Deprecated APIs | Node.js v23.11.0 Documentation (original) (raw)

A Documentation-only deprecation is one that is expressed only within the Node.js API docs. These generate no side-effects while running Node.js. Some Documentation-only deprecations trigger a runtime warning when launched with --pending-deprecation flag (or its alternative,NODE_PENDING_DEPRECATION=1 environment variable), similarly to Runtime deprecations below. Documentation-only deprecations that support that flag are explicitly labeled as such in thelist of Deprecated APIs.

An Application deprecation for only non-node_modules code will, by default, generate a process warning that will be printed to stderr the first time the deprecated API is used in code that's not loaded from node_modules. When the --throw-deprecation command-line flag is used, a Runtime deprecation will cause an error to be thrown. When--pending-deprecation is used, warnings will also be emitted for code loaded from node_modules.

A runtime deprecation for all code is similar to the runtime deprecation for non-node_modules code, except that it also emits a warning for code loaded from node_modules.

An End-of-Life deprecation is used when functionality is or will soon be removed from Node.js.

List of deprecated APIs#

DEP0001: http.OutgoingMessage.prototype.flush#

Type: End-of-Life

OutgoingMessage.prototype.flush() has been removed. UseOutgoingMessage.prototype.flushHeaders() instead.

Type: End-of-Life

The _linklist module is deprecated. Please use a userland alternative.

DEP0003: _writableState.buffer#

Type: End-of-Life

The _writableState.buffer has been removed. Use _writableState.getBuffer()instead.

DEP0004: CryptoStream.prototype.readyState#

Type: End-of-Life

The CryptoStream.prototype.readyState property was removed.

DEP0005: Buffer() constructor#

Type: Application (non-node_modules code only)

The Buffer() function and new Buffer() constructor are deprecated due to API usability issues that can lead to accidental security issues.

As an alternative, use one of the following methods of constructing Bufferobjects:

Without --pending-deprecation, runtime warnings occur only for code not innode_modules. This means there will not be deprecation warnings forBuffer() usage in dependencies. With --pending-deprecation, a runtime warning results no matter where the Buffer() usage occurs.

DEP0006: child_process options.customFds#

Type: End-of-Life

Within the child_process module's spawn(), fork(), and exec()methods, the options.customFds option is deprecated. The options.stdiooption should be used instead.

DEP0007: Replace cluster worker.suicide with worker.exitedAfterDisconnect#

Type: End-of-Life

In an earlier version of the Node.js cluster, a boolean property with the namesuicide was added to the Worker object. The intent of this property was to provide an indication of how and why the Worker instance exited. In Node.js 6.0.0, the old property was deprecated and replaced with a newworker.exitedAfterDisconnect property. The old property name did not precisely describe the actual semantics and was unnecessarily emotion-laden.

DEP0008: require('node:constants')#

Type: Documentation-only

The node:constants module is deprecated. When requiring access to constants relevant to specific Node.js builtin modules, developers should instead refer to the constants property exposed by the relevant module. For instance,require('node:fs').constants and require('node:os').constants.

DEP0009: crypto.pbkdf2 without digest#

Type: End-of-Life

Use of the crypto.pbkdf2() API without specifying a digest was deprecated in Node.js 6.0 because the method defaulted to using the non-recommended'SHA1' digest. Previously, a deprecation warning was printed. Starting in Node.js 8.0.0, calling crypto.pbkdf2() or crypto.pbkdf2Sync() withdigest set to undefined will throw a TypeError.

Beginning in Node.js v11.0.0, calling these functions with digest set tonull would print a deprecation warning to align with the behavior when digestis undefined.

Now, however, passing either undefined or null will throw a TypeError.

DEP0010: crypto.createCredentials#

Type: End-of-Life

The crypto.createCredentials() API was removed. Please usetls.createSecureContext() instead.

DEP0011: crypto.Credentials#

Type: End-of-Life

The crypto.Credentials class was removed. Please use tls.SecureContextinstead.

DEP0012: Domain.dispose#

Type: End-of-Life

Domain.dispose() has been removed. Recover from failed I/O actions explicitly via error event handlers set on the domain instead.

DEP0013: fs asynchronous function without callback#

Type: End-of-Life

Calling an asynchronous function without a callback throws a TypeErrorin Node.js 10.0.0 onwards. See https://github.com/nodejs/node/pull/12562.

DEP0014: fs.read legacy String interface#

Type: End-of-Life

The fs.read() legacy String interface is deprecated. Use the BufferAPI as mentioned in the documentation instead.

DEP0015: fs.readSync legacy String interface#

Type: End-of-Life

The fs.readSync() legacy String interface is deprecated. Use theBuffer API as mentioned in the documentation instead.

DEP0016: GLOBAL/root#

Type: End-of-Life

The GLOBAL and root aliases for the global property were deprecated in Node.js 6.0.0 and have since been removed.

DEP0017: Intl.v8BreakIterator#

Type: End-of-Life

Intl.v8BreakIterator was a non-standard extension and has been removed. See Intl.Segmenter.

DEP0018: Unhandled promise rejections#

Type: End-of-Life

Unhandled promise rejections are deprecated. By default, promise rejections that are not handled terminate the Node.js process with a non-zero exit code. To change the way Node.js treats unhandled rejections, use the--unhandled-rejections command-line option.

DEP0019: require('.') resolved outside directory#

Type: End-of-Life

In certain cases, require('.') could resolve outside the package directory. This behavior has been removed.

DEP0020: Server.connections#

Type: End-of-Life

The Server.connections property was deprecated in Node.js v0.9.7 and has been removed. Please use the Server.getConnections() method instead.

DEP0021: Server.listenFD#

Type: End-of-Life

The Server.listenFD() method was deprecated and removed. Please useServer.listen({fd: }) instead.

DEP0022: os.tmpDir()#

Type: End-of-Life

The os.tmpDir() API was deprecated in Node.js 7.0.0 and has since been removed. Please use os.tmpdir() instead.

DEP0023: os.getNetworkInterfaces()#

Type: End-of-Life

The os.getNetworkInterfaces() method is deprecated. Please use theos.networkInterfaces() method instead.

DEP0024: REPLServer.prototype.convertToContext()#

Type: End-of-Life

The REPLServer.prototype.convertToContext() API has been removed.

DEP0025: require('node:sys')#

Type: Runtime

The node:sys module is deprecated. Please use the util module instead.

DEP0026: util.print()#

Type: End-of-Life

util.print() has been removed. Please use console.log() instead.

DEP0027: util.puts()#

Type: End-of-Life

util.puts() has been removed. Please use console.log() instead.

DEP0028: util.debug()#

Type: End-of-Life

util.debug() has been removed. Please use console.error() instead.

DEP0029: util.error()#

Type: End-of-Life

util.error() has been removed. Please use console.error() instead.

DEP0031: ecdh.setPublicKey()#

Type: Documentation-only

The ecdh.setPublicKey() method is now deprecated as its inclusion in the API is not useful.

DEP0032: node:domain module#

Type: Documentation-only

The domain module is deprecated and should not be used.

DEP0037: fs.lchown(path, uid, gid, callback)#

Type: Deprecation revoked

The fs.lchown(path, uid, gid, callback) API was deprecated. The deprecation was revoked because the requisite supporting APIs were added in libuv.

DEP0038: fs.lchownSync(path, uid, gid)#

Type: Deprecation revoked

The fs.lchownSync(path, uid, gid) API was deprecated. The deprecation was revoked because the requisite supporting APIs were added in libuv.

DEP0039: require.extensions#

Type: Documentation-only

The require.extensions property is deprecated.

DEP0040: node:punycode module#

Type: Runtime

The punycode module is deprecated. Please use a userland alternative instead.

DEP0041: NODE_REPL_HISTORY_FILE environment variable#

Type: End-of-Life

The NODE_REPL_HISTORY_FILE environment variable was removed. Please useNODE_REPL_HISTORY instead.

DEP0042: tls.CryptoStream#

Type: End-of-Life

The tls.CryptoStream class was removed. Please usetls.TLSSocket instead.

DEP0044: util.isArray()#

Type: Runtime

The util.isArray() API is deprecated. Please use Array.isArray()instead.

DEP0045: util.isBoolean()#

Type: End-of-Life

The util.isBoolean() API has been removed. Please usetypeof arg === 'boolean' instead.

DEP0046: util.isBuffer()#

Type: End-of-Life

The util.isBuffer() API has been removed. Please useBuffer.isBuffer() instead.

DEP0047: util.isDate()#

Type: End-of-Life

The util.isDate() API has been removed. Please usearg instanceof Date instead.

DEP0048: util.isError()#

Type: End-of-Life

The util.isError() API has been removed. Please useObject.prototype.toString(arg) === '[object Error]' || arg instanceof Errorinstead.

DEP0049: util.isFunction()#

Type: End-of-Life

The util.isFunction() API has been removed. Please usetypeof arg === 'function' instead.

DEP0050: util.isNull()#

Type: End-of-Life

The util.isNull() API has been removed. Please usearg === null instead.

DEP0051: util.isNullOrUndefined()#

Type: End-of-Life

The util.isNullOrUndefined() API has been removed. Please usearg === null || arg === undefined instead.

DEP0052: util.isNumber()#

Type: End-of-Life

The util.isNumber() API has been removed. Please usetypeof arg === 'number' instead.

DEP0053: util.isObject()#

Type: End-of-Life

The util.isObject() API has been removed. Please usearg && typeof arg === 'object' instead.

DEP0054: util.isPrimitive()#

Type: End-of-Life

The util.isPrimitive() API has been removed. Please usearg === null || (typeof arg !=='object' && typeof arg !== 'function')instead.

DEP0055: util.isRegExp()#

Type: End-of-Life

The util.isRegExp() API has been removed. Please usearg instanceof RegExp instead.

DEP0056: util.isString()#

Type: End-of-Life

The util.isString() API has been removed. Please usetypeof arg === 'string' instead.

DEP0057: util.isSymbol()#

Type: End-of-Life

The util.isSymbol() API has been removed. Please usetypeof arg === 'symbol' instead.

DEP0058: util.isUndefined()#

Type: End-of-Life

The util.isUndefined() API has been removed. Please usearg === undefined instead.

DEP0059: util.log()#

Type: End-of-Life

The util.log() API has been removed because it's an unmaintained legacy API that was exposed to user land by accident. Instead, consider the following alternatives based on your specific needs:

By adopting one of these alternatives, you can transition away from util.log()and choose a logging strategy that aligns with the specific requirements and complexity of your application.

DEP0060: util._extend()#

Type: Runtime

The util._extend() API is deprecated because it's an unmaintained legacy API that was exposed to user land by accident. Please use target = Object.assign(target, source) instead.

DEP0061: fs.SyncWriteStream#

Type: End-of-Life

The fs.SyncWriteStream class was never intended to be a publicly accessible API and has been removed. No alternative API is available. Please use a userland alternative.

DEP0062: node --debug#

Type: End-of-Life

--debug activates the legacy V8 debugger interface, which was removed as of V8 5.8. It is replaced by Inspector which is activated with --inspectinstead.

DEP0063: ServerResponse.prototype.writeHeader()#

Type: Documentation-only

The node:http module ServerResponse.prototype.writeHeader() API is deprecated. Please use ServerResponse.prototype.writeHead() instead.

The ServerResponse.prototype.writeHeader() method was never documented as an officially supported API.

DEP0064: tls.createSecurePair()#

Type: Runtime

The tls.createSecurePair() API was deprecated in documentation in Node.js 0.11.3. Users should use tls.Socket instead.

DEP0065: repl.REPL_MODE_MAGIC and NODE_REPL_MODE=magic#

Type: End-of-Life

The node:repl module's REPL_MODE_MAGIC constant, used for replMode option, has been removed. Its behavior has been functionally identical to that ofREPL_MODE_SLOPPY since Node.js 6.0.0, when V8 5.0 was imported. Please useREPL_MODE_SLOPPY instead.

The NODE_REPL_MODE environment variable is used to set the underlyingreplMode of an interactive node session. Its value, magic, is also removed. Please use sloppy instead.

DEP0066: OutgoingMessage.prototype._headers, OutgoingMessage.prototype._headerNames#

Type: Runtime

The node:http module OutgoingMessage.prototype._headers andOutgoingMessage.prototype._headerNames properties are deprecated. Use one of the public methods (e.g. OutgoingMessage.prototype.getHeader(),OutgoingMessage.prototype.getHeaders(),OutgoingMessage.prototype.getHeaderNames(),OutgoingMessage.prototype.getRawHeaderNames(),OutgoingMessage.prototype.hasHeader(),OutgoingMessage.prototype.removeHeader(),OutgoingMessage.prototype.setHeader()) for working with outgoing headers.

The OutgoingMessage.prototype._headers andOutgoingMessage.prototype._headerNames properties were never documented as officially supported properties.

DEP0067: OutgoingMessage.prototype._renderHeaders#

Type: Documentation-only

The node:http module OutgoingMessage.prototype._renderHeaders() API is deprecated.

The OutgoingMessage.prototype._renderHeaders property was never documented as an officially supported API.

DEP0068: node debug#

Type: End-of-Life

node debug corresponds to the legacy CLI debugger which has been replaced with a V8-inspector based CLI debugger available through node inspect.

DEP0069: vm.runInDebugContext(string)#

Type: End-of-Life

DebugContext has been removed in V8 and is not available in Node.js 10+.

DebugContext was an experimental API.

DEP0070: async_hooks.currentId()#

Type: End-of-Life

async_hooks.currentId() was renamed to async_hooks.executionAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0071: async_hooks.triggerId()#

Type: End-of-Life

async_hooks.triggerId() was renamed to async_hooks.triggerAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0072: async_hooks.AsyncResource.triggerId()#

Type: End-of-Life

async_hooks.AsyncResource.triggerId() was renamed toasync_hooks.AsyncResource.triggerAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0073: Several internal properties of net.Server#

Type: End-of-Life

Accessing several internal, undocumented properties of net.Server instances with inappropriate names is deprecated.

As the original API was undocumented and not generally useful for non-internal code, no replacement API is provided.

DEP0075: REPLServer.parseREPLKeyword()#

Type: End-of-Life

REPLServer.parseREPLKeyword() was removed from userland visibility.

DEP0076: tls.parseCertString()#

Type: End-of-Life

tls.parseCertString() was a trivial parsing helper that was made public by mistake. While it was supposed to parse certificate subject and issuer strings, it never handled multi-value Relative Distinguished Names correctly.

Earlier versions of this document suggested using querystring.parse() as an alternative to tls.parseCertString(). However, querystring.parse() also does not handle all certificate subjects correctly and should not be used.

DEP0077: Module._debug()#

Type: Runtime

Module._debug() is deprecated.

The Module._debug() function was never documented as an officially supported API.

DEP0078: REPLServer.turnOffEditorMode()#

Type: End-of-Life

REPLServer.turnOffEditorMode() was removed from userland visibility.

DEP0079: Custom inspection function on objects via .inspect()#

Type: End-of-Life

Using a property named inspect on an object to specify a custom inspection function for util.inspect() is deprecated. Use util.inspect.custominstead. For backward compatibility with Node.js prior to version 6.4.0, both can be specified.

DEP0080: path._makeLong()#

Type: Documentation-only

The internal path._makeLong() was not intended for public use. However, userland modules have found it useful. The internal API is deprecated and replaced with an identical, public path.toNamespacedPath() method.

DEP0081: fs.truncate() using a file descriptor#

Type: Runtime

fs.truncate() fs.truncateSync() usage with a file descriptor is deprecated. Please use fs.ftruncate() or fs.ftruncateSync() to work with file descriptors.

DEP0082: REPLServer.prototype.memory()#

Type: End-of-Life

REPLServer.prototype.memory() is only necessary for the internal mechanics of the REPLServer itself. Do not use this function.

DEP0083: Disabling ECDH by setting ecdhCurve to false#

Type: End-of-Life

The ecdhCurve option to tls.createSecureContext() and tls.TLSSocket could be set to false to disable ECDH entirely on the server only. This mode was deprecated in preparation for migrating to OpenSSL 1.1.0 and consistency with the client and is now unsupported. Use the ciphers parameter instead.

DEP0084: requiring bundled internal dependencies#

Type: End-of-Life

Since Node.js versions 4.4.0 and 5.2.0, several modules only intended for internal usage were mistakenly exposed to user code through require(). These modules were:

The v8/* modules do not have any exports, and if not imported in a specific order would in fact throw errors. As such there are virtually no legitimate use cases for importing them through require().

On the other hand, node-inspect can be installed locally through a package manager, as it is published on the npm registry under the same name. No source code modification is necessary if that is done.

DEP0089: require('node:assert')#

Type: Deprecation revoked

Importing assert directly was not recommended as the exposed functions use loose equality checks. The deprecation was revoked because use of thenode:assert module is not discouraged, and the deprecation caused developer confusion.

DEP0090: Invalid GCM authentication tag lengths#

Type: End-of-Life

Node.js used to support all GCM authentication tag lengths which are accepted by OpenSSL when calling decipher.setAuthTag(). Beginning with Node.js v11.0.0, only authentication tag lengths of 128, 120, 112, 104, 96, 64, and 32 bits are allowed. Authentication tags of other lengths are invalid perNIST SP 800-38D.

DEP0091: crypto.DEFAULT_ENCODING#

Type: End-of-Life

The crypto.DEFAULT_ENCODING property only existed for compatibility with Node.js releases prior to versions 0.9.3 and has been removed.

DEP0092: Top-level this bound to module.exports#

Type: Documentation-only

Assigning properties to the top-level this as an alternative to module.exports is deprecated. Developers should use exportsor module.exports instead.

DEP0093: crypto.fips is deprecated and replaced#

Type: Runtime

The crypto.fips property is deprecated. Please use crypto.setFips()and crypto.getFips() instead.

DEP0094: Using assert.fail() with more than one argument#

Type: Runtime

Using assert.fail() with more than one argument is deprecated. Useassert.fail() with only one argument or use a different node:assert module method.

DEP0095: timers.enroll()#

Type: Runtime

timers.enroll() is deprecated. Please use the publicly documentedsetTimeout() or setInterval() instead.

DEP0096: timers.unenroll()#

Type: Runtime

timers.unenroll() is deprecated. Please use the publicly documentedclearTimeout() or clearInterval() instead.

DEP0097: MakeCallback with domain property#

Type: Runtime

Users of MakeCallback that add the domain property to carry context, should start using the async_context variant of MakeCallback orCallbackScope, or the high-level AsyncResource class.

DEP0098: AsyncHooks embedder AsyncResource.emitBefore and AsyncResource.emitAfter APIs#

Type: End-of-Life

The embedded API provided by AsyncHooks exposes .emitBefore() and.emitAfter() methods which are very easy to use incorrectly which can lead to unrecoverable errors.

Use asyncResource.runInAsyncScope() API instead which provides a much safer, and more convenient, alternative. Seehttps://github.com/nodejs/node/pull/18513.

DEP0099: Async context-unaware node::MakeCallback C++ APIs#

Type: Compile-time

Certain versions of node::MakeCallback APIs available to native addons are deprecated. Please use the versions of the API that accept an async_contextparameter.

DEP0100: process.assert()#

Type: End-of-Life

process.assert() is deprecated. Please use the assert module instead.

This was never a documented feature.

DEP0101: --with-lttng#

Type: End-of-Life

The --with-lttng compile-time option has been removed.

DEP0102: Using noAssert in Buffer#(read|write) operations#

Type: End-of-Life

Using the noAssert argument has no functionality anymore. All input is verified regardless of the value of noAssert. Skipping the verification could lead to hard-to-find errors and crashes.

DEP0103: process.binding('util').is[...] typechecks#

Type: Documentation-only (supports --pending-deprecation)

Using process.binding() in general should be avoided. The type checking methods in particular can be replaced by using util.types.

This deprecation has been superseded by the deprecation of theprocess.binding() API (DEP0111).

DEP0104: process.env string coercion#

Type: Documentation-only (supports --pending-deprecation)

When assigning a non-string property to process.env, the assigned value is implicitly converted to a string. This behavior is deprecated if the assigned value is not a string, boolean, or number. In the future, such assignment might result in a thrown error. Please convert the property to a string before assigning it to process.env.

DEP0105: decipher.finaltol#

Type: End-of-Life

decipher.finaltol() has never been documented and was an alias fordecipher.final(). This API has been removed, and it is recommended to usedecipher.final() instead.

DEP0107: tls.convertNPNProtocols()#

Type: End-of-Life

This was an undocumented helper function not intended for use outside Node.js core and obsoleted by the removal of NPN (Next Protocol Negotiation) support.

DEP0108: zlib.bytesRead#

Type: End-of-Life

Deprecated alias for zlib.bytesWritten. This original name was chosen because it also made sense to interpret the value as the number of bytes read by the engine, but is inconsistent with other streams in Node.js that expose values under these names.

DEP0109: http, https, and tls support for invalid URLs#

Type: End-of-Life

Some previously supported (but strictly invalid) URLs were accepted through thehttp.request(), http.get(), https.request(),https.get(), and tls.checkServerIdentity() APIs because those were accepted by the legacy url.parse() API. The mentioned APIs now use the WHATWG URL parser that requires strictly valid URLs. Passing an invalid URL is deprecated and support will be removed in the future.

DEP0110: vm.Script cached data#

Type: Documentation-only

The produceCachedData option is deprecated. Usescript.createCachedData() instead.

DEP0111: process.binding()#

Type: Documentation-only (supports --pending-deprecation)

process.binding() is for use by Node.js internal code only.

While process.binding() has not reached End-of-Life status in general, it is unavailable when the permission model is enabled.

DEP0112: dgram private APIs#

Type: Runtime

The node:dgram module previously contained several APIs that were never meant to accessed outside of Node.js core: Socket.prototype._handle,Socket.prototype._receiving, Socket.prototype._bindState,Socket.prototype._queue, Socket.prototype._reuseAddr,Socket.prototype._healthCheck(), Socket.prototype._stopReceiving(), anddgram._createSocketHandle().

DEP0113: Cipher.setAuthTag(), Decipher.getAuthTag()#

Type: End-of-Life

Cipher.setAuthTag() and Decipher.getAuthTag() are no longer available. They were never documented and would throw when called.

DEP0114: crypto._toBuf()#

Type: End-of-Life

The crypto._toBuf() function was not designed to be used by modules outside of Node.js core and was removed.

DEP0115: crypto.prng(), crypto.pseudoRandomBytes(), crypto.rng()#

Type: Documentation-only (supports --pending-deprecation)

In recent versions of Node.js, there is no difference betweencrypto.randomBytes() and crypto.pseudoRandomBytes(). The latter is deprecated along with the undocumented aliases crypto.prng() andcrypto.rng() in favor of crypto.randomBytes() and might be removed in a future release.

DEP0117: Native crypto handles#

Type: End-of-Life

Previous versions of Node.js exposed handles to internal native objects through the _handle property of the Cipher, Decipher, DiffieHellman,DiffieHellmanGroup, ECDH, Hash, Hmac, Sign, and Verify classes. The _handle property has been removed because improper use of the native object can lead to crashing the application.

DEP0118: dns.lookup() support for a falsy host name#

Type: Runtime

Previous versions of Node.js supported dns.lookup() with a falsy host name like dns.lookup(false) due to backward compatibility. This behavior is undocumented and is thought to be unused in real world apps. It will become an error in future versions of Node.js.

DEP0120: Windows Performance Counter support#

Type: End-of-Life

Windows Performance Counter support has been removed from Node.js. The undocumented COUNTER_NET_SERVER_CONNECTION(),COUNTER_NET_SERVER_CONNECTION_CLOSE(), COUNTER_HTTP_SERVER_REQUEST(),COUNTER_HTTP_SERVER_RESPONSE(), COUNTER_HTTP_CLIENT_REQUEST(), andCOUNTER_HTTP_CLIENT_RESPONSE() functions have been deprecated.

DEP0121: net._setSimultaneousAccepts()#

Type: Runtime

The undocumented net._setSimultaneousAccepts() function was originally intended for debugging and performance tuning when using thenode:child_process and node:cluster modules on Windows. The function is not generally useful and is being removed. See discussion here:https://github.com/nodejs/node/issues/18391

DEP0122: tls Server.prototype.setOptions()#

Type: Runtime

Please use Server.prototype.setSecureContext() instead.

DEP0123: setting the TLS ServerName to an IP address#

Type: Runtime

Setting the TLS ServerName to an IP address is not permitted byRFC 6066. This will be ignored in a future version.

DEP0124: using REPLServer.rli#

Type: End-of-Life

This property is a reference to the instance itself.

DEP0125: require('node:_stream_wrap')#

Type: Runtime

The node:_stream_wrap module is deprecated.

DEP0126: timers.active()#

Type: Runtime

The previously undocumented timers.active() is deprecated. Please use the publicly documented timeout.refresh() instead. If re-referencing the timeout is necessary, timeout.ref() can be used with no performance impact since Node.js 10.

DEP0127: timers._unrefActive()#

Type: Runtime

The previously undocumented and "private" timers._unrefActive() is deprecated. Please use the publicly documented timeout.refresh() instead. If unreferencing the timeout is necessary, timeout.unref() can be used with no performance impact since Node.js 10.

DEP0128: modules with an invalid main entry and an index.js file#

Type: Runtime

Modules that have an invalid main entry (e.g., ./does-not-exist.js) and also have an index.js file in the top level directory will resolve theindex.js file. That is deprecated and is going to throw an error in future Node.js versions.

DEP0129: ChildProcess._channel#

Type: Runtime

The _channel property of child process objects returned by spawn() and similar functions is not intended for public use. Use ChildProcess.channelinstead.

DEP0131: Legacy HTTP parser#

Type: End-of-Life

The legacy HTTP parser, used by default in versions of Node.js prior to 12.0.0, is deprecated and has been removed in v13.0.0. Prior to v13.0.0, the--http-parser=legacy command-line flag could be used to revert to using the legacy parser.

DEP0132: worker.terminate() with callback#

Type: Runtime

Passing a callback to worker.terminate() is deprecated. Use the returnedPromise instead, or a listener to the worker's 'exit' event.

DEP0134: process._tickCallback#

Type: Documentation-only (supports --pending-deprecation)

The process._tickCallback property was never documented as an officially supported API.

DEP0137: Closing fs.FileHandle on garbage collection#

Type: Runtime

Allowing a fs.FileHandle object to be closed on garbage collection is deprecated. In the future, doing so might result in a thrown error that will terminate the process.

Please ensure that all fs.FileHandle objects are explicitly closed usingFileHandle.prototype.close() when the fs.FileHandle is no longer needed:

const fsPromises = require('node:fs').promises; async function openAndClose() { let filehandle; try { filehandle = await fsPromises.open('thefile.txt', 'r'); } finally { if (filehandle !== undefined) await filehandle.close(); } }

DEP0138: process.mainModule#

Type: Documentation-only

process.mainModule is a CommonJS-only feature while process global object is shared with non-CommonJS environment. Its use within ECMAScript modules is unsupported.

It is deprecated in favor of require.main, because it serves the same purpose and is only available on CommonJS environment.

DEP0139: process.umask() with no arguments#

Type: Documentation-only

Calling process.umask() with no argument causes the process-wide umask to be written twice. This introduces a race condition between threads, and is a potential security vulnerability. There is no safe, cross-platform alternative API.

DEP0141: repl.inputStream and repl.outputStream#

Type: Documentation-only (supports --pending-deprecation)

The node:repl module exported the input and output stream twice. Use .inputinstead of .inputStream and .output instead of .outputStream.

DEP0142: repl._builtinLibs#

Type: Documentation-only (supports --pending-deprecation)

The node:repl module exports a _builtinLibs property that contains an array of built-in modules. It was incomplete so far and instead it's better to rely upon require('node:module').builtinModules.

DEP0143: Transform._transformState#

Type: Runtime

Transform._transformState will be removed in future versions where it is no longer required due to simplification of the implementation.

DEP0144: module.parent#

Type: Documentation-only (supports --pending-deprecation)

A CommonJS module can access the first module that required it usingmodule.parent. This feature is deprecated because it does not work consistently in the presence of ECMAScript modules and because it gives an inaccurate representation of the CommonJS module graph.

Some modules use it to check if they are the entry point of the current process. Instead, it is recommended to compare require.main and module:

if (require.main === module) { // Code section that will run only if current file is the entry point. }

When looking for the CommonJS modules that have required the current one,require.cache and module.children can be used:

const moduleParents = Object.values(require.cache) .filter((m) => m.children.includes(module));

DEP0147: fs.rmdir(path, { recursive: true })#

Type: Runtime

In future versions of Node.js, recursive option will be ignored forfs.rmdir, fs.rmdirSync, and fs.promises.rmdir.

Use fs.rm(path, { recursive: true, force: true }),fs.rmSync(path, { recursive: true, force: true }) orfs.promises.rm(path, { recursive: true, force: true }) instead.

DEP0150: Changing the value of process.config#

Type: End-of-Life

The process.config property provides access to Node.js compile-time settings. However, the property is mutable and therefore subject to tampering. The ability to change the value will be removed in a future version of Node.js.

DEP0151: Main index lookup and extension searching#

Type: Runtime

Previously, index.js and extension searching lookups would apply toimport 'pkg' main entry point resolution, even when resolving ES modules.

With this deprecation, all ES module main entry point resolutions require an explicit "exports" or "main" entry with the exact file extension.

DEP0152: Extension PerformanceEntry properties#

Type: Runtime

The 'gc', 'http2', and 'http' object types have additional properties assigned to them that provide additional information. These properties are now available within the standard detail property of the PerformanceEntry object. The existing accessors have been deprecated and should no longer be used.

DEP0153: dns.lookup and dnsPromises.lookup options type coercion#

Type: End-of-Life

Using a non-nullish non-integer value for family option, a non-nullish non-number value for hints option, a non-nullish non-boolean value for alloption, or a non-nullish non-boolean value for verbatim option indns.lookup() and dnsPromises.lookup() throws anERR_INVALID_ARG_TYPE error.

DEP0154: RSA-PSS generate key pair options#

Type: Runtime

The 'hash' and 'mgf1Hash' options are replaced with 'hashAlgorithm'and 'mgf1HashAlgorithm'.

DEP0155: Trailing slashes in pattern specifier resolutions#

Type: Runtime

The remapping of specifiers ending in "/" like import 'pkg/x/' is deprecated for package "exports" and "imports" pattern resolutions.

DEP0156: .aborted property and 'abort', 'aborted' event in http#

Type: Documentation-only

Move to API instead, as the http.ClientRequest,http.ServerResponse, and http.IncomingMessage are all stream-based. Check stream.destroyed instead of the .aborted property, and listen for'close' instead of 'abort', 'aborted' event.

The .aborted property and 'abort' event are only useful for detecting.abort() calls. For closing a request early, use the Stream.destroy([error]) then check the .destroyed property and 'close' event should have the same effect. The receiving end should also check thereadable.readableEnded value on http.IncomingMessage to get whether it was an aborted or graceful destroy.

DEP0157: Thenable support in streams#

Type: End-of-Life

An undocumented feature of Node.js streams was to support thenables in implementation methods. This is now deprecated, use callbacks instead and avoid use of async function for streams implementation methods.

This feature caused users to encounter unexpected problems where the user implements the function in callback style but uses e.g. an async method which would cause an error since mixing promise and callback semantics is not valid.

const w = new Writable({ async final(callback) { await someOp(); callback(); }, });

DEP0158: buffer.slice(start, end)#

Type: Documentation-only

This method was deprecated because it is not compatible withUint8Array.prototype.slice(), which is a superclass of Buffer.

Use buffer.subarray which does the same thing instead.

DEP0159: ERR_INVALID_CALLBACK#

Type: End-of-Life

This error code was removed due to adding more confusion to the errors used for value type validation.

DEP0160: process.on('multipleResolves', handler)#

Type: Runtime

This event was deprecated because it did not work with V8 promise combinators which diminished its usefulness.

DEP0161: process._getActiveRequests() and process._getActiveHandles()#

Type: Documentation-only

The process._getActiveHandles() and process._getActiveRequests()functions are not intended for public use and can be removed in future releases.

Use process.getActiveResourcesInfo() to get a list of types of active resources and not the actual references.

DEP0164: process.exit(code), process.exitCode coercion to integer#

Type: End-of-Life

Values other than undefined, null, integer numbers, and integer strings (e.g., '1') are deprecated as value for the code parameter inprocess.exit() and as value to assign to process.exitCode.

DEP0165: --trace-atomics-wait#

Type: End-of-Life

The --trace-atomics-wait flag has been removed because it uses the V8 hook SetAtomicsWaitCallback, that will be removed in a future V8 release.

DEP0166: Double slashes in imports and exports targets#

Type: Runtime

Package imports and exports targets mapping into paths including a double slash (of "/" or "\") are deprecated and will fail with a resolution validation error in a future release. This same deprecation also applies to pattern matches starting or ending in a slash.

DEP0167: Weak DiffieHellmanGroup instances (modp1, modp2, modp5)#

Type: Documentation-only

The well-known MODP groups modp1, modp2, and modp5 are deprecated because they are not secure against practical attacks. See RFC 8247 Section 2.4 for details.

These groups might be removed in future versions of Node.js. Applications that rely on these groups should evaluate using stronger MODP groups instead.

DEP0168: Unhandled exception in Node-API callbacks#

Type: Runtime

The implicit suppression of uncaught exceptions in Node-API callbacks is now deprecated.

Set the flag --force-node-api-uncaught-exceptions-policy to force Node.js to emit an 'uncaughtException' event if the exception is not handled in Node-API callbacks.

DEP0169: Insecure url.parse()#

Type: Documentation-only (supports --pending-deprecation)

url.parse() behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for url.parse() vulnerabilities.

DEP0170: Invalid port when using url.parse()#

Type: Runtime

url.parse() accepts URLs with ports that are not numbers. This behavior might result in host name spoofing with unexpected input. These URLs will throw an error in future versions of Node.js, as the WHATWG URL API does already.

DEP0172: The asyncResource property of AsyncResource bound functions#

Type: Runtime

In a future version of Node.js, the asyncResource property will no longer be added when a function is bound to an AsyncResource.

DEP0173: the assert.CallTracker class#

Type: Documentation-only

In a future version of Node.js, assert.CallTracker, will be removed. Consider using alternatives such as the mock helper function.

DEP0174: calling promisify on a function that returns a Promise#

Type: Runtime

Calling util.promisify on a function that returns a Promise will ignore the result of said promise, which can lead to unhandled promise rejections.

DEP0176: fs.F_OK, fs.R_OK, fs.W_OK, fs.X_OK#

Type: Documentation-only

F_OK, R_OK, W_OK and X_OK getters exposed directly on node:fs are deprecated. Get them from fs.constants or fs.promises.constants instead.

DEP0177: util.types.isWebAssemblyCompiledModule#

Type: End-of-Life

The util.types.isWebAssemblyCompiledModule API has been removed. Please use value instanceof WebAssembly.Module instead.

DEP0178: dirent.path#

Type: Runtime

The dirent.path is deprecated due to its lack of consistency across release lines. Please use dirent.parentPath instead.

DEP0179: Hash constructor#

Type: Runtime

Calling Hash class directly with Hash() or new Hash() is deprecated due to being internals, not intended for public use. Please use the crypto.createHash() method to create Hash instances.

DEP0180: fs.Stats constructor#

Type: Runtime

Calling fs.Stats class directly with Stats() or new Stats() is deprecated due to being internals, not intended for public use.

DEP0181: Hmac constructor#

Type: Runtime

Calling Hmac class directly with Hmac() or new Hmac() is deprecated due to being internals, not intended for public use. Please use the crypto.createHmac() method to create Hmac instances.

DEP0182: Short GCM authentication tags without explicit authTagLength#

Type: Runtime

Applications that intend to use authentication tags that are shorter than the default authentication tag length must set the authTagLength option of thecrypto.createDecipheriv() function to the appropriate length.

For ciphers in GCM mode, the decipher.setAuthTag() function accepts authentication tags of any valid length (see DEP0090). This behavior is deprecated to better align with recommendations per NIST SP 800-38D.

DEP0184: Instantiating node:zlib classes without new#

Type: Documentation-only

Instantiating classes without the new qualifier exported by the node:zlib module is deprecated. It is recommended to use the new qualifier instead. This applies to all Zlib classes, such as Deflate,DeflateRaw, Gunzip, Inflate, InflateRaw, Unzip, and Zlib.

DEP0185: Instantiating node:repl classes without new#

Type: Documentation-only

Instantiating classes without the new qualifier exported by the node:repl module is deprecated. It is recommended to use the new qualifier instead. This applies to all REPL classes, includingREPLServer and Recoverable.

DEP0187: Passing invalid argument types to fs.existsSync#

Type: Documentation-only

Passing non-supported argument types is deprecated and, instead of returning false, will throw an error in a future version.

DEP0188: process.features.ipv6 and process.features.uv#

Type: Documentation-only

These properties are unconditionally true. Any checks based on these properties are redundant.

DEP0189: process.features.tls_*#

Type: Documentation-only

process.features.tls_alpn, process.features.tls_ocsp, and process.features.tls_sni are deprecated, as their values are guaranteed to be identical to that of process.features.tls.

DEP0190: Passing args to node:child_process execFile/spawn with shell option true#

Type: Documentation-only

When an args array is passed to child_process.execFile or child_process.spawn with the option{ shell: true }, the values are not escaped, only space-separated, which can lead to shell injection.