The new permission model was designed to provide better security. It allows developers to restrict access to certain resources during program execution. This can include restricting access to the file system and spawn process and restricting the ability to create worker_threads.
According to the feature roadmap, upcoming additions to the permission model will include adoption on package managers, support for path.resolve in C++, support for kFileSystem as a THROW_IF_INSUFFICIENT_PERMISSIONS argument, and the ability to read permissions from a configuration file.
Another big change in this release is that the V8 engine has been updated to version 11.3, which brings with it five new features: String.prototype.isWellFormed and toWellFormed, methods that change Array and TypedArray, resizable ArrayBuffer and growable SharedArrayBuffer, RegExp v flag with set notation and properties of strings, and WebAssembly Tail Call.
“With the addition of the experimental Permission Model and updates to V8, Node.js 20 is perfect for testing and assessing how Node.js will fit into your development environment. We have made excellent progress making Node.js more secure and performant over the past year,” said Rafael Gonzaga, Node.js TSC Member. “Many thanks to our broad and energetic community of open source contributors for constantly improving Node.js.”
Also in Node.js 20 are Single Executable Apps, which allow Node.js apps to be distributed without the language having to be installed. Currently, it is in use by the Electron project and Microsoft is also experimenting with it as a way to reduce vector attacks.
Another update is that test runner, which can be used to create JavaScript tests, is now stable.
Node.js 20 will enter Long-Term Support in October, making it ready for full production deployments.
“From security to testing to portability, Node.js has made important gains in the past year and Node.js 20 shows it. If you’re already using Node.js, Node.js 20 is a great way to get a close-up look at new features before LTS comes out,” said Robin Ginn, executive director of the OpenJS Foundation. “Thank you to our open source contributors from around the world. Node.js 20 is a great example of open source making a difference.”