Deprecated APIs

Node.js APIs might be deprecated for any of the following reasons:

• Use of the API is unsafe.
• An improved alternative API is available.
• Breaking changes to the API are expected in a future major release.

Node.js uses four kinds of deprecations:

• Documentation-only
• Application (non-node_modules code only)
• Runtime (all code)
• End-of-Life

A Documentation-only deprecation is one that is expressed only within the Node.js API docs. These generate no side-effects while running Node.js. Some Documentation-only deprecations trigger a runtime warning when launched with --pending-deprecation flag (or its alternative, NODE_PENDING_DEPRECATION=1 environment variable), similarly to Runtime deprecations below. Documentation-only deprecations that support that flag are explicitly labeled as such in the list of Deprecated APIs.

An Application deprecation for only non-node_modules code will, by default, generate a process warning that will be printed to stderr the first time the deprecated API is used in code that's not loaded from node_modules. When the --throw-deprecation command-line flag is used, a Runtime deprecation will cause an error to be thrown. When --pending-deprecation is used, warnings will also be emitted for code loaded from node_modules.

A runtime deprecation for all code is similar to the runtime deprecation for non-node_modules code, except that it also emits a warning for code loaded from node_modules.

An End-of-Life deprecation is used when functionality is or will soon be removed from Node.js.

Revoking deprecations

Occasionally, the deprecation of an API might be reversed. In such situations, this document will be updated with information relevant to the decision. However, the deprecation identifier will not be modified.

List of deprecated APIs

DEP0001: http.OutgoingMessage.prototype.flush

Type: End-of-Life

OutgoingMessage.prototype.flush() has been removed. Use OutgoingMessage.prototype.flushHeaders() instead.

DEP0002: require('_linklist')

Type: End-of-Life

The _linklist module is deprecated. Please use a userland alternative.

DEP0003: _writableState.buffer

Type: End-of-Life

The _writableState.buffer has been removed. Use _writableState.getBuffer() instead.

DEP0004: CryptoStream.prototype.readyState

Type: End-of-Life

The CryptoStream.prototype.readyState property was removed.

DEP0005: Buffer() constructor

Type: Application (non-node_modules code only)

The Buffer() function and new Buffer() constructor are deprecated due to API usability issues that can lead to accidental security issues.

As an alternative, use one of the following methods of constructing Buffer objects:

• Buffer.alloc(size[, fill[, encoding]]): Create a Buffer with initialized memory.
• Buffer.allocUnsafe(size): Create a Buffer with uninitialized memory.
• Buffer.allocUnsafeSlow(size): Create a Buffer with uninitialized memory.
• Buffer.from(array): Create a Buffer with a copy of array
• Buffer.from(arrayBuffer[, byteOffset[, length]]) - Create a Buffer that wraps the given arrayBuffer.
• Buffer.from(buffer): Create a Buffer that copies buffer.
• Buffer.from(string[, encoding]): Create a Buffer that copies string.

Without --pending-deprecation, runtime warnings occur only for code not in node_modules. This means there will not be deprecation warnings for Buffer() usage in dependencies. With --pending-deprecation, a runtime warning results no matter where the Buffer() usage occurs.

DEP0006: child_process options.customFds

Type: End-of-Life

Within the child_process module's spawn(), fork(), and exec() methods, the options.customFds option is deprecated. The options.stdio option should be used instead.

DEP0007: Replace cluster worker.suicide with worker.exitedAfterDisconnect

Type: End-of-Life

In an earlier version of the Node.js cluster, a boolean property with the name suicide was added to the Worker object. The intent of this property was to provide an indication of how and why the Worker instance exited. In Node.js 6.0.0, the old property was deprecated and replaced with a new worker.exitedAfterDisconnect property. The old property name did not precisely describe the actual semantics and was unnecessarily emotion-laden.

DEP0008: require('node:constants')

Type: Documentation-only

The node:constants module is deprecated. When requiring access to constants relevant to specific Node.js builtin modules, developers should instead refer to the constants property exposed by the relevant module. For instance, require('node:fs').constants and require('node:os').constants.

DEP0009: crypto.pbkdf2 without digest

Type: End-of-Life

Use of the crypto.pbkdf2() API without specifying a digest was deprecated in Node.js 6.0 because the method defaulted to using the non-recommended 'SHA1' digest. Previously, a deprecation warning was printed. Starting in Node.js 8.0.0, calling crypto.pbkdf2() or crypto.pbkdf2Sync() with digest set to undefined will throw a TypeError.

Beginning in Node.js v11.0.0, calling these functions with digest set to null would print a deprecation warning to align with the behavior when digest is undefined.

Now, however, passing either undefined or null will throw a TypeError.

DEP0010: crypto.createCredentials

Type: End-of-Life

The crypto.createCredentials() API was removed. Please use tls.createSecureContext() instead.

DEP0011: crypto.Credentials

Type: End-of-Life

The crypto.Credentials class was removed. Please use tls.SecureContext instead.

DEP0012: Domain.dispose

Type: End-of-Life

Domain.dispose() has been removed. Recover from failed I/O actions explicitly via error event handlers set on the domain instead.

DEP0013: fs asynchronous function without callback

Type: End-of-Life

Calling an asynchronous function without a callback throws a TypeError in Node.js 10.0.0 onwards. See https://github.com/nodejs/node/pull/12562.

DEP0014: fs.read legacy String interface

Type: End-of-Life

The fs.read() legacy String interface is deprecated. Use the Buffer API as mentioned in the documentation instead.

DEP0015: fs.readSync legacy String interface

Type: End-of-Life

The fs.readSync() legacy String interface is deprecated. Use the Buffer API as mentioned in the documentation instead.

DEP0016: GLOBAL/root

Type: End-of-Life

The GLOBAL and root aliases for the global property were deprecated in Node.js 6.0.0 and have since been removed.

DEP0017: Intl.v8BreakIterator

Type: End-of-Life

Intl.v8BreakIterator was a non-standard extension and has been removed. See Intl.Segmenter.

DEP0018: Unhandled promise rejections

Type: End-of-Life

Unhandled promise rejections are deprecated. By default, promise rejections that are not handled terminate the Node.js process with a non-zero exit code. To change the way Node.js treats unhandled rejections, use the --unhandled-rejections command-line option.

DEP0019: require('.') resolved outside directory

Type: End-of-Life

In certain cases, require('.') could resolve outside the package directory. This behavior has been removed.

DEP0020: Server.connections

Type: End-of-Life

The Server.connections property was deprecated in Node.js v0.9.7 and has been removed. Please use the Server.getConnections() method instead.

DEP0021: Server.listenFD

Type: End-of-Life

The Server.listenFD() method was deprecated and removed. Please use Server.listen({fd: <number>}) instead.

DEP0022: os.tmpDir()

Type: End-of-Life

The os.tmpDir() API was deprecated in Node.js 7.0.0 and has since been removed. Please use os.tmpdir() instead.

DEP0023: os.getNetworkInterfaces()

Type: End-of-Life

The os.getNetworkInterfaces() method is deprecated. Please use the os.networkInterfaces() method instead.

DEP0024: REPLServer.prototype.convertToContext()

Type: End-of-Life

The REPLServer.prototype.convertToContext() API has been removed.

DEP0025: require('node:sys')

Type: Runtime

The node:sys module is deprecated. Please use the util module instead.

DEP0026: util.print()

Type: End-of-Life

util.print() has been removed. Please use console.log() instead.

DEP0027: util.puts()

Type: End-of-Life

util.puts() has been removed. Please use console.log() instead.

DEP0028: util.debug()

Type: End-of-Life

util.debug() has been removed. Please use console.error() instead.

DEP0029: util.error()

Type: End-of-Life

util.error() has been removed. Please use console.error() instead.

DEP0030: SlowBuffer

Type: Documentation-only

The SlowBuffer class is deprecated. Please use Buffer.allocUnsafeSlow(size) instead.

DEP0031: ecdh.setPublicKey()

Type: Documentation-only

The ecdh.setPublicKey() method is now deprecated as its inclusion in the API is not useful.

DEP0032: node:domain module

Type: Documentation-only

The domain module is deprecated and should not be used.

DEP0033: EventEmitter.listenerCount()

Type: Documentation-only

The events.listenerCount(emitter, eventName) API is deprecated. Please use emitter.listenerCount(eventName) instead.

DEP0034: fs.exists(path, callback)

Type: Documentation-only

The fs.exists(path, callback) API is deprecated. Please use fs.stat() or fs.access() instead.

DEP0035: fs.lchmod(path, mode, callback)

Type: Documentation-only

The fs.lchmod(path, mode, callback) API is deprecated.

DEP0036: fs.lchmodSync(path, mode)

Type: Documentation-only

The fs.lchmodSync(path, mode) API is deprecated.

DEP0037: fs.lchown(path, uid, gid, callback)

Type: Deprecation revoked

The fs.lchown(path, uid, gid, callback) API was deprecated. The deprecation was revoked because the requisite supporting APIs were added in libuv.

DEP0038: fs.lchownSync(path, uid, gid)

Type: Deprecation revoked

The fs.lchownSync(path, uid, gid) API was deprecated. The deprecation was revoked because the requisite supporting APIs were added in libuv.

DEP0039: require.extensions

Type: Documentation-only

The require.extensions property is deprecated.

DEP0040: node:punycode module

Type: Runtime

The punycode module is deprecated. Please use a userland alternative instead.

DEP0041: NODE_REPL_HISTORY_FILE environment variable

Type: End-of-Life

The NODE_REPL_HISTORY_FILE environment variable was removed. Please use NODE_REPL_HISTORY instead.

DEP0042: tls.CryptoStream

Type: End-of-Life

The tls.CryptoStream class was removed. Please use tls.TLSSocket instead.

DEP0043: tls.SecurePair

Type: Documentation-only

The tls.SecurePair class is deprecated. Please use tls.TLSSocket instead.

DEP0044: util.isArray()

Type: Runtime

The util.isArray() API is deprecated. Please use Array.isArray() instead.

DEP0045: util.isBoolean()

Type: End-of-Life

The util.isBoolean() API has been removed. Please use typeof arg === 'boolean' instead.

DEP0046: util.isBuffer()

Type: End-of-Life

The util.isBuffer() API has been removed. Please use Buffer.isBuffer() instead.

DEP0047: util.isDate()

Type: End-of-Life

The util.isDate() API has been removed. Please use arg instanceof Date instead.

DEP0048: util.isError()

Type: End-of-Life

The util.isError() API has been removed. Please use Object.prototype.toString(arg) === '[object Error]' || arg instanceof Error instead.

DEP0049: util.isFunction()

Type: End-of-Life

The util.isFunction() API has been removed. Please use typeof arg === 'function' instead.

DEP0050: util.isNull()

Type: End-of-Life

The util.isNull() API has been removed. Please use arg === null instead.

DEP0051: util.isNullOrUndefined()

Type: End-of-Life

The util.isNullOrUndefined() API has been removed. Please use arg === null || arg === undefined instead.

DEP0052: util.isNumber()

Type: End-of-Life

The util.isNumber() API has been removed. Please use typeof arg === 'number' instead.

DEP0053: util.isObject()

Type: End-of-Life

The util.isObject() API has been removed. Please use arg && typeof arg === 'object' instead.

DEP0054: util.isPrimitive()

Type: End-of-Life

The util.isPrimitive() API has been removed. Please use arg === null || (typeof arg !=='object' && typeof arg !== 'function') instead.

DEP0055: util.isRegExp()

Type: End-of-Life

The util.isRegExp() API has been removed. Please use arg instanceof RegExp instead.

DEP0056: util.isString()

Type: End-of-Life

The util.isString() API has been removed. Please use typeof arg === 'string' instead.

DEP0057: util.isSymbol()

Type: End-of-Life

The util.isSymbol() API has been removed. Please use typeof arg === 'symbol' instead.

DEP0058: util.isUndefined()

Type: End-of-Life

The util.isUndefined() API has been removed. Please use arg === undefined instead.

DEP0059: util.log()

Type: End-of-Life

The util.log() API has been removed because it's an unmaintained legacy API that was exposed to user land by accident. Instead, consider the following alternatives based on your specific needs:

• Third-Party Logging Libraries

• Use console.log(new Date().toLocaleString(), message)

By adopting one of these alternatives, you can transition away from util.log() and choose a logging strategy that aligns with the specific requirements and complexity of your application.

DEP0060: util._extend()

Type: Runtime

The util._extend() API is deprecated because it's an unmaintained legacy API that was exposed to user land by accident. Please use target = Object.assign(target, source) instead.

DEP0061: fs.SyncWriteStream

Type: End-of-Life

The fs.SyncWriteStream class was never intended to be a publicly accessible API and has been removed. No alternative API is available. Please use a userland alternative.

DEP0062: node --debug

Type: End-of-Life

--debug activates the legacy V8 debugger interface, which was removed as of V8 5.8. It is replaced by Inspector which is activated with --inspect instead.

DEP0063: ServerResponse.prototype.writeHeader()

Type: Documentation-only

The node:http module ServerResponse.prototype.writeHeader() API is deprecated. Please use ServerResponse.prototype.writeHead() instead.

The ServerResponse.prototype.writeHeader() method was never documented as an officially supported API.

DEP0064: tls.createSecurePair()

Type: Runtime

The tls.createSecurePair() API was deprecated in documentation in Node.js 0.11.3. Users should use tls.Socket instead.

DEP0065: repl.REPL_MODE_MAGIC and NODE_REPL_MODE=magic

Type: End-of-Life

The node:repl module's REPL_MODE_MAGIC constant, used for replMode option, has been removed. Its behavior has been functionally identical to that of REPL_MODE_SLOPPY since Node.js 6.0.0, when V8 5.0 was imported. Please use REPL_MODE_SLOPPY instead.

The NODE_REPL_MODE environment variable is used to set the underlying replMode of an interactive node session. Its value, magic, is also removed. Please use sloppy instead.

DEP0066: OutgoingMessage.prototype._headers, OutgoingMessage.prototype._headerNames

Type: Runtime

The node:http module OutgoingMessage.prototype._headers and OutgoingMessage.prototype._headerNames properties are deprecated. Use one of the public methods (e.g. OutgoingMessage.prototype.getHeader(), OutgoingMessage.prototype.getHeaders(), OutgoingMessage.prototype.getHeaderNames(), OutgoingMessage.prototype.getRawHeaderNames(), OutgoingMessage.prototype.hasHeader(), OutgoingMessage.prototype.removeHeader(), OutgoingMessage.prototype.setHeader()) for working with outgoing headers.

The OutgoingMessage.prototype._headers and OutgoingMessage.prototype._headerNames properties were never documented as officially supported properties.

DEP0067: OutgoingMessage.prototype._renderHeaders

Type: Documentation-only

The node:http module OutgoingMessage.prototype._renderHeaders() API is deprecated.

The OutgoingMessage.prototype._renderHeaders property was never documented as an officially supported API.

DEP0068: node debug

Type: End-of-Life

node debug corresponds to the legacy CLI debugger which has been replaced with a V8-inspector based CLI debugger available through node inspect.

DEP0069: vm.runInDebugContext(string)

Type: End-of-Life

DebugContext has been removed in V8 and is not available in Node.js 10+.

DebugContext was an experimental API.

DEP0070: async_hooks.currentId()

Type: End-of-Life

async_hooks.currentId() was renamed to async_hooks.executionAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0071: async_hooks.triggerId()

Type: End-of-Life

async_hooks.triggerId() was renamed to async_hooks.triggerAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0072: async_hooks.AsyncResource.triggerId()

Type: End-of-Life

async_hooks.AsyncResource.triggerId() was renamed to async_hooks.AsyncResource.triggerAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0073: Several internal properties of net.Server

Type: End-of-Life

Accessing several internal, undocumented properties of net.Server instances with inappropriate names is deprecated.

As the original API was undocumented and not generally useful for non-internal code, no replacement API is provided.

DEP0074: REPLServer.bufferedCommand

Type: End-of-Life

The REPLServer.bufferedCommand property was deprecated in favor of REPLServer.clearBufferedCommand().

DEP0075: REPLServer.parseREPLKeyword()

Type: End-of-Life

REPLServer.parseREPLKeyword() was removed from userland visibility.

DEP0076: tls.parseCertString()

Type: End-of-Life

tls.parseCertString() was a trivial parsing helper that was made public by mistake. While it was supposed to parse certificate subject and issuer strings, it never handled multi-value Relative Distinguished Names correctly.

Earlier versions of this document suggested using querystring.parse() as an alternative to tls.parseCertString(). However, querystring.parse() also does not handle all certificate subjects correctly and should not be used.

DEP0077: Module._debug()

Type: Runtime

Module._debug() is deprecated.

The Module._debug() function was never documented as an officially supported API.

DEP0078: REPLServer.turnOffEditorMode()

Type: End-of-Life

REPLServer.turnOffEditorMode() was removed from userland visibility.

DEP0079: Custom inspection function on objects via .inspect()

Type: End-of-Life

Using a property named inspect on an object to specify a custom inspection function for util.inspect() is deprecated. Use util.inspect.custom instead. For backward compatibility with Node.js prior to version 6.4.0, both can be specified.

DEP0080: path._makeLong()

Type: Documentation-only

The internal path._makeLong() was not intended for public use. However, userland modules have found it useful. The internal API is deprecated and replaced with an identical, public path.toNamespacedPath() method.

DEP0081: fs.truncate() using a file descriptor

Type: Runtime

fs.truncate() fs.truncateSync() usage with a file descriptor is deprecated. Please use fs.ftruncate() or fs.ftruncateSync() to work with file descriptors.

DEP0082: REPLServer.prototype.memory()

Type: End-of-Life

REPLServer.prototype.memory() is only necessary for the internal mechanics of the REPLServer itself. Do not use this function.

DEP0083: Disabling ECDH by setting ecdhCurve to false

Type: End-of-Life.

The ecdhCurve option to tls.createSecureContext() and tls.TLSSocket could be set to false to disable ECDH entirely on the server only. This mode was deprecated in preparation for migrating to OpenSSL 1.1.0 and consistency with the client and is now unsupported. Use the ciphers parameter instead.

DEP0084: requiring bundled internal dependencies

Type: End-of-Life

Since Node.js versions 4.4.0 and 5.2.0, several modules only intended for internal usage were mistakenly exposed to user code through require(). These modules were:

• v8/tools/codemap
• v8/tools/consarray
• v8/tools/csvparser
• v8/tools/logreader
• v8/tools/profile_view
• v8/tools/profile
• v8/tools/SourceMap
• v8/tools/splaytree
• v8/tools/tickprocessor-driver
• v8/tools/tickprocessor
• node-inspect/lib/_inspect (from 7.6.0)
• node-inspect/lib/internal/inspect_client (from 7.6.0)
• node-inspect/lib/internal/inspect_repl (from 7.6.0)

The v8/* modules do not have any exports, and if not imported in a specific order would in fact throw errors. As such there are virtually no legitimate use cases for importing them through require().

On the other hand, node-inspect can be installed locally through a package manager, as it is published on the npm registry under the same name. No source code modification is necessary if that is done.

DEP0085: AsyncHooks sensitive API

Type: End-of-Life

The AsyncHooks sensitive API was never documented and had various minor issues. Use the AsyncResource API instead. See https://github.com/nodejs/node/issues/15572.

DEP0086: Remove runInAsyncIdScope

Type: End-of-Life

runInAsyncIdScope doesn't emit the 'before' or 'after' event and can thus cause a lot of issues. See https://github.com/nodejs/node/issues/14328.

DEP0089: require('node:assert')

Type: Deprecation revoked

Importing assert directly was not recommended as the exposed functions use loose equality checks. The deprecation was revoked because use of the node:assert module is not discouraged, and the deprecation caused developer confusion.

DEP0090: Invalid GCM authentication tag lengths

Type: End-of-Life

Node.js used to support all GCM authentication tag lengths which are accepted by OpenSSL when calling decipher.setAuthTag(). Beginning with Node.js v11.0.0, only authentication tag lengths of 128, 120, 112, 104, 96, 64, and 32 bits are allowed. Authentication tags of other lengths are invalid per NIST SP 800-38D.

DEP0091: crypto.DEFAULT_ENCODING

Type: End-of-Life

The crypto.DEFAULT_ENCODING property only existed for compatibility with Node.js releases prior to versions 0.9.3 and has been removed.

DEP0092: Top-level this bound to module.exports

Type: Documentation-only

Assigning properties to the top-level this as an alternative to module.exports is deprecated. Developers should use exports or module.exports instead.

DEP0093: crypto.fips is deprecated and replaced

Type: Documentation-only

The crypto.fips property is deprecated. Please use crypto.setFips() and crypto.getFips() instead.

DEP0094: Using assert.fail() with more than one argument

Type: Runtime

Using assert.fail() with more than one argument is deprecated. Use assert.fail() with only one argument or use a different node:assert module method.

DEP0095: timers.enroll()

Type: Runtime

timers.enroll() is deprecated. Please use the publicly documented setTimeout() or setInterval() instead.

DEP0096: timers.unenroll()

Type: Runtime

timers.unenroll() is deprecated. Please use the publicly documented clearTimeout() or clearInterval() instead.

DEP0097: MakeCallback with domain property

Type: Runtime

Users of MakeCallback that add the domain property to carry context, should start using the async_context variant of MakeCallback or CallbackScope, or the high-level AsyncResource class.

DEP0098: AsyncHooks embedder AsyncResource.emitBefore and AsyncResource.emitAfter APIs

Type: End-of-Life

The embedded API provided by AsyncHooks exposes .emitBefore() and .emitAfter() methods which are very easy to use incorrectly which can lead to unrecoverable errors.

Use asyncResource.runInAsyncScope() API instead which provides a much safer, and more convenient, alternative. See https://github.com/nodejs/node/pull/18513.

DEP0099: Async context-unaware node::MakeCallback C++ APIs

Type: Compile-time

Certain versions of node::MakeCallback APIs available to native addons are deprecated. Please use the versions of the API that accept an async_context parameter.

DEP0100: process.assert()

Type: End-of-Life

process.assert() is deprecated. Please use the assert module instead.

This was never a documented feature.

DEP0101: --with-lttng

Type: End-of-Life

The --with-lttng compile-time option has been removed.

DEP0102: Using noAssert in Buffer#(read|write) operations

Type: End-of-Life

Using the noAssert argument has no functionality anymore. All input is verified regardless of the value of noAssert. Skipping the verification could lead to hard-to-find errors and crashes.

DEP0103: process.binding('util').is[...] typechecks

Type: Documentation-only (supports --pending-deprecation)

Using process.binding() in general should be avoided. The type checking methods in particular can be replaced by using util.types.

This deprecation has been superseded by the deprecation of the process.binding() API (DEP0111).

DEP0104: process.env string coercion

Type: Documentation-only (supports --pending-deprecation)

When assigning a non-string property to process.env, the assigned value is implicitly converted to a string. This behavior is deprecated if the assigned value is not a string, boolean, or number. In the future, such assignment might result in a thrown error. Please convert the property to a string before assigning it to process.env.

DEP0105: decipher.finaltol

Type: End-of-Life

decipher.finaltol() has never been documented and was an alias for decipher.final(). This API has been removed, and it is recommended to use decipher.final() instead.

DEP0106: crypto.createCipher and crypto.createDecipher

Type: End-of-Life

crypto.createCipher() and crypto.createDecipher() have been removed as they use a weak key derivation function (MD5 with no salt) and static initialization vectors. It is recommended to derive a key using crypto.pbkdf2() or crypto.scrypt() with random salts and to use crypto.createCipheriv() and crypto.createDecipheriv() to obtain the Cipher and Decipher objects respectively.

DEP0107: tls.convertNPNProtocols()

Type: End-of-Life

This was an undocumented helper function not intended for use outside Node.js core and obsoleted by the removal of NPN (Next Protocol Negotiation) support.

DEP0108: zlib.bytesRead

Type: Runtime

Deprecated alias for zlib.bytesWritten. This original name was chosen because it also made sense to interpret the value as the number of bytes read by the engine, but is inconsistent with other streams in Node.js that expose values under these names.

DEP0109: http, https, and tls support for invalid URLs

Type: End-of-Life

Some previously supported (but strictly invalid) URLs were accepted through the http.request(), http.get(), https.request(), https.get(), and tls.checkServerIdentity() APIs because those were accepted by the legacy url.parse() API. The mentioned APIs now use the WHATWG URL parser that requires strictly valid URLs. Passing an invalid URL is deprecated and support will be removed in the future.

DEP0110: vm.Script cached data

Type: Documentation-only

The produceCachedData option is deprecated. Use script.createCachedData() instead.

DEP0111: process.binding()

Type: Documentation-only (supports --pending-deprecation)

process.binding() is for use by Node.js internal code only.

While process.binding() has not reached End-of-Life status in general, it is unavailable when the permission model is enabled.

DEP0112: dgram private APIs

Type: Runtime

The node:dgram module previously contained several APIs that were never meant to accessed outside of Node.js core: Socket.prototype._handle, Socket.prototype._receiving, Socket.prototype._bindState, Socket.prototype._queue, Socket.prototype._reuseAddr, Socket.prototype._healthCheck(), Socket.prototype._stopReceiving(), and dgram._createSocketHandle().

DEP0113: Cipher.setAuthTag(), Decipher.getAuthTag()

Type: End-of-Life

Cipher.setAuthTag() and Decipher.getAuthTag() are no longer available. They were never documented and would throw when called.

DEP0114: crypto._toBuf()

Type: End-of-Life

The crypto._toBuf() function was not designed to be used by modules outside of Node.js core and was removed.

DEP0115: crypto.prng(), crypto.pseudoRandomBytes(), crypto.rng()

Type: Documentation-only (supports --pending-deprecation)

In recent versions of Node.js, there is no difference between crypto.randomBytes() and crypto.pseudoRandomBytes(). The latter is deprecated along with the undocumented aliases crypto.prng() and crypto.rng() in favor of crypto.randomBytes() and might be removed in a future release.

DEP0116: Legacy URL API

Type: Deprecation revoked

The legacy URL API is deprecated. This includes url.format(), url.parse(), url.resolve(), and the legacy urlObject. Please use the WHATWG URL API instead.

DEP0117: Native crypto handles

Type: End-of-Life

Previous versions of Node.js exposed handles to internal native objects through the _handle property of the Cipher, Decipher, DiffieHellman, DiffieHellmanGroup, ECDH, Hash, Hmac, Sign, and Verify classes. The _handle property has been removed because improper use of the native object can lead to crashing the application.

DEP0118: dns.lookup() support for a falsy host name

Type: Runtime

Previous versions of Node.js supported dns.lookup() with a falsy host name like dns.lookup(false) due to backward compatibility. This behavior is undocumented and is thought to be unused in real world apps. It will become an error in future versions of Node.js.

DEP0119: process.binding('uv').errname() private API

Type: Documentation-only (supports --pending-deprecation)

process.binding('uv').errname() is deprecated. Please use util.getSystemErrorName() instead.

DEP0120: Windows Performance Counter support

Type: End-of-Life

Windows Performance Counter support has been removed from Node.js. The undocumented COUNTER_NET_SERVER_CONNECTION(), COUNTER_NET_SERVER_CONNECTION_CLOSE(), COUNTER_HTTP_SERVER_REQUEST(), COUNTER_HTTP_SERVER_RESPONSE(), COUNTER_HTTP_CLIENT_REQUEST(), and COUNTER_HTTP_CLIENT_RESPONSE() functions have been deprecated.

DEP0121: net._setSimultaneousAccepts()

Type: Runtime

The undocumented net._setSimultaneousAccepts() function was originally intended for debugging and performance tuning when using the node:child_process and node:cluster modules on Windows. The function is not generally useful and is being removed. See discussion here: https://github.com/nodejs/node/issues/18391

DEP0122: tls Server.prototype.setOptions()

Type: Runtime

Please use Server.prototype.setSecureContext() instead.

DEP0123: setting the TLS ServerName to an IP address

Type: Runtime

Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.

DEP0124: using REPLServer.rli

Type: End-of-Life

This property is a reference to the instance itself.

DEP0125: require('node:_stream_wrap')

Type: Runtime

The node:_stream_wrap module is deprecated.

DEP0126: timers.active()

Type: Runtime

The previously undocumented timers.active() is deprecated. Please use the publicly documented timeout.refresh() instead. If re-referencing the timeout is necessary, timeout.ref() can be used with no performance impact since Node.js 10.

DEP0127: timers._unrefActive()

Type: Runtime

The previously undocumented and "private" timers._unrefActive() is deprecated. Please use the publicly documented timeout.refresh() instead. If unreferencing the timeout is necessary, timeout.unref() can be used with no performance impact since Node.js 10.

DEP0128: modules with an invalid main entry and an index.js file

Type: Runtime

Modules that have an invalid main entry (e.g., ./does-not-exist.js) and also have an index.js file in the top level directory will resolve the index.js file. That is deprecated and is going to throw an error in future Node.js versions.

DEP0129: ChildProcess._channel

Type: Runtime

The _channel property of child process objects returned by spawn() and similar functions is not intended for public use. Use ChildProcess.channel instead.

DEP0130: Module.createRequireFromPath()

Type: End-of-Life

Use module.createRequire() instead.

DEP0131: Legacy HTTP parser

Type: End-of-Life

The legacy HTTP parser, used by default in versions of Node.js prior to 12.0.0, is deprecated and has been removed in v13.0.0. Prior to v13.0.0, the --http-parser=legacy command-line flag could be used to revert to using the legacy parser.

DEP0132: worker.terminate() with callback

Type: Runtime

Passing a callback to worker.terminate() is deprecated. Use the returned Promise instead, or a listener to the worker's 'exit' event.

DEP0133: http connection

Type: Documentation-only

Prefer response.socket over response.connection and request.socket over request.connection.

DEP0134: process._tickCallback

Type: Documentation-only (supports --pending-deprecation)

The process._tickCallback property was never documented as an officially supported API.

DEP0135: WriteStream.open() and ReadStream.open() are internal

Type: Runtime

WriteStream.open() and ReadStream.open() are undocumented internal APIs that do not make sense to use in userland. File streams should always be opened through their corresponding factory methods fs.createWriteStream() and fs.createReadStream()) or by passing a file descriptor in options.

DEP0136: http finished

Type: Documentation-only

response.finished indicates whether response.end() has been called, not whether 'finish' has been emitted and the underlying data is flushed.

Use response.writableFinished or response.writableEnded accordingly instead to avoid the ambiguity.

To maintain existing behavior response.finished should be replaced with response.writableEnded.

DEP0137: Closing fs.FileHandle on garbage collection

Type: Runtime

Allowing a fs.FileHandle object to be closed on garbage collection is deprecated. In the future, doing so might result in a thrown error that will terminate the process.

Please ensure that all fs.FileHandle objects are explicitly closed using FileHandle.prototype.close() when the fs.FileHandle is no longer needed:

const fsPromises = require('node:fs').promises;
async function openAndClose() {
  let filehandle;
  try {
    filehandle = await fsPromises.open('thefile.txt', 'r');
  } finally {
    if (filehandle !== undefined)
      await filehandle.close();
  }
}

DEP0138: process.mainModule

Type: Documentation-only

process.mainModule is a CommonJS-only feature while process global object is shared with non-CommonJS environment. Its use within ECMAScript modules is unsupported.

It is deprecated in favor of require.main, because it serves the same purpose and is only available on CommonJS environment.

DEP0139: process.umask() with no arguments

Type: Documentation-only

Calling process.umask() with no argument causes the process-wide umask to be written twice. This introduces a race condition between threads, and is a potential security vulnerability. There is no safe, cross-platform alternative API.

DEP0140: Use request.destroy() instead of request.abort()

Type: Documentation-only

Use request.destroy() instead of request.abort().

DEP0141: repl.inputStream and repl.outputStream

Type: Documentation-only (supports --pending-deprecation)

The node:repl module exported the input and output stream twice. Use .input instead of .inputStream and .output instead of .outputStream.

DEP0142: repl._builtinLibs

Type: Documentation-only

The node:repl module exports a _builtinLibs property that contains an array of built-in modules. It was incomplete so far and instead it's better to rely upon require('node:module').builtinModules.

DEP0143: Transform._transformState

Type: Runtime Transform._transformState will be removed in future versions where it is no longer required due to simplification of the implementation.

DEP0144: module.parent

Type: Documentation-only (supports --pending-deprecation)

A CommonJS module can access the first module that required it using module.parent. This feature is deprecated because it does not work consistently in the presence of ECMAScript modules and because it gives an inaccurate representation of the CommonJS module graph.

Some modules use it to check if they are the entry point of the current process. Instead, it is recommended to compare require.main and module:

if (require.main === module) {
  // Code section that will run only if current file is the entry point.
}

When looking for the CommonJS modules that have required the current one, require.cache and module.children can be used:

const moduleParents = Object.values(require.cache)
  .filter((m) => m.children.includes(module));

DEP0145: socket.bufferSize

Type: Documentation-only

socket.bufferSize is just an alias for writable.writableLength.

DEP0146: new crypto.Certificate()

Type: Documentation-only

The crypto.Certificate() constructor is deprecated. Use static methods of crypto.Certificate() instead.

DEP0147: fs.rmdir(path, { recursive: true })

Type: Runtime

In future versions of Node.js, recursive option will be ignored for fs.rmdir, fs.rmdirSync, and fs.promises.rmdir.

Use fs.rm(path, { recursive: true, force: true }), fs.rmSync(path, { recursive: true, force: true }) or fs.promises.rm(path, { recursive: true, force: true }) instead.

DEP0148: Folder mappings in "exports" (trailing "/")

Type: Runtime

Using a trailing "/" to define subpath folder mappings in the subpath exports or subpath imports fields is deprecated. Use subpath patterns instead.

DEP0149: http.IncomingMessage#connection

Type: Documentation-only.

Prefer message.socket over message.connection.

DEP0150: Changing the value of process.config

Type: End-of-Life

The process.config property provides access to Node.js compile-time settings. However, the property is mutable and therefore subject to tampering. The ability to change the value will be removed in a future version of Node.js.

DEP0151: Main index lookup and extension searching

Type: Runtime

Previously, index.js and extension searching lookups would apply to import 'pkg' main entry point resolution, even when resolving ES modules.

With this deprecation, all ES module main entry point resolutions require an explicit "exports" or "main" entry with the exact file extension.

DEP0152: Extension PerformanceEntry properties

Type: Runtime

The 'gc', 'http2', and 'http' {PerformanceEntry} object types have additional properties assigned to them that provide additional information. These properties are now available within the standard detail property of the PerformanceEntry object. The existing accessors have been deprecated and should no longer be used.

DEP0153: dns.lookup and dnsPromises.lookup options type coercion

Type: End-of-Life

Using a non-nullish non-integer value for family option, a non-nullish non-number value for hints option, a non-nullish non-boolean value for all option, or a non-nullish non-boolean value for verbatim option in dns.lookup() and dnsPromises.lookup() throws an ERR_INVALID_ARG_TYPE error.

DEP0154: RSA-PSS generate key pair options

Type: Runtime

The 'hash' and 'mgf1Hash' options are replaced with 'hashAlgorithm' and 'mgf1HashAlgorithm'.

DEP0155: Trailing slashes in pattern specifier resolutions

Type: Runtime

The remapping of specifiers ending in "/" like import 'pkg/x/' is deprecated for package "exports" and "imports" pattern resolutions.

DEP0156: .aborted property and 'abort', 'aborted' event in http

Type: Documentation-only

Move to {Stream} API instead, as the http.ClientRequest, http.ServerResponse, and http.IncomingMessage are all stream-based. Check stream.destroyed instead of the .aborted property, and listen for 'close' instead of 'abort', 'aborted' event.

The .aborted property and 'abort' event are only useful for detecting .abort() calls. For closing a request early, use the Stream .destroy([error]) then check the .destroyed property and 'close' event should have the same effect. The receiving end should also check the readable.readableEnded value on http.IncomingMessage to get whether it was an aborted or graceful destroy.

DEP0157: Thenable support in streams

Type: End-of-Life

An undocumented feature of Node.js streams was to support thenables in implementation methods. This is now deprecated, use callbacks instead and avoid use of async function for streams implementation methods.

This feature caused users to encounter unexpected problems where the user implements the function in callback style but uses e.g. an async method which would cause an error since mixing promise and callback semantics is not valid.

const w = new Writable({
  async final(callback) {
    await someOp();
    callback();
  },
});

DEP0158: buffer.slice(start, end)

Type: Documentation-only

This method was deprecated because it is not compatible with Uint8Array.prototype.slice(), which is a superclass of Buffer.

Use buffer.subarray which does the same thing instead.

DEP0159: ERR_INVALID_CALLBACK

Type: End-of-Life

This error code was removed due to adding more confusion to the errors used for value type validation.

DEP0160: process.on('multipleResolves', handler)

Type: Runtime.

This event was deprecated because it did not work with V8 promise combinators which diminished its usefulness.

DEP0161: process._getActiveRequests() and process._getActiveHandles()

Type: Documentation-only

The process._getActiveHandles() and process._getActiveRequests() functions are not intended for public use and can be removed in future releases.

Use process.getActiveResourcesInfo() to get a list of types of active resources and not the actual references.

DEP0162: fs.write(), fs.writeFileSync() coercion to string

Type: End-of-Life

Implicit coercion of objects with own toString property, passed as second parameter in fs.write(), fs.writeFile(), fs.appendFile(), fs.writeFileSync(), and fs.appendFileSync() is deprecated. Convert them to primitive strings.

DEP0163: channel.subscribe(onMessage), channel.unsubscribe(onMessage)

Type: Documentation-only

These methods were deprecated because they can be used in a way which does not hold the channel reference alive long enough to receive the events.

Use diagnostics_channel.subscribe(name, onMessage) or diagnostics_channel.unsubscribe(name, onMessage) which does the same thing instead.

DEP0164: process.exit(code), process.exitCode coercion to integer

Type: End-of-Life

Values other than undefined, null, integer numbers, and integer strings (e.g., '1') are deprecated as value for the code parameter in process.exit() and as value to assign to process.exitCode.

DEP0165: --trace-atomics-wait

Type: End-of-Life

The --trace-atomics-wait flag has been removed because it uses the V8 hook SetAtomicsWaitCallback, that will be removed in a future V8 release.

DEP0166: Double slashes in imports and exports targets

Type: Runtime

Package imports and exports targets mapping into paths including a double slash (of "/" or "\") are deprecated and will fail with a resolution validation error in a future release. This same deprecation also applies to pattern matches starting or ending in a slash.

DEP0167: Weak DiffieHellmanGroup instances (modp1, modp2, modp5)

Type: Documentation-only

The well-known MODP groups modp1, modp2, and modp5 are deprecated because they are not secure against practical attacks. See RFC 8247 Section 2.4 for details.

These groups might be removed in future versions of Node.js. Applications that rely on these groups should evaluate using stronger MODP groups instead.

DEP0168: Unhandled exception in Node-API callbacks

Type: Runtime

The implicit suppression of uncaught exceptions in Node-API callbacks is now deprecated.

Set the flag --force-node-api-uncaught-exceptions-policy to force Node.js to emit an 'uncaughtException' event if the exception is not handled in Node-API callbacks.

DEP0169: Insecure url.parse()

Type: Documentation-only (supports --pending-deprecation)

url.parse() behavior is not standardized and prone to errors that have security implications. Use the WHATWG URL API instead. CVEs are not issued for url.parse() vulnerabilities.

DEP0170: Invalid port when using url.parse()

Type: Runtime

url.parse() accepts URLs with ports that are not numbers. This behavior might result in host name spoofing with unexpected input. These URLs will throw an error in future versions of Node.js, as the WHATWG URL API does already.

DEP0171: Setters for http.IncomingMessage headers and trailers

Type: Documentation-only

In a future version of Node.js, message.headers, message.headersDistinct, message.trailers, and message.trailersDistinct will be read-only.

DEP0172: The asyncResource property of AsyncResource bound functions

Type: Runtime

In a future version of Node.js, the asyncResource property will no longer be added when a function is bound to an AsyncResource.

DEP0173: the assert.CallTracker class

Type: Documentation-only

In a future version of Node.js, assert.CallTracker, will be removed. Consider using alternatives such as the mock helper function.

DEP0174: calling promisify on a function that returns a Promise

Type: Runtime

Calling util.promisify on a function that returns a will ignore the result of said promise, which can lead to unhandled promise rejections.

DEP0175: util.toUSVString

Type: Documentation-only

The util.toUSVString() API is deprecated. Please use String.prototype.toWellFormed instead.

DEP0176: fs.F_OK, fs.R_OK, fs.W_OK, fs.X_OK

Type: Documentation-only

F_OK, R_OK, W_OK and X_OK getters exposed directly on node:fs are deprecated. Get them from fs.constants or fs.promises.constants instead.

DEP0177: util.types.isWebAssemblyCompiledModule

Type: End-of-Life

The util.types.isWebAssemblyCompiledModule API has been removed. Please use value instanceof WebAssembly.Module instead.

DEP0178: dirent.path

Type: Runtime

The dirent.path is deprecated due to its lack of consistency across release lines. Please use dirent.parentPath instead.

DEP0179: Hash constructor

Type: Runtime

Calling Hash class directly with Hash() or new Hash() is deprecated due to being internals, not intended for public use. Please use the crypto.createHash() method to create Hash instances.

DEP0180: fs.Stats constructor

Type: Runtime

Calling fs.Stats class directly with Stats() or new Stats() is deprecated due to being internals, not intended for public use.

DEP0181: Hmac constructor

Type: Runtime

Calling Hmac class directly with Hmac() or new Hmac() is deprecated due to being internals, not intended for public use. Please use the crypto.createHmac() method to create Hmac instances.

DEP0182: Short GCM authentication tags without explicit authTagLength

Type: Runtime

Applications that intend to use authentication tags that are shorter than the default authentication tag length must set the authTagLength option of the crypto.createDecipheriv() function to the appropriate length.

For ciphers in GCM mode, the decipher.setAuthTag() function accepts authentication tags of any valid length (see DEP0090). This behavior is deprecated to better align with recommendations per NIST SP 800-38D.

DEP0183: OpenSSL engine-based APIs

Type: Documentation-only

OpenSSL 3 has deprecated support for custom engines with a recommendation to switch to its new provider model. The clientCertEngine option for https.request(), tls.createSecureContext(), and tls.createServer(); the privateKeyEngine and privateKeyIdentifier for tls.createSecureContext(); and crypto.setEngine() all depend on this functionality from OpenSSL.

DEP0184: Instantiating node:zlib classes without new

Type: Documentation-only

Instantiating classes without the new qualifier exported by the node:zlib module is deprecated. It is recommended to use the new qualifier instead. This applies to all Zlib classes, such as Deflate, DeflateRaw, Gunzip, Inflate, InflateRaw, Unzip, and Zlib.

DEP0185: Instantiating node:repl classes without new

Type: Documentation-only

Instantiating classes without the new qualifier exported by the node:repl module is deprecated. It is recommended to use the new qualifier instead. This applies to all REPL classes, including REPLServer and Recoverable.