[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$ffrWbjsocZuCzmMsMVC0_bAsYvHwA8BBf7NPtFFvtxgQ":3},{"id":4,"slug":5,"title":6,"excerpt":7,"content":8,"cover_image_url":9,"author":10,"published_at":11,"created_at":12,"updated_at":12,"is_published":13},"73010f41-d2e9-4a38-a0aa-882a4821d403","nodejs-eol-history-all-versions","Node.js EOL History: Every Version, Every Date, Every CVE Count","From Node.js 0.10 to Node.js 22, we mapped the complete end-of-life history of the JavaScript runtime and the CVE accumulation that followed each EOL date.","\u003Carticle>\n\u003Cp>Node.js has been the backbone of server-side JavaScript since 2009. Its release cadence — alternating LTS and Current releases with precisely defined support windows — is one of the most structured in open source. Yet EOLCanary's data shows outdated Node.js versions remain among the most common in production environments.\u003C\u002Fp>\n\u003Ch2>How Node.js versioning works\u003C\u002Fh2>\n\u003Cp>Node.js releases even-numbered versions as LTS and odd-numbered versions as Current. Even-numbered LTS versions receive security patches for approximately 30 months total. Odd-numbered Current releases receive patches for only 6 months — meaning Node.js 21 was EOL by June 2024, less than a year after its release.\u003C\u002Fp>\n\u003Ch2>CVE counts by major version\u003C\u002Fh2>\n\u003Cp>CVE accumulation continues after EOL because vulnerabilities in V8, libuv, and the Node.js standard library are discovered continuously. Node.js 14, which reached EOL in April 2023, had 31 tracked CVEs at the time of EOL. That number has grown since, with no patches issued.\u003C\u002Fp>\n\u003Ch2>Node.js 16 and the cautionary tale of \"recent enough\"\u003C\u002Fh2>\n\u003Cp>Node.js 16 felt current when many teams deployed it. It reached EOL in September 2023. Teams that deployed it in 2022 had roughly 18 months before it became unsupported. EOLCanary currently tracks 23 CVEs against Node.js 16.x, of which 4 are rated Critical.\u003C\u002Fp>\n\u003Ch2>The current support landscape\u003C\u002Fh2>\n\u003Cp>As of June 2026: Node.js 18 is EOL (April 2025), Node.js 20 is in Maintenance LTS until April 2026, Node.js 22 is Active LTS through April 2027. For production deployments, Node.js 22 LTS is the correct migration target today.\u003C\u002Fp>\n\u003Ch2>The V8 dependency problem\u003C\u002Fh2>\n\u003Cp>Node.js embeds the V8 engine from Chrome. CVEs discovered in V8 affect Node.js, and the Node.js team must wait for V8 patches before releasing fixes. For EOL versions, no patch will ever come — even for V8 vulnerabilities.\u003C\u002Fp>\n\u003Cp>Track every Node.js version on the \u003Ca href=\"https:\u002F\u002Feolcanary.com\u002Fexplore\u002Fnodejs\">Node.js EOL page on EOLCanary\u003C\u002Fa>.\u003C\u002Fp>\n\u003C\u002Farticle>","\u002Fblog\u002Fnodejs-eol-history.png","EOLCanary Team","2026-06-21T08:00:00+00:00","2026-06-26T13:44:04.556818+00:00",true]