affects 16, 14 (openssl) \- medium
- [https://nvd.nist.gov/vuln/detail/CVE-2024-22019](https://nvd.nist.gov/vuln/detail/CVE-2024-22019) affects 16, 14 (llhttp) \- high
- [https://nvd.nist.gov/vuln/detail/CVE-2021-39135](https://nvd.nist.gov/vuln/detail/CVE-2021-39135) affects 14 (npm) \- high

This affects a staggering number of projects. Based on download statistics, Node.js v18 still accounts for approximately **50 million monthly downloads**, while legacy versions (v16 and below) continue to see **tens of millions of downloads per month**. That represents countless applications running on known vulnerable, unsupported runtime environments.
This affects a staggering number of projects. Based on download statistics, Node.js v18, the most recent End-of-Life version, still accounts for approximately **50 million monthly downloads**, while earlier legacy versions (v16 and below) continue to see **tens of millions of downloads per month**. That represents countless applications running on known vulnerable, unsupported runtime environments.

\[suggested paragraph on [GitHub \- nodejs/is-my-node-vulnerable: package that checks if your Node.js installation is vulnerable to known security vulnerabilities](https://github.com/nodejs/is-my-node-vulnerable)\]
You can check if your Node.js installation is vulnerable to known security
vulnerabilities using the [is-my-node-vulnerable](https://github.com/nodejs/is-my-node-vulnerable)
package. This tool checks your Node.js version against a database of known
vulnerabilities and provides guidance on whether you need to upgrade.

## Node.js v22: The Smart Long-Term Choice

Expand Down
Loading