Tag: NodeSource

NodeSource Team Supports JSConf Colombia for the Event’s 10th Anniversary

Posted on by

Over a thousand developers gathered together two weeks ago to engage in all things JavaScript at the sold-out JSConf Colombia (https://www.jsconf.co/) while celebrating its 10th year in Medellin. Our NodeSource team members (current and past) played impactful roles in leading, planning, and speaking to support the community event. We are incredibly proud of our Colombian team members, who are a massive part of creating our best-in-class OSS N|Solid Runtime and premium platform N|Solid Pro.

Adrian Estrada, our VP of Engineering and OpenJS Foundation Board Member, has been a key leader for years in supporting Colombia’s Node.js and JS community. His great passion for technology and enabling people to develop and grow makes him a fantastic leader for our global engineering team and community engagement. Alongside Adrian, Julian Duque, a NodeSource alumni, has also been instrumental in the Colombian JavaScript community. His leadership and contributions have significantly shaped the region’s JavaScript development landscape. Julian’s efforts, combined with Adrian’s dedication, underscore the deep involvement and influence NodeSource has in nurturing and advancing the tech community in Colombia.

This event has had an incredible decade-long run, with a commitment to breaking down barriers, promoting accessibility, and creating a space that champions diversity. As the last in the series, the community was committed to making this final event one to remember.

The event opened to local musicians on stage, setting the tone for a joyous and creative experience. Talks at the event showcased the diversity of the community, including topics like “Making Art with JavaScript and Garbage,” “Unlock the Power of JavaScript Generators,” “IDX, WebIDE’s and the Future of JavaScript Debugging,” and the AI-themed “Chatting with the Canvas; How to Assemble Art from AI Image Prompts.”

Jessica Felix highlighted N|Solid, our product, emphasizing its significance in modern Node.js development and performance analysis. This array of topics underlined JavaScript’s dynamic and multifaceted nature, catering to a wide range of interests and expertise within the community.

NodeSource Alumni and JS Rockstar Erick Wendel shared his knowledge about “How to consume gigabytes of data in JavaScript without slowing down applications.”

And one of our current team members, the talented Juan José Arboleda, challenged the attendees that “JavaScript can be as fast as C++.”

Colombia has long been a crucial part of NodeSource, and the talent and energy from the region have produced many great team members. Like Maria Fernanda Serna and NodeSource Alumni Liz Parody, who helped organize this year’s event, we have enjoyed the spirit and talents of this region. Colombia has also been a place where we give back. From these community events to where we planted trees for every customer in our NodeForest campaign, Colombia is ¡Qué nota de lugar! (a fantastic place!).

In keeping with this spirit of community and innovation, a new event is being born to replace JSConf Colombia. It will be announced soon and is set to happen in October 2024. This upcoming event, which includes some of the organizers of JSConf Colombia, will continue to foster the region’s vibrant tech community. NodeSource will also continue to support this initiative, highlighting its ongoing commitment to the Colombian tech scene.

Advancing the NodeSource Node.js Package Repo (Including User-Requested Upgrades!)

Posted on by

For over a decade, NodeSource has developed and maintained a Node.js package repository that, has become the standard for production use globally. We are excited to announce some significant updates to this repo that include a large number of items related to user requests. (Note that there is an important point in the section below about using the new repo as the old repo will remain available but no longer be supported with new versions)

We handle over 100 million downloads of the open-source binaries each year, developers rely on our timely releases (fastest in the ecosystem) and tooling to simplify their use of the Node.js Runtime. Every time there is a release, including security updates, our team delivers updates in less than 48 hours.

Img 1- Type of Distributions

As part of our ongoing commitment to the ecosystem, we want to ensure that developers who rely on our repository have access to a robust and efficient resource led by our Node experts. A key objective with this update was to enhance the Node.js package distribution experience, making it more intuitive, feature-rich, and responsive to user needs. In the following sections, we’ll dive into the improvements we’ve made, highlighting the changes that promise to make your development journey easier.

Check it out HERE and let us know your thoughts!

New Features

Version Choice (Made Easy): We have added versatility with the latest update to our repository, gone are the days of being locked into the latest Node.js release. Now, you can choose the specific version of Node.js you need to tailor your environment to the unique needs of your project.

Universal distribution support: Say goodbye to server customization and compatibility concerns. Our repository now seamlessly supports all distributions. You don’t need to adjust for each new OS version, all are supported out-of-the-box.

Seamless CDN transition: We’ve revamped our CDN provider to address cache-related issues. This change ensures a smoother, more reliable experience and eliminates cache-related hiccups..

Streamlined installation requirements: Installing Node.js should be a snap. That’s why we’ve carefully configured the necessary installation requirements. The package now includes the required glibc and Python3 configurations, making the setup more accessible.

Simplified installation process: Recognizing the diversity of our user base, we’ve redesigned the installation process—no more complex scripts to decipher. Instead, we’ve streamlined it to a few simple lines of code. Installation is now easy and accessible for users of all skill levels.

These improvements demonstrate our commitment to providing a repository experience that keeps pace with technological demands and prioritizes user convenience and satisfaction.

⚠️ IMPORTANT: Use the new repository!

Failing to migrate to the new repository could be significant, most notably is the potential denial of access to the latest versions of Node.js. Because these latest versions will be distributed exclusively through the new repository, those who do not migrate will miss important updates, improvements, and features.

For more information on the new repository including details regarding the migration process, we recommend you visit the following link for the repository wiki, which provides comprehensive information on making a successful transition.

Our Distributions Journey

Our mission to help developers gain access to Node.js and enable the enterprise to adopt it safely has been a key driver for our binary distribution effort. We have seen tremendous growth in the number of downloads every year from our distributions across the globe.

Img 2- Request per Country and Data Transfer by Country per 24H

Our flagship product, N|Solid, an enterprise-grade version of the Node.js Runtime, is a testament to this devotion to OSS, and was a key part of why we created this repo that is used by millions of developers to power a massive number of applications. Our Node and Infra experts will continue to support this repo for the community with great pride.

> This repository has seen a staggering number of annual package downloads, over 120 million, and a data consumption rate of around 300 terabytes per month. This endeavor hasn’t been without its challenges, as maintaining such a repository has required extraordinary dedication and effort.

Earlier this year we made the decision to open-source our N|Solid Runtime marking a key turning point for NodeSource, inspiring us to extend our commitment to the repository. (The OSS version of N|Solid will be available in October of this year)

_> Recognizing the symbiotic relationship between Node.js and N|Solid, we decided to merge their paths. _

By distributing Node.js and N|Solid together, we’re creating a unified ecosystem that takes advantage of the power of Node combined with the advancements of N|Solid. This dynamic coupling invites those familiar with our repository to explore what we refer to as “enterprise Node.js,” or the Node.js that enterprises have been waiting for. This synergy is a testament to our commitment to both the Node.js community and the growth of enterprise-grade solutions.

Conclusion

As we embark on this transformative phase, we reflect on our journey in this ecosystem. We’ve been privileged to play a role in supporting developers and companies, and we’re excited to further enhance our collaboration.

Today, we invite you to explore our new repository, HERE, – a hub of choice and compatibility, empowering you to select the Node.js version that suits your needs. But that’s just the beginning of the story. If you are interested in our Enterprise version N|Solid it’s available to you for FREE with additional pricing packages for larger projects/teams and support.

Stay tuned for further enhancements as we refine and enrich your experience.Thank you for being a part of our journey. Here’s to many more years of collaboration and growth!

About NodeSource, Inc.

NodeSource, Inc. is a technology company completely focused on Node.js and is dedicated to helping organizations and developers leverage the power of this technology. We offer the leading APM for monitoring and securing Node.js and provide world-class support and consulting services to help organizations navigate their Node.js journey. #KnowYourNode. For more information, visit NodeSource.com and follow @NodeSource on Twitter.

Strengthening Node.js Security: NodeSource-GitHub Partnership

Posted on by

Strengthening Node.js Security: NodeSource and GitHub Partner to Boost Security for Software Developers

The NodeSource-GitHub partnership is a game-changer for developers seeking to build secure applications directly integrating NCM’s (Node Certified Modules) powerful security features into their GitHub Actions workflow. With our NCM GitHub App developers can easily add NCM to their repositories, configure organization-wide rules for vulnerability scanning and approval processes, and receive real-time reports on vulnerabilities in pull requests and deployment workflows that target a GitHub environment.

NCM is a core feature of N|Solid, providing enhanced security for Node.js applications in production environments. We help organizations & developers use Node to its fullest through __N|Solid__, the world’s best Node.js observability and security tool built on top of the Node.js runtime. It provides a secure environment for running Node.js applications and advanced features such as worker threads monitoring, memory leak detection, and CPU profiling.

This new integration with GitHub Actions Deployment Protection Rules streamlines managing open-source Node packages, ensuring compliance with licensing requirements, and helps developers proactively identify and mitigate security risks before they deploy their Node.js applications using GitHub Actions Workflows. It adds a valuable layer of security to the development and deployment workflows, enabling developers to identify and fix vulnerabilities before they become major security breaches, ultimately safeguarding Node.js applications and protecting critical data.

Simplifying Vulnerability Management for Open-Source Dependencies

Node.js applications and services rely heavily on open-source Node packages for their source code. Unfortunately, many of these packages have publicly disclosed vulnerabilities, often ignored or overlooked by developers. This can leave applications vulnerable to malicious code execution and secret leaks, potentially resulting in significant security breaches.

To mitigate this risk, developers must be vigilant when selecting and using Node packages in their projects and take prompt action when vulnerabilities are discovered. This requires staying informed about potential security issues and planning to address them.

NCM integration with GitHub Actions Deployment Protection Rules simplifies managing open-source Node packages. Users can add the NCM GitHub App to their repositories via the GitHub Marketplace and check NCM results in the Accounts Portal for every action, such as Pull Requests or Deployments.

With this integration, devs can:

Set up repositories to use the NCM GitHub App by searching and adding it via the GitHub Marketplace or using a direct link from the NodeSource Accounts Portal.

Check the NodeSource Accounts Portal for NCM results related to actions such as Pull Requests or Deployments configured in GitHub repositories.

NCM analyzes and approves or rejects every deployment flow based on organization-configured rules, ensuring secure project deployments.

Receive detailed reports attached to every Pull Request and deployment in configured repositories, indicating NCM’s findings with green or red status markers, helping users make informed security decisions.

Now, with the integration of NCM (Node Certified Modules) directly into N|Solid Console and through the __GitHub Marketplace__, users can access even more powerful toolsets for managing their Node.js applications. This integration streamlines managing open-source Node packages, allowing users to easily track and monitor package dependencies, scan for vulnerabilities, and ensure compliance with licensing requirements.

By leveraging the power of NCM within N|Solid Console and the GitHub Marketplace, organizations can effectively enhance their applications’ security and compliance while ensuring their stability and reliability. NCM provides a robust solution to proactively identify and address security risks, maintain compliance, and improve application performance. It empowers organizations to build and deploy secure, reliable, and compliant applications, ultimately protecting their reputation and mitigating risks associated with security breaches and compliance violations.

NCM is a powerful tool that greatly enhances application security, compliance, stability, and reliability. Organizations can proactively mitigate security risks, maintain compliance, and ensure application stability by integrating NCM into the deployment flow through N|Solid Console and the GitHub Marketplace. Embracing NCM as a part of the development process is a prudent choice for organizations prioritizing application security, compliance, and reliability in today’s dynamic software development landscape.

NCM – Deployment Protection Rule

GitHub Marketplace offers a range of third-party applications and services, such as code analysis tools, project management tools, continuous integration, deployment (CI/CD) tools, and security tools, among others, that can be integrated into pull requests and deployment workflows with GitHub Actions.

With its powerful feature set and certification program, NCM is an essential tool for any developer working with open-source Node packages.

Related Content

Unleashing the Power of NCM – https://nsrc.io/UnleashingNCM

Vulnerability Scanning with NCM – https://nsrc.io/VulnerabilityScanningNS

Avoiding npm substitution attacks using NCM – https://nsrc.io/AvoidAttackswithNCM

Experience the Power of N|Solid

To get the best out of Node.js and experience the benefits of its integrated features, including OpenTelemetry support, SBOM integration, and machine learning capabilities.✍️ Sign up for a free trial and see how N|Solid can help you achieve your development and operations goals. #KnowyourNode

Announcing The NodeSource-GitHub Partnership

Posted on by

NODESOURCE PARTNERS WITH GITHUB
For Immediate Release

NodeSource enhances Node.js application security with the NCM integration for GitHub Deployment Protection Rules.

[Seattle, WA, April 13th, 2023] – NodeSource, a leader in Node.js application management, monitoring, and security, is excited to announce our partnership as a launch partner for Deployment Protection Rules with GitHub Actions, the world’s largest software development platform, to integrate Node Certified Modules (NCM) directly into the GitHub Marketplace. This integration brings enhanced security capabilities to the development process in Node.js applications, mitigating vulnerabilities and ensuring compliance with licensing requirements.

Node.js applications and services heavily rely on open-source Node packages for their source code. However, many of these packages may have publicly disclosed vulnerabilities often ignored or overlooked by developers, leaving applications at risk of malicious code execution and data leaks. To address this challenge, NodeSource has developed NCM, a powerful tool that scans for vulnerabilities, tracks package dependencies, and ensures compliance with licensing requirements.

“By enabling partners like NodeSource to create Deployment Protection Rules for users of GitHub Actions, organizations can now leverage NodeSource’s vulnerability management tools to identify security risks and maintain compliance before their applications are deployed to production. These improvements and new controls underscore GitHub’s commitment to empowering developers while enhancing governance, code quality, and security within GitHub Actions.” – Jamie Jones, GitHub VP of Technical Partnerships & Field Services. With NCM GitHub App for [Deployment ProtectionRules]https://github.blog/2023-04-20-announcing-github-actions-deployment-protection-rules-now-in-public-beta, developers can easily add NCM to their repositories, configure organization-wide rules for vulnerability scanning and approval processes.

With the integration of NCM for GitHub Deployment Protection Rules, users can now easily add and configure the NCM app into their GitHub repositories. This allows developers to seamlessly incorporate NCM into their workflow, with every deployment being analyzed and approved or rejected based on organization-configured rules for NCM. NCM provides a comprehensive report for every Pull Request, helping developers identify and mitigate security risks during code reviews. Check the NCM GitHub App.

“NodeSource is committed to providing the Node.js community with the tools and capabilities needed to secure their applications and mitigate risks associated with open-source packages,” said __Russ Whitman, CEO of NodeSource__. “Our partnership with GitHub further strengthens our mission, allowing users to easily access and utilize NCM within their GitHub Actions workflow, ensuring that their Node.js applications remain secure and reliable.”

NodeSource’s NCM also works offline, providing flexibility and convenience for developers in various development environments. NCM offers a comprehensive solution for managing Node.js application dependencies and assessing security vulnerabilities, license concerns, code risks, and code quality.

“Security is a top priority for NodeSource and our community of developers. We are thrilled to be a launch partner for GitHub Deployment Protection Rules and integrate NCM into GitHub Actions, providing our users with a powerful tool for securing their Node.js applications,” said __Adrian Estrada, VP of Technology of NodeSource__. “With NCM’s capabilities seamlessly integrated into GitHub Deployment Protection Rules, developers can now easily track and manage their package dependencies, ensuring that their applications remain secure and compliant.”

Node.js application security is of utmost importance, especially in today’s threat landscape, where supply chain attacks are becoming more prevalent. By leveraging NCM’s capabilities within their GitHub Actions workflows, developers can significantly reduce the risk of vulnerabilities in their Node.js applications, ensuring that their codebase remains secure and reliable.

About NodeSource:

NodeSource is a leading provider of Node.js application management solutions, Node.js Support and services, helping organizations successfully scale and secure their Node.js applications. Node Certified Modules (NCM) is a comprehensive tool that offers visibility, security, and governance for managing Node.js application dependencies. With its powerful features, NCM ensures that Node.js applications remain secure, reliable, and compliant with licensing requirements. For more information, visit www.nodesource.com.

About GitHub:

GitHub is the world’s largest software development platform, providing a collaborative environment for millions of developers to build, test, and deploy their software. GitHub offers many tools and integrations for efficient software development and secure collaboration. For more information, visit www.github.com.

Media Contact:
Russ Whitman
CEO NodeSource
[email protected]

Nodesource introduces Machine learning on its N|Solid platform to help make better Node Apps

Posted on by

N|Solid is an incredibly versatile platform for helping developers and devops engineers build and manage highly performant and secure Node.js web applications. With the advancement of machine learning you can unlock even more potential. Our M/L solution is a powerful tool that can increase the quality of user experience and boost efficiency for organizations with their Node.js applications. In this article, we’ll explore what machine learning is and how you can use it within N|Solid, pluswe’ll provide tips and best practices for leveraging this new capability to get the most out of your Node.js project.

AI – growing in value in the software development lifecycle

Img #1 AI vs ML concepts

Put in context, artificial intelligence refers to the general ability of computers to emulate human thought and perform tasks in real-world environments, while machine learning refers to the technologies and algorithms that enable systems to identify patterns, make decisions, and improve themselves through experience. — https://ai.engineering.columbia.edu

The technology world has been abuzz with the growing hype of artificial intelligence (AI). This is understandable as AI promises to revolutionize business and everyday life; from self-driving cars to automated customer service, AI will shape the future of our civilization. As technology continues to advance, the potential applications for AI are seemingly endless.

AI and ML (Machine Learning) are closely related, but not identical. AI is the broader concept of machines being able to perform tasks that would normally require human intelligence, such as visual perception, speech recognition, decision-making, and language understanding. ML is a specific subset of AI that is focused on the development of algorithms and statistical models that allow computers to “learn” from data, without being explicitly programmed. In other words, ML is a method for achieving AI.

ML and AI can help developers build better software in several ways. Some examples include:

Automating repetitive tasks: ML algorithms can be used to automate repetitive tasks that would otherwise require human intervention. For example, a ML model could be trained to automatically classify and categorize emails, reducing the need for manual sorting.

Improving software performance: ML algorithms can be used to optimize the performance of software systems. For example, a ML model could be trained to predict the load on a server, allowing the software to dynamically adjust its resource usage in response.

Enhancing the user experience: AI-powered software can provide a more personalized and intuitive experience for users. For example, a chatbot powered by natural language processing (NLP) could be used to provide customer service, or a recommendation system powered by ML could be used to suggest products to customers.

Predictive Maintenance: AI and ML algorithms can be used to predict when a machine or equipment is likely to fail, allowing maintenance to be performed before the failure occurs.

Identify and Fix Bugs: AI and ML can be used to automatically identify and fix software bugs, reducing the need for human intervention.

Improve Cybersecurity: AI and ML can be used to identify and mitigate cyber threats and detect suspicious activity on a network, which help to improve cybersecurity.

We believe there is great promise for developers to leverage new tooling that helps them focus on the solution and resolve issues as fast as possible, reducing security risks and deliver amazing user experiences. We see AI and ML as a major step forward to build better software.

Node.js expose the potential of AI.

Img 2 – AI Frameworks

We believe Node.js is a powerful technology for leveraging the potential of AI. It allows developers to easily create and manage AI applications, as it features extensive APIs for interacting with AI-related services. With Node.js, developers can create AI-backed applications that can be deployed across various platforms, making it an invaluable asset for businesses looking to leverage the power of AI.

The combination of Node.js and AI will also make it possible to create sophisticated applications that can interpret data in real-time, allowing businesses to improve their customer experience dramatically. As AI advances, Node.js will be a key tool in helping developers make the most out of the technology.

Recently there are several AI projects that are ushering a massive wave of exploration. OpenAI and its ChatGPT has become one of the fastest tools ever adopted. We are impressed with the incredible progress of the OpenAI project and many others,we continue to study, experiment, and review implementations of these technologies and their potential for the ecosystem.

Links to other cool resources

GitHub OpenAI: https://github.com/openai/openai-quickstart-node

OpenAI Docs: https://beta.openai.com/docs/quickstart

Already, Node.js is being used by many companies to power their AI-driven applications, and this trend will only continue as more companies seek to take advantage of the power of AI. Node.js also allows developers to quickly set up and deploy AI-driven applications, further accelerating the development process. With Node.js and AI, businesses can create smarter, faster, and more efficient applications.

Nodesource Introduces Machine learning in N|Solid platform

N|Solid is a Node.js platform with an integrated AI development environment.

This feature allows for training models that will later detect similar patterns in your application data and fire custom events.

It also offers advanced analytics capabilities and support for various AI technologies, making it a powerful tool for businesses looking to capitalize on the potential of AI.

Img 3 – ML Feature Cover

N|Solid is part of a larger trend toward making AI and ML more accessible to developers, helping to utilize these advancements to deliver software solutions.. By providing an integrated platform for Node.js in production, N|Solid is making it easier for businesses to create sophisticated AI-driven models and reap the benefits that come with them.

Developers can start using this new feature in N|Solid immediately to:

Identify performance issues and present insights to resolve quickly
Apply insights across multiple applications
Smart analysis and detection of common Node.js performance issues with the bundled models we provide
Training of custom models to detect specific problems
Global notifications and events tracking for processes and applications

Below you will see ML in action inside N|Solid.

Machine Learning UI

In the N|Solid Console, the Machine Learning feature can be accessed from the app summary or process detail views.

Each handles different data sets and will have a different effect on the model you train.

Training ML Models

The Machine Learning models can be trained using two kinds of data sets. The models trained in the app summary view will use the aggregated data of all the processes running inside the app.

On the other hand, the models trained in the process detail view will use process-specific data.

Train a model in the app summary view.

When a process/app is first connected, it will take a certain amount of data to be successfully trained; you will find a progress loader under process configuration:

To train a model in an app summary page, click on Train ML Model button.

Train a model in a process detail view.

To train a model in a process detail page, click on Train ML Model button.

Modal creation and training

After clicking on the Train ML Model button, a modal will open; here, you can create, filter, and train models; this modal is the same for both pages.

To create a model, click on CREATE NEW MODEL.

Name and briefly describe the model, then save.

Select the created modal and click on ‘TRAIN.’

When the trained model finds a data pattern similar to the one it was trained with, it will fire an event and show a banner on top of the navbar.

Click on View Event to be redirected to the events tab; here, you will find the most recent machine learning event.

The events will also appear in the application status section; clicking on VIEW ANOMALIES will redirect to the events tab.

Manage the default and custom models.

Machine Learning models can be administered in the settings tab, where you will find a set of default models and the user-trained models; here, the frequency of events being fired can be modified, and the custom user models can be deactivated, deleted, or edited.

For a full reset of the created models, click on RESET MODELS.

Custom user models have edit and delete icons; these models are found beneath the default models.

PLEASE NOTE Only the name and description of the user-created model can be edited; if you want to change the model data, please retrain the model in-app summary or in the process detail pages. Default models are activated by default; these can only be activated or deactivated.

Our Machine learning feature has been live since November 2022; if you want to review the official documentation, you can do it here.

One Last Thing…

To get the best out of Enterprise Node.js, start a free trial of N|Solid SaaS, an augmented version of the Node.js runtime, enhanced to deliver low-impact performance insights and greater security for mission-critical Node.js applications.

Nodesource Node.js Binary Distributions 2021 & 2022

Posted on by Simon Helberg

NodeSource Node.js binary downloads keep increasing monthly, providing millions of users worldwide with the power of Node.js. This blog post gives us important insights into using Node.js across Linux environments and the Node.js community in general.

Nodesource has been packaging and distributing Node.js for Linux environments for 9 years. Every major and minor release, as well as security updates. We’ve seen a massive increase in downloads every year. While we don’t distribute every version of Node.js, most of the downloads in Linux environments are provided by us.

Have you ever wondered how many people still use Node.js version?
Which countries consume Node.js the most?
What versions and distributions are the most popular?
What are the downloads of Node.js month by month?
Are they increasing, or are people moving away toward other technologies?

Let’s find out!

Get the awesome infographic here!
Node.js Binary Downloads

Note: If you want to compare, you can read Node by Numbers 2020 here.

In this article, you can find interesting data about the consumption of Node.js worldwide. the trends, spikes, and odds of the usage of the popular runtime that powers millions of applications.

These are the points to be discussed in this article:

Intro
A bit of History
Process: How is a new release created?
How does the distribution process work?
Stats!
Recent distributions supported
Traffic Peaks
Getting Involved
Conclusions

Introduction

First, let’s start with the basics:

_What is a binary distribution?
_

A binary distribution is a software package containing executables, binaries, or programs ready to be executed. In this case, it will be Node and NPM compiled executables.

_In what consists of the ‘Nodesource Node.js Binary Distributions’
_

Maintains availability and allows the usage of Node.js in production for the Linux community.
If you are installing Node.js in production on a Linux platform, there is a big chance that you are using NodeSource Node.js Binary Distributions.

why is this important?

Well, NodeSource Node.js binary distributions was downloaded over 90 million times worldwide last year. There are 90 million times people have been able to use, learn, and interact with Node.js thanks to this project.

Last month, it was downloaded +11 million times, and millions of applications and web pages are using it. Because of its availability, it has proven over the years to be the best source of installation and extensive use of Node.js packages in Linux, allowing the expansion of its use in the market.

_What kind of distributions are supported?
_

So right, as you can see, we support major Debian, Ubuntu, Redhat, CentOS, and Fedora releases and many different distributions based on those. As you can see, the list can’t go long, but we are always trying to add more there.

Also, if you are using code as infrastructure, the major recipes, formulas, or plugins that include Node.js installation usually work using Binaries distributions.

So if you’re using:

__Ansible__: https://galaxy.ansible.com/

__Chef__: https://supermarket.chef.io/

__Puppet__: https://forge.puppet.com/modules/puppet

__Salt__: https://github.com/saltstack-formulas/node-formula

You are already using binary distributions, and it is recommended to use the Node.js installer. That’s what the NPM documentation and the NodeJS official documentation say. So it’s proven to be the best source of installing these sectors.

A bit of History of Node.js Binary Distributions

_How NodeSource get involved in this project?
_

So, here are some essential milestones for the project:

It started with Chris Leajoining NodeSource in 2014.

Initially supporting Debian and Ubuntu with Node.js V12.

Added support for RHEL, Centos, Fedora, Oracle Linux, and Amazon Linux.

A script was created to ease the setup process. Later we created a script to make the installation process more manageable because you have to add the PPA manually. Now everything is automated!

Io.js was born and immediately supported.

In 2018 we started delivering Node.js in snap packages. A compatible format with multiple Linux distributions that you can use.

Since then, we have expanded support for many compatible Linux Distributions.

We support OpenJS Foundation and the Node.js project doing the same with every LTS and stable release the Node.js project has released.

Now let’s talk about how a new release is created.

Process – How is a new release in Node.js created

There are two processes involved when releasing a new version of Node.

The first comes from the node project itself.
The second is from the nodes or Node.js binaries distributions for the Linux operating system.

So it’s helpful to understand how the release lines work. All the releases are scheduled and planned. There are three stages on a Node version: Current, LTS, and the end of life.

Current NodeJS release line in the graph is colored green, as we can see here. And this space lasts for six months, from April to October.

LTS is an acronym for long-term support and is applied to release lines that will be supported and maintained by the Node.js project for an extensive period. LTS divides into two active and maintenance; Active is the blue, as we can see here. Maintenance is gray. Active is the one that lasts for 18 months. Maintenance is a release line that is the end of life. That means it will no longer be maintained and will not be patched with any known security vulnerability. When the version reaches the end of its life, it is very affectable to upgrade. The whole process lasts for three years.

Also, there are three types of releases:

Major release that is for incompatible API changes from version to version. A major release can also include changes that would normally be included in minor or patch releases.

Minor releases there include backward-compatible functionality changes.

Patch releases include nonbreaking bug fixes and security patches.

So every new LTS is a major release. This is the process for delivering a new version of Node.js.

How the release happens inside NodeSource

We already understand how a version is created. So, every time a new version is released, everything starts from Nodesource Slack. We already have an integration that notifies in a unique channel that a new version is available, so we have to get to work and update to a recent version. We also have some automation that makes our life easier: We have a bot, or infrastructure bot, called __Control Tower__. It’s something we use internally for all everything in our infrastructure.

Control Tower allows us to run a single command to generate a new version that will communicate with different pipelines we have in AWS called pipelines. And that will use AWS code build to build the package and all the packaging, generating all the different binaries we need to distribute Debian, rpm, and other formats.

After building those, it will push to Amazon’s S3 bucket, and from there, we will have an origin server that will serve all these packages for everybody in the world. That’s how it works.

It’s a semi-automated process with a lot of automation involved! Now, let’s see some fascinating statistics involved in this project.

Node by Numbers 2021 & 2022

NodeSource NodeJS binary execution was downloaded over 98,420,550 million times worldwide last year (2021), and the total download from this year from January to October is 80,442,890 million (2022).

This graph is a monthly download in terabytes 1TB. This year it was 2,135 TB of binaries distributions from January to October.

There is a noticeable increase in the tendency of downloads, and this year the downloads are even more remarkable. In just one year, the increase was about 4,7% in downloads.

2021 – 2,088.73 TB

2022 – 2,135.98 TB

Again, this is a lot of data, and we expect these numbers to keep increasing as the Node project expands.

Now we are going to analyze the numbers by version. This is very important. Let’s take a look.

As you can see, people are still getting old versions like V6, which was deprecated. Then we have V8 and V10 with a few people; others are using V12 and V14, and some are using V15 and V16. Now let’s go to analyze the current status.

So this is 2022, and as you can see, many people still use V12. But the good news is that most people are using V14 and v16. We can expect V18 to start growing, as it became LTS at the end of October, and it’s the latest LTS we support.

If you want to try these things on production, it’s really good to use stable versions; we always recommend using in production the latest LTS. Please read this article to understand why it is important and useful to try Node.js V18 LTS.

Now let’s see where those downloads are happening worldwide and where people consume Node.js most.

The top five countries consuming Node.js binary distributions between 2021 and 2022 were the US, Germany, France, the UK, Ireland, and the Netherlands.

In 2022 the top five countries were:
– United States 60.9%
– Germany 9.3%
– France 3.6%
– United Kingdom & Ireland 3.3%
– Netherlands 2.0%

Many South American countries consume binaries, including Brazil, Mexico, Argentina, and Colombia. The only African country on the list is South Africa. Let’s hope more countries keep using the amazing Node.js project! 💪

Traffic Peaks

As we can see in this image, at the end of October of this year, 2022, there was a release, reaching Oct 25 with Node 18 12,185 downloads, and every time there’s a new release in Node.js, there is a peak in downloads of binaries distributions.

October 18th – Node V19

October 25th – Node V18 LTS

For Node V19 we started having downloads on October 19 with 1,594 downloads that day.

__Note__: If you want to be aware of the important dates of the project, here you can consult the: Node.js Project Calendar

Recent distributions supported by NodeSource

Two types of deprecations could happen in our channels:

__When a Node version reaches the End Of Life__, which means you will not receive any security updates or book patches in the future. We always recommend that you stay in the currently supported version. One important thing to note is that we do not remove the old packages. Even if you use a pre-owned node version, you can still use NodeSource binaries distribution.

__When Linux Distribution goes End Of Life__, be aware that this is not a good practice because your Linux distribution, your operating system, is no longer receiving any security updates or support. So we always recommend keeping a proper maintenance version of your operating system (We do not remove the old packages).

Note: Check the ‘End-of-Life Releases’ HERE.

Please update your Node.js, or you will see this thing when you’re installing the Node.js version that you are trying to install. We always present this Deprecation warning, and we make you wait 20 seconds so you can read the message and realize that maybe you should be updating your Node.js version.

Today, many people are using no longer supported versions. About 46% of downloads of Node.js versions were no longer supported. We want to launch a campaign encouraging developers to upgrade their node version. #UpgradeYourNodeVersion

Behind the Data

There is still a surprising amount of downloads of outdated versions in 2021 (39%) and in 2022 (46%) – People should upgrade!

The downloads are focused mostly in the Americas and Europe (86,9%) in 2021 and were the same in 2022, and some regions are severely underrepresented, for example, Africa. The Middle East in 2022 is increasing the downloads.

The most downloaded versions in 2022 were version 14 for rpm and for deb (32% of Downloads). Followed by V12 with 26% of the downloads. Node V16 was downloaded 20%.

deb distributions are more consumed than rpm, as is expected.

In 2022, an exciting milestone was an increase of 13,6% in downloads of NodeSource Node.js Binaries Distributions. We expect continued growth in 2023.

Getting Involved

So, how can you get involved in this project? There are many ways to contribute.

First, you can go to this link: https://github.com/nodesource/distributions

In that link is the repository where the project is hosted, and you can submit an issue, comment, or pull request. And it’s related chiefly to supporting new distributions to upgrade a distribution or to create an update script to download a particular distribution.

Another way is to keep updated documentation. If a new version over distribution changes, it should also be updated on the docs. When you submit an issue or a pull request, suggestions could be made to keep it compatible with the rest of the distribution, and submissions are always working.

If you collaborate with this project for a few months, you can ask and be included in this repo as a collaborator 💪.

Conclusions

Using NodeSource Node.js distributions is the best and most recommended way to install Node.js in Linux for production environments.

NodeSource has delivered Node.js fresh to your Linux system via your package manager within hours, minutes, days, or weeks. For NodeSource, sustaining the community is essential because we want to support more people using Linux to have Node.js in production.

Also, we are looking for more community involvement in the project. So most of our scripts are open source, and as you can see, there’s a lot of activity in the report that we just mentioned in this article. Help will be appreciated! So if you have ideas or solutions or want to help us continue supporting open source, you can contribute to this GitHub Repo.

Please join us and be part of this magnificent project. Also, here are our channels to follow us and continue the conversation:

Twitter
LinkedIn
Github

As always, the best place to contact us is via our website or [email protected]

_Ready for more? _

If you are looking for NodeSource’s Enterprise-grade Node.js platform, N|Solid, please visit https://downloads.nodesource.com/, and for detailed information on installing and using N|Solid, please refer to the N|Solid User Guide.

We We also know that as a start-up, you want ‘Enterprise-grade’ at a startup price, this is why we extend our product to small and medium-sized companies, startups, and non-profit organizations with N|Solid SaaS.

Please help us to reach more people and support use cases in Node.js. We care about the Node.js community! 💚You’re welcome to explore, read, and participate in this project.

Useful Links / References

Octoverse 2022
2022 Developer Survey Stack Overflow