You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: apps/site/pages/en/eol.mdx
+10-11Lines changed: 10 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -6,31 +6,30 @@ modal: eol
6
6
7
7
# End-Of-Life (EOL)
8
8
9
-
## What is EOL Software?
9
+
## Why and how Node.js releases reach End-Of-Life
10
10
11
-
End-Of-Life software is software that is no longer maintained by its creators. Node.js has releases going back to 2015, and it's simply not feasible to maintain all release lines in perpetuity. Major versions are released, patched, and designated End-Of-Life on a schedule.
11
+
Major versions of Node.js are released, patched, and designated End-Of-Life on a predictable schedule. As it's not feasible to maintain all release lines in perpetuity, after a planned maintenance period, a Node.js major release line will stop being maintained by the project.
12
12
13
-
[View the Node.js release schedule](/about/releases/).
14
-
15
-
## Why Using EOL Software is Dangerous
13
+
## What Happens When a Release Line Reaches EOL
16
14
17
15
When a version reaches End-Of-Life, it means that it will no longer receive updates, including security patches. This can leave applications running on these versions vulnerable to security issues and bugs that will never be fixed.
18
16
19
-
**End-Of-Life versions are dangerous. They are now completely unsupported**, meaning they receive no updates, including security patches.
20
-
21
-
The security implications are immediate and serious. For example, when new security releases reveal issues and patches against major lines, the security advisory notes, "End-of-Life versions are always affected when a security release occurs", meaning **all earlier versions have these same vulnerabilities but will never receive patches**.
17
+
- No more vulnerability fixes: when new security releases reveal issues and patches in newer major lines, even if the same vulnerability affects EOL release lines, there will not be any new releases for them. Users still clinging on to EOL release lines and using affected code paths will be immediately vulnerable to attacks exploiting these disclosed vulnerabilities.
18
+
- Tool-chain breakage: EOL releases may no longer dynamically link to newer versions of the shared libraries they depend on, blocking or breaking system updates.
19
+
- Ecosystem drift: Many popular user-land packages drop support for EOL Node.js releases over time. When an application has to also cling onto outdated packages, they may suffer from even more unfixed vulnerability and bugs, further drifting away from ecosystem norm.
20
+
- Compliance red flags: Many industry audits forbid unmaintained runtimes.
22
21
23
22
## EOL Versions
24
23
25
24
<EOLTable />
26
25
27
26
## Commercial Support
28
27
29
-
We understand that some organizations face constraints that prevent immediate upgrades, such as legacy codebases, compliance requirements, or complex dependency chains. If your company cannot upgrade immediately but needs continued security support for End-Of-Life versions of Node.js, [**commercial support**](https://www.herodevs.com/support/node-nes?utm_source=NodeJS+&utm_medium=Link&utm_campaign=Nodejs_eol_support)**is available through HeroDevs**.
28
+
Despite the obvious downsides of using EOL releases, in practice, organizations face constraints that prevent immediate upgrades, such as legacy codebases, compliance requirements, or complex dependency chains. For users who cannot upgrade immediately but needs continued security support for End-Of-Life versions of Node.js, commercial support is available through the [OpenJS Ecosystem Sustainability Program](https://openjsf.org/partners) partnership.
30
29
31
-
As part of the [OpenJS Ecosystem Sustainability Program](https://openjsf.org/partners) partnership, HeroDevs provides Never-Ending Support (NES) for Node.js versions past their official maintenance phase. This includes security patches, compliance assistance, and technical support to help bridge the gap while you plan your upgrade strategy.
30
+
Node.js currently partners up with HeroDevs to provide Never-Ending Support (NES) for Node.js versions past their official maintenance phase. This includes security patches, compliance assistance, and technical support to help bridge the gap while you plan your upgrade strategy. For more detailed information, visit the [**HeroDevs Node.js NES page**](https://www.herodevs.com/support/node-nes?utm_source=NodeJS+&utm_medium=Link&utm_campaign=Nodejs_eol_support).
32
31
33
-
However, this should be viewed as a temporary solution—the goal should always be to upgrade to actively supported versions.
32
+
Using EOL releases through NES should be viewed as a temporary solution—the goal should always be to upgrade to actively supported versions.
0 commit comments