Node.js v13.1.0 Documentation

Table of Contents

About this Documentation#

Welcome to the official API reference documentation for Node.js!

Node.js is a JavaScript runtime built on the V8 JavaScript engine.

Contributing#

Report errors in this documentation in the issue tracker. See the contributing guide for directions on how to submit pull requests.

Stability Index#

Throughout the documentation are indications of a section's stability. Some APIs are so proven and so relied upon that they are unlikely to ever change at all. Others are brand new and experimental, or known to be hazardous.

The stability indices are as follows:

Stability: 0 - Deprecated. The feature may emit warnings. Backward compatibility is not guaranteed.

Stability: 1 - Experimental. The feature is not subject to Semantic Versioning rules. Non-backward compatible changes or removal may occur in any future release. Use of the feature is not recommended in production environments.

Stability: 2 - Stable. Compatibility with the npm ecosystem is a high priority.

Use caution when making use of Experimental features, particularly within modules. End users may not be aware that experimental features are being used. Bugs or behavior changes may surprise end users when Experimental API modifications occur. To avoid surprises, use of an Experimental feature may need a command-line flag. Experimental features may also emit a warning.

JSON Output#

Added in: v0.6.12

Every .html document has a corresponding .json document. This is for IDEs and other utilities that consume the documentation.

System calls and man pages#

Node.js functions which wrap a system call will document that. The docs link to the corresponding man pages which describe how the system call works.

Most Unix system calls have Windows analogues. Still, behavior differences may be unavoidable.

Usage & Example#

Usage#

node [options] [V8 options] [script.js | -e "script" | - ] [arguments]

Please see the Command Line Options document for more information.

Example#

An example of a web server written with Node.js which responds with 'Hello, World!':

Commands in this document start with $ or > to replicate how they would appear in a user's terminal. Do not include the $ and > characters. They are there to show the start of each command.

Lines that don’t start with $ or > character show the output of the previous command.

First, make sure to have downloaded and installed Node.js. See this guide for further install information.

Now, create an empty project folder called projects, then navigate into it.

Linux and Mac:

$ mkdir ~/projects
$ cd ~/projects

Windows CMD:

> mkdir %USERPROFILE%\projects
> cd %USERPROFILE%\projects

Windows PowerShell:

> mkdir $env:USERPROFILE\projects
> cd $env:USERPROFILE\projects

Next, create a new source file in the projects folder and call it hello-world.js.

Open hello-world.js in any preferred text editor and paste in the following content:

const http = require('http');

const hostname = '127.0.0.1';
const port = 3000;

const server = http.createServer((req, res) => {
  res.statusCode = 200;
  res.setHeader('Content-Type', 'text/plain');
  res.end('Hello, World!\n');
});

server.listen(port, hostname, () => {
  console.log(`Server running at http://${hostname}:${port}/`);
});

Save the file, go back to the terminal window, and enter the following command:

$ node hello-world.js

Output like this should appear in the terminal:

Server running at http://127.0.0.1:3000/

Now, open any preferred web browser and visit http://127.0.0.1:3000.

If the browser displays the string Hello, World!, that indicates the server is working.

Assert#

Stability: 2 - Stable

The assert module provides a set of assertion functions for verifying invariants. The module provides a recommended strict mode and a more lenient legacy mode.

Class: assert.AssertionError[src]#

Indicates the failure of an assertion. All errors thrown by the assert module will be instances of the AssertionError class.

new assert.AssertionError(options)#

Added in: v0.1.21

  • options <Object>

    • message <string> If provided, the error message is set to this value.
    • actual <any> The actual property on the error instance.
    • expected <any> The expected property on the error instance.
    • operator <string> The operator property on the error instance.
    • stackStartFn <Function> If provided, the generated stack trace omits frames before this function.

A subclass of Error that indicates the failure of an assertion.

All instances contain the built-in Error properties (message and name) and:

  • actual <any> Set to the actual argument for methods such as assert.strictEqual().
  • expected <any> Set to the expected value for methods such as assert.strictEqual().
  • generatedMessage <boolean> Indicates if the message was auto-generated (true) or not.
  • code <string> Value is always ERR_ASSERTION to show that the error is an assertion error.
  • operator <string> Set to the passed in operator value.
const assert = require('assert');

// Generate an AssertionError to compare the error message later:
const { message } = new assert.AssertionError({
  actual: 1,
  expected: 2,
  operator: 'strictEqual'
});

// Verify error output:
try {
  assert.strictEqual(1, 2);
} catch (err) {
  assert(err instanceof assert.AssertionError);
  assert.strictEqual(err.message, message);
  assert.strictEqual(err.name, 'AssertionError');
  assert.strictEqual(err.actual, 1);
  assert.strictEqual(err.expected, 2);
  assert.strictEqual(err.code, 'ERR_ASSERTION');
  assert.strictEqual(err.operator, 'strictEqual');
  assert.strictEqual(err.generatedMessage, true);
}

Strict mode#

History
VersionChanges
v9.9.0

Added error diffs to the strict mode

v9.9.0

Added strict mode to the assert module.

v9.9.0

Added in: v9.9.0

In strict mode, assert functions use the comparison in the corresponding strict functions. For example, assert.deepEqual() will behave like assert.deepStrictEqual().

In strict mode, error messages for objects display a diff. In legacy mode, error messages for objects display the objects, often truncated.

To use strict mode:

const assert = require('assert').strict;

Example error diff:

const assert = require('assert').strict;

assert.deepEqual([[[1, 2, 3]], 4, 5], [[[1, 2, '3']], 4, 5]);
// AssertionError: Expected inputs to be strictly deep-equal:
// + actual - expected ... Lines skipped
//
//   [
//     [
// ...
//       2,
// +     3
// -     '3'
//     ],
// ...
//     5
//   ]

To deactivate the colors, use the NODE_DISABLE_COLORS environment variable. This will also deactivate the colors in the REPL.

Legacy mode#

Legacy mode uses the Abstract Equality Comparison in:

To use legacy mode:

const assert = require('assert');

Whenever possible, use the strict mode instead. Otherwise, the Abstract Equality Comparison may cause surprising results. This is especially true for assert.deepEqual(), where the comparison rules are lax:

// WARNING: This does not throw an AssertionError!
assert.deepEqual(/a/gi, new Date());

assert(value[, message])[src]#

Added in: v0.5.9

An alias of assert.ok().

assert.deepEqual(actual, expected[, message])[src]#

History
VersionChanges
v12.0.0

The type tags are now properly compared and there are a couple minor comparison adjustments to make the check less surprising.

v9.0.0

The Error names and messages are now properly compared

v8.0.0

The Set and Map content is also compared

v6.4.0, v4.7.1

Typed array slices are handled correctly now.

v6.1.0, v4.5.0

Objects with circular references can be used as inputs now.

v5.10.1, v4.4.3

Handle non-Uint8Array typed arrays correctly.

v0.1.21

Added in: v0.1.21

Strict mode

An alias of assert.deepStrictEqual().

Legacy mode

Stability: 0 - Deprecated: Use assert.deepStrictEqual() instead.

Tests for deep equality between the actual and expected parameters. Consider using assert.deepStrictEqual() instead. assert.deepEqual() can have potentially surprising results.

"Deep" equality means that the enumerable "own" properties of child objects are also recursively evaluated by the following rules.

Comparison details#

  • Primitive values are compared with the Abstract Equality Comparison ( == ).
  • Type tags of objects should be the same.
  • Only enumerable "own" properties are considered.
  • Error names and messages are always compared, even if these are not enumerable properties.
  • Object wrappers are compared both as objects and unwrapped values.
  • Object properties are compared unordered.
  • Map keys and Set items are compared unordered.
  • Recursion stops when both sides differ or both sides encounter a circular reference.
  • Implementation does not test the [[Prototype]] of objects.
  • Symbol properties are not compared.
  • WeakMap and WeakSet comparison does not rely on their values.

The following example does not throw an AssertionError because the primitives are considered equal by the Abstract Equality Comparison ( == ).

// WARNING: This does not throw an AssertionError!
assert.deepEqual('+00000000', false);

"Deep" equality means that the enumerable "own" properties of child objects are evaluated also:

const assert = require('assert');

const obj1 = {
  a: {
    b: 1
  }
};
const obj2 = {
  a: {
    b: 2
  }
};
const obj3 = {
  a: {
    b: 1
  }
};
const obj4 = Object.create(obj1);

assert.deepEqual(obj1, obj1);
// OK

// Values of b are different:
assert.deepEqual(obj1, obj2);
// AssertionError: { a: { b: 1 } } deepEqual { a: { b: 2 } }

assert.deepEqual(obj1, obj3);
// OK

// Prototypes are ignored:
assert.deepEqual(obj1, obj4);
// AssertionError: { a: { b: 1 } } deepEqual {}

If the values are not equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.deepStrictEqual(actual, expected[, message])[src]#

History
VersionChanges
v9.0.0

Enumerable symbol properties are now compared.

v9.0.0

The NaN is now compared using the SameValueZero comparison.

v8.5.0

The Error names and messages are now properly compared

v8.0.0

The Set and Map content is also compared

v6.4.0, v4.7.1

Typed array slices are handled correctly now.

v6.1.0

Objects with circular references can be used as inputs now.

v5.10.1, v4.4.3

Handle non-Uint8Array typed arrays correctly.

v1.2.0

Added in: v1.2.0

Tests for deep equality between the actual and expected parameters. "Deep" equality means that the enumerable "own" properties of child objects are recursively evaluated also by the following rules.

Comparison details#

const assert = require('assert').strict;

// This fails because 1 !== '1'.
assert.deepStrictEqual({ a: 1 }, { a: '1' });
// AssertionError: Expected inputs to be strictly deep-equal:
// + actual - expected
//
//   {
// +   a: 1
// -   a: '1'
//   }

// The following objects don't have own properties
const date = new Date();
const object = {};
const fakeDate = {};
Object.setPrototypeOf(fakeDate, Date.prototype);

// Different [[Prototype]]:
assert.deepStrictEqual(object, fakeDate);
// AssertionError: Expected inputs to be strictly deep-equal:
// + actual - expected
//
// + {}
// - Date {}

// Different type tags:
assert.deepStrictEqual(date, fakeDate);
// AssertionError: Expected inputs to be strictly deep-equal:
// + actual - expected
//
// + 2018-04-26T00:49:08.604Z
// - Date {}

assert.deepStrictEqual(NaN, NaN);
// OK, because of the SameValue comparison

// Different unwrapped numbers:
assert.deepStrictEqual(new Number(1), new Number(2));
// AssertionError: Expected inputs to be strictly deep-equal:
// + actual - expected
//
// + [Number: 1]
// - [Number: 2]

assert.deepStrictEqual(new String('foo'), Object('foo'));
// OK because the object and the string are identical when unwrapped.

assert.deepStrictEqual(-0, -0);
// OK

// Different zeros using the SameValue Comparison:
assert.deepStrictEqual(0, -0);
// AssertionError: Expected inputs to be strictly deep-equal:
// + actual - expected
//
// + 0
// - -0

const symbol1 = Symbol();
const symbol2 = Symbol();
assert.deepStrictEqual({ [symbol1]: 1 }, { [symbol1]: 1 });
// OK, because it is the same symbol on both objects.

assert.deepStrictEqual({ [symbol1]: 1 }, { [symbol2]: 1 });
// AssertionError [ERR_ASSERTION]: Inputs identical but not reference equal:
//
// {
//   [Symbol()]: 1
// }

const weakMap1 = new WeakMap();
const weakMap2 = new WeakMap([[{}, {}]]);
const weakMap3 = new WeakMap();
weakMap3.unequal = true;

assert.deepStrictEqual(weakMap1, weakMap2);
// OK, because it is impossible to compare the entries

// Fails because weakMap3 has a property that weakMap1 does not contain:
assert.deepStrictEqual(weakMap1, weakMap3);
// AssertionError: Expected inputs to be strictly deep-equal:
// + actual - expected
//
//   WeakMap {
// +   [items unknown]
// -   [items unknown],
// -   unequal: true
//   }

If the values are not equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.doesNotReject(asyncFn[, error][, message])[src]#

Added in: v10.0.0

Awaits the asyncFn promise or, if asyncFn is a function, immediately calls the function and awaits the returned promise to complete. It will then check that the promise is not rejected.

If asyncFn is a function and it throws an error synchronously, assert.doesNotReject() will return a rejected Promise with that error. If the function does not return a promise, assert.doesNotReject() will return a rejected Promise with an ERR_INVALID_RETURN_VALUE error. In both cases the error handler is skipped.

Using assert.doesNotReject() is actually not useful because there is little benefit in catching a rejection and then rejecting it again. Instead, consider adding a comment next to the specific code path that should not reject and keep error messages as expressive as possible.

If specified, error can be a Class, RegExp or a validation function. See assert.throws() for more details.

Besides the async nature to await the completion behaves identically to assert.doesNotThrow().

(async () => {
  await assert.doesNotReject(
    async () => {
      throw new TypeError('Wrong value');
    },
    SyntaxError
  );
})();

assert.doesNotReject(Promise.reject(new TypeError('Wrong value')))
  .then(() => {
    // ...
  });

assert.doesNotThrow(fn[, error][, message])[src]#

History
VersionChanges
v5.11.0, v4.4.5

The message parameter is respected now.

v4.2.0

The error parameter can now be an arrow function.

v0.1.21

Added in: v0.1.21

Asserts that the function fn does not throw an error.

Using assert.doesNotThrow() is actually not useful because there is no benefit in catching an error and then rethrowing it. Instead, consider adding a comment next to the specific code path that should not throw and keep error messages as expressive as possible.

When assert.doesNotThrow() is called, it will immediately call the fn function.

If an error is thrown and it is the same type as that specified by the error parameter, then an AssertionError is thrown. If the error is of a different type, or if the error parameter is undefined, the error is propagated back to the caller.

If specified, error can be a Class, RegExp or a validation function. See assert.throws() for more details.

The following, for instance, will throw the TypeError because there is no matching error type in the assertion:

assert.doesNotThrow(
  () => {
    throw new TypeError('Wrong value');
  },
  SyntaxError
);

However, the following will result in an AssertionError with the message 'Got unwanted exception...':

assert.doesNotThrow(
  () => {
    throw new TypeError('Wrong value');
  },
  TypeError
);

If an AssertionError is thrown and a value is provided for the message parameter, the value of message will be appended to the AssertionError message:

assert.doesNotThrow(
  () => {
    throw new TypeError('Wrong value');
  },
  /Wrong value/,
  'Whoops'
);
// Throws: AssertionError: Got unwanted exception: Whoops

assert.equal(actual, expected[, message])[src]#

Added in: v0.1.21

Strict mode

An alias of assert.strictEqual().

Legacy mode

Stability: 0 - Deprecated: Use assert.strictEqual() instead.

Tests shallow, coercive equality between the actual and expected parameters using the Abstract Equality Comparison ( == ).

const assert = require('assert');

assert.equal(1, 1);
// OK, 1 == 1
assert.equal(1, '1');
// OK, 1 == '1'

assert.equal(1, 2);
// AssertionError: 1 == 2
assert.equal({ a: { b: 1 } }, { a: { b: 1 } });
// AssertionError: { a: { b: 1 } } == { a: { b: 1 } }

If the values are not equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.fail([message])[src]#

Added in: v0.1.21

Throws an AssertionError with the provided error message or a default error message. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

const assert = require('assert').strict;

assert.fail();
// AssertionError [ERR_ASSERTION]: Failed

assert.fail('boom');
// AssertionError [ERR_ASSERTION]: boom

assert.fail(new TypeError('need array'));
// TypeError: need array

Using assert.fail() with more than two arguments is possible but deprecated. See below for further details.

assert.fail(actual, expected[, message[, operator[, stackStartFn]]])[src]#

History
VersionChanges
v10.0.0

Calling assert.fail() with more than one argument is deprecated and emits a warning.

v0.1.21

Added in: v0.1.21

Stability: 0 - Deprecated: Use assert.fail([message]) or other assert functions instead.

If message is falsy, the error message is set as the values of actual and expected separated by the provided operator. If just the two actual and expected arguments are provided, operator will default to '!='. If message is provided as third argument it will be used as the error message and the other arguments will be stored as properties on the thrown object. If stackStartFn is provided, all stack frames above that function will be removed from stacktrace (see Error.captureStackTrace). If no arguments are given, the default message Failed will be used.

const assert = require('assert').strict;

assert.fail('a', 'b');
// AssertionError [ERR_ASSERTION]: 'a' != 'b'

assert.fail(1, 2, undefined, '>');
// AssertionError [ERR_ASSERTION]: 1 > 2

assert.fail(1, 2, 'fail');
// AssertionError [ERR_ASSERTION]: fail

assert.fail(1, 2, 'whoops', '>');
// AssertionError [ERR_ASSERTION]: whoops

assert.fail(1, 2, new TypeError('need array'));
// TypeError: need array

In the last three cases actual, expected, and operator have no influence on the error message.

Example use of stackStartFn for truncating the exception's stacktrace:

function suppressFrame() {
  assert.fail('a', 'b', undefined, '!==', suppressFrame);
}
suppressFrame();
// AssertionError [ERR_ASSERTION]: 'a' !== 'b'
//     at repl:1:1
//     at ContextifyScript.Script.runInThisContext (vm.js:44:33)
//     ...

assert.ifError(value)[src]#

History
VersionChanges
v10.0.0

Instead of throwing the original error it is now wrapped into an [AssertionError][] that contains the full stack trace.

v10.0.0

Value may now only be undefined or null. Before all falsy values were handled the same as null and did not throw.

v0.1.97

Added in: v0.1.97

Throws value if value is not undefined or null. This is useful when testing the error argument in callbacks. The stack trace contains all frames from the error passed to ifError() including the potential new frames for ifError() itself.

const assert = require('assert').strict;

assert.ifError(null);
// OK
assert.ifError(0);
// AssertionError [ERR_ASSERTION]: ifError got unwanted exception: 0
assert.ifError('error');
// AssertionError [ERR_ASSERTION]: ifError got unwanted exception: 'error'
assert.ifError(new Error());
// AssertionError [ERR_ASSERTION]: ifError got unwanted exception: Error

// Create some random error frames.
let err;
(function errorFrame() {
  err = new Error('test error');
})();

(function ifErrorFrame() {
  assert.ifError(err);
})();
// AssertionError [ERR_ASSERTION]: ifError got unwanted exception: test error
//     at ifErrorFrame
//     at errorFrame

assert.notDeepEqual(actual, expected[, message])[src]#

History
VersionChanges
v9.0.0

The Error names and messages are now properly compared

v8.0.0

The Set and Map content is also compared

v6.4.0, v4.7.1

Typed array slices are handled correctly now.

v6.1.0, v4.5.0

Objects with circular references can be used as inputs now.

v5.10.1, v4.4.3

Handle non-Uint8Array typed arrays correctly.

v0.1.21

Added in: v0.1.21

Strict mode

An alias of assert.notDeepStrictEqual().

Legacy mode

Stability: 0 - Deprecated: Use assert.notDeepStrictEqual() instead.

Tests for any deep inequality. Opposite of assert.deepEqual().

const assert = require('assert');

const obj1 = {
  a: {
    b: 1
  }
};
const obj2 = {
  a: {
    b: 2
  }
};
const obj3 = {
  a: {
    b: 1
  }
};
const obj4 = Object.create(obj1);

assert.notDeepEqual(obj1, obj1);
// AssertionError: { a: { b: 1 } } notDeepEqual { a: { b: 1 } }

assert.notDeepEqual(obj1, obj2);
// OK

assert.notDeepEqual(obj1, obj3);
// AssertionError: { a: { b: 1 } } notDeepEqual { a: { b: 1 } }

assert.notDeepEqual(obj1, obj4);
// OK

If the values are deeply equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.notDeepStrictEqual(actual, expected[, message])[src]#

History
VersionChanges
v9.0.0

The -0 and +0 are not considered equal anymore.

v9.0.0

The NaN is now compared using the SameValueZero comparison.

v9.0.0

The Error names and messages are now properly compared

v8.0.0

The Set and Map content is also compared

v6.4.0, v4.7.1

Typed array slices are handled correctly now.

v6.1.0

Objects with circular references can be used as inputs now.

v5.10.1, v4.4.3

Handle non-Uint8Array typed arrays correctly.

v1.2.0

Added in: v1.2.0

Tests for deep strict inequality. Opposite of assert.deepStrictEqual().

const assert = require('assert').strict;

assert.notDeepStrictEqual({ a: 1 }, { a: '1' });
// OK

If the values are deeply and strictly equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.notEqual(actual, expected[, message])[src]#

Added in: v0.1.21

Strict mode

An alias of assert.notStrictEqual().

Legacy mode

Stability: 0 - Deprecated: Use assert.notStrictEqual() instead.

Tests shallow, coercive inequality with the Abstract Equality Comparison ( != ).

const assert = require('assert');

assert.notEqual(1, 2);
// OK

assert.notEqual(1, 1);
// AssertionError: 1 != 1

assert.notEqual(1, '1');
// AssertionError: 1 != '1'

If the values are equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.notStrictEqual(actual, expected[, message])[src]#

History
VersionChanges
v10.0.0

Used comparison changed from Strict Equality to Object.is()

v0.1.21

Added in: v0.1.21

Tests strict inequality between the actual and expected parameters as determined by the SameValue Comparison.

const assert = require('assert').strict;

assert.notStrictEqual(1, 2);
// OK

assert.notStrictEqual(1, 1);
// AssertionError [ERR_ASSERTION]: Expected "actual" to be strictly unequal to:
//
// 1

assert.notStrictEqual(1, '1');
// OK

If the values are strictly equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.ok(value[, message])[src]#

History
VersionChanges
v10.0.0

The assert.ok() (no arguments) will now use a predefined error message.

v0.1.21

Added in: v0.1.21

Tests if value is truthy. It is equivalent to assert.equal(!!value, true, message).

If value is not truthy, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError. If no arguments are passed in at all message will be set to the string: 'No value argument passed to `assert.ok()`'.

Be aware that in the repl the error message will be different to the one thrown in a file! See below for further details.

const assert = require('assert').strict;

assert.ok(true);
// OK
assert.ok(1);
// OK

assert.ok();
// AssertionError: No value argument passed to `assert.ok()`

assert.ok(false, 'it\'s false');
// AssertionError: it's false

// In the repl:
assert.ok(typeof 123 === 'string');
// AssertionError: false == true

// In a file (e.g. test.js):
assert.ok(typeof 123 === 'string');
// AssertionError: The expression evaluated to a falsy value:
//
//   assert.ok(typeof 123 === 'string')

assert.ok(false);
// AssertionError: The expression evaluated to a falsy value:
//
//   assert.ok(false)

assert.ok(0);
// AssertionError: The expression evaluated to a falsy value:
//
//   assert.ok(0)

// Using `assert()` works the same:
assert(0);
// AssertionError: The expression evaluated to a falsy value:
//
//   assert(0)

assert.rejects(asyncFn[, error][, message])[src]#

Added in: v10.0.0

Awaits the asyncFn promise or, if asyncFn is a function, immediately calls the function and awaits the returned promise to complete. It will then check that the promise is rejected.

If asyncFn is a function and it throws an error synchronously, assert.rejects() will return a rejected Promise with that error. If the function does not return a promise, assert.rejects() will return a rejected Promise with an ERR_INVALID_RETURN_VALUE error. In both cases the error handler is skipped.

Besides the async nature to await the completion behaves identically to assert.throws().

If specified, error can be a Class, RegExp, a validation function, an object where each property will be tested for, or an instance of error where each property will be tested for including the non-enumerable message and name properties.

If specified, message will be the message provided by the AssertionError if the asyncFn fails to reject.

(async () => {
  await assert.rejects(
    async () => {
      throw new TypeError('Wrong value');
    },
    {
      name: 'TypeError',
      message: 'Wrong value'
    }
  );
})();

assert.rejects(
  Promise.reject(new Error('Wrong value')),
  Error
).then(() => {
  // ...
});

error cannot be a string. If a string is provided as the second argument, then error is assumed to be omitted and the string will be used for message instead. This can lead to easy-to-miss mistakes. Please read the example in assert.throws() carefully if using a string as the second argument gets considered.

assert.strictEqual(actual, expected[, message])[src]#

History
VersionChanges
v10.0.0

Used comparison changed from Strict Equality to Object.is()

v0.1.21

Added in: v0.1.21

Tests strict equality between the actual and expected parameters as determined by the SameValue Comparison.

const assert = require('assert').strict;

assert.strictEqual(1, 2);
// AssertionError [ERR_ASSERTION]: Expected inputs to be strictly equal:
//
// 1 !== 2

assert.strictEqual(1, 1);
// OK

assert.strictEqual('Hello foobar', 'Hello World!');
// AssertionError [ERR_ASSERTION]: Expected inputs to be strictly equal:
// + actual - expected
//
// + 'Hello foobar'
// - 'Hello World!'
//          ^

const apples = 1;
const oranges = 2;
assert.strictEqual(apples, oranges, `apples ${apples} !== oranges ${oranges}`);
// AssertionError [ERR_ASSERTION]: apples 1 !== oranges 2

assert.strictEqual(1, '1', new TypeError('Inputs are not identical'));
// TypeError: Inputs are not identical

If the values are not strictly equal, an AssertionError is thrown with a message property set equal to the value of the message parameter. If the message parameter is undefined, a default error message is assigned. If the message parameter is an instance of an Error then it will be thrown instead of the AssertionError.

assert.throws(fn[, error][, message])[src]#

History
VersionChanges
v10.2.0

The error parameter can be an object containing regular expressions now.

v9.9.0

The error parameter can now be an object as well.

v4.2.0

The error parameter can now be an arrow function.

v0.1.21

Added in: v0.1.21

Expects the function fn to throw an error.

If specified, error can be a Class, RegExp, a validation function, a validation object where each property will be tested for strict deep equality, or an instance of error where each property will be tested for strict deep equality including the non-enumerable message and name properties. When using an object, it is also possible to use a regular expression, when validating against a string property. See below for examples.

If specified, message will be appended to the message provided by the AssertionError if the fn call fails to throw or in case the error validation fails.

Custom validation object/error instance:

const err = new TypeError('Wrong value');
err.code = 404;
err.foo = 'bar';
err.info = {
  nested: true,
  baz: 'text'
};
err.reg = /abc/i;

assert.throws(
  () => {
    throw err;
  },
  {
    name: 'TypeError',
    message: 'Wrong value',
    info: {
      nested: true,
      baz: 'text'
    }
    // Only properties on the validation object will be tested for.
    // Using nested objects requires all properties to be present. Otherwise
    // the validation is going to fail.
  }
);

// Using regular expressions to validate error properties:
assert.throws(
  () => {
    throw err;
  },
  {
    // The `name` and `message` properties are strings and using regular
    // expressions on those will match against the string. If they fail, an
    // error is thrown.
    name: /^TypeError$/,
    message: /Wrong/,
    foo: 'bar',
    info: {
      nested: true,
      // It is not possible to use regular expressions for nested properties!
      baz: 'text'
    },
    // The `reg` property contains a regular expression and only if the
    // validation object contains an identical regular expression, it is going
    // to pass.
    reg: /abc/i
  }
);

// Fails due to the different `message` and `name` properties:
assert.throws(
  () => {
    const otherErr = new Error('Not found');
    // Copy all enumerable properties from `err` to `otherErr`.
    for (const [key, value] of Object.entries(err)) {
      otherErr[key] = value;
    }
    throw otherErr;
  },
  // The error's `message` and `name` properties will also be checked when using
  // an error as validation object.
  err
);

Validate instanceof using constructor:

assert.throws(
  () => {
    throw new Error('Wrong value');
  },
  Error
);

Validate error message using RegExp:

Using a regular expression runs .toString on the error object, and will therefore also include the error name.

assert.throws(
  () => {
    throw new Error('Wrong value');
  },
  /^Error: Wrong value$/
);

Custom error validation:

The function must return true to indicate all internal validations passed. It will otherwise fail with an AssertionError.

assert.throws(
  () => {
    throw new Error('Wrong value');
  },
  (err) => {
    assert(err instanceof Error);
    assert(/value/.test(err));
    // Returning anything from validation functions besides `true` is not
    // recommended. By doing that, it's not clear what part of the validation
    // failed. Instead, throw an error about the specific validation that failed
    // (as done in this example) and add as much helpful debugging information
    // to that error as possible.
    return true;
  },
  'unexpected error'
);

error cannot be a string. If a string is provided as the second argument, then error is assumed to be omitted and the string will be used for message instead. This can lead to easy-to-miss mistakes. Using the same message as the thrown error message is going to result in an ERR_AMBIGUOUS_ARGUMENT error. Please read the example below carefully if using a string as the second argument gets considered:

function throwingFirst() {
  throw new Error('First');
}
function throwingSecond() {
  throw new Error('Second');
}
function notThrowing() {}

// The second argument is a string and the input function threw an Error.
// The first case will not throw as it does not match for the error message
// thrown by the input function!
assert.throws(throwingFirst, 'Second');
// In the next example the message has no benefit over the message from the
// error and since it is not clear if the user intended to actually match
// against the error message, Node.js throws an `ERR_AMBIGUOUS_ARGUMENT` error.
assert.throws(throwingSecond, 'Second');
// TypeError [ERR_AMBIGUOUS_ARGUMENT]

// The string is only used (as message) in case the function does not throw:
assert.throws(notThrowing, 'Second');
// AssertionError [ERR_ASSERTION]: Missing expected exception: Second

// If it was intended to match for the error message do this instead:
// It does not throw because the error messages match.
assert.throws(throwingSecond, /Second$/);

// If the error message does not match, an AssertionError is thrown.
assert.throws(throwingFirst, /Second$/);
// AssertionError [ERR_ASSERTION]

Due to the confusing notation, it is recommended not to use a string as the second argument. This might lead to difficult-to-spot errors.

Async Hooks#

Stability: 1 - Experimental

The async_hooks module provides an API to register callbacks tracking the lifetime of asynchronous resources created inside a Node.js application. It can be accessed using:

const async_hooks = require('async_hooks');

Terminology#

An asynchronous resource represents an object with an associated callback. This callback may be called multiple times, for example, the 'connection' event in net.createServer(), or just a single time like in fs.open(). A resource can also be closed before the callback is called. AsyncHook does not explicitly distinguish between these different cases but will represent them as the abstract concept that is a resource.

If Workers are used, each thread has an independent async_hooks interface, and each thread will use a new set of async IDs.

Public API#

Overview#

Following is a simple overview of the public API.

const async_hooks = require('async_hooks');

// Return the ID of the current execution context.
const eid = async_hooks.executionAsyncId();

// Return the ID of the handle responsible for triggering the callback of the
// current execution scope to call.
const tid = async_hooks.triggerAsyncId();

// Create a new AsyncHook instance. All of these callbacks are optional.
const asyncHook =
    async_hooks.createHook({ init, before, after, destroy, promiseResolve });

// Allow callbacks of this AsyncHook instance to call. This is not an implicit
// action after running the constructor, and must be explicitly run to begin
// executing callbacks.
asyncHook.enable();

// Disable listening for new asynchronous events.
asyncHook.disable();

//
// The following are the callbacks that can be passed to createHook().
//

// init is called during object construction. The resource may not have
// completed construction when this callback runs, therefore all fields of the
// resource referenced by "asyncId" may not have been populated.
function init(asyncId, type, triggerAsyncId, resource) { }

// Before is called just before the resource's callback is called. It can be
// called 0-N times for handles (e.g. TCPWrap), and will be called exactly 1
// time for requests (e.g. FSReqCallback).
function before(asyncId) { }

// After is called just after the resource's callback has finished.
function after(asyncId) { }

// Destroy is called when an AsyncWrap instance is destroyed.
function destroy(asyncId) { }

// promiseResolve is called only for promise resources, when the
// `resolve` function passed to the `Promise` constructor is invoked
// (either directly or through other means of resolving a promise).
function promiseResolve(asyncId) { }

async_hooks.createHook(callbacks)[src]#

Added in: v8.1.0

Registers functions to be called for different lifetime events of each async operation.

The callbacks init()/before()/after()/destroy() are called for the respective asynchronous event during a resource's lifetime.

All callbacks are optional. For example, if only resource cleanup needs to be tracked, then only the destroy callback needs to be passed. The specifics of all functions that can be passed to callbacks is in the Hook Callbacks section.

const async_hooks = require('async_hooks');

const asyncHook = async_hooks.createHook({
  init(asyncId, type, triggerAsyncId, resource) { },
  destroy(asyncId) { }
});

The callbacks will be inherited via the prototype chain:

class MyAsyncCallbacks {
  init(asyncId, type, triggerAsyncId, resource) { }
  destroy(asyncId) {}
}

class MyAddedCallbacks extends MyAsyncCallbacks {
  before(asyncId) { }
  after(asyncId) { }
}

const asyncHook = async_hooks.createHook(new MyAddedCallbacks());
Error Handling#

If any AsyncHook callbacks throw, the application will print the stack trace and exit. The exit path does follow that of an uncaught exception, but all 'uncaughtException' listeners are removed, thus forcing the process to exit. The 'exit' callbacks will still be called unless the application is run with --abort-on-uncaught-exception, in which case a stack trace will be printed and the application exits, leaving a core file.

The reason for this error handling behavior is that these callbacks are running at potentially volatile points in an object's lifetime, for example during class construction and destruction. Because of this, it is deemed necessary to bring down the process quickly in order to prevent an unintentional abort in the future. This is subject to change in the future if a comprehensive analysis is performed to ensure an exception can follow the normal control flow without unintentional side effects.

Printing in AsyncHooks callbacks#

Because printing to the console is an asynchronous operation, console.log() will cause the AsyncHooks callbacks to be called. Using console.log() or similar asynchronous operations inside an AsyncHooks callback function will thus cause an infinite recursion. An easy solution to this when debugging is to use a synchronous logging operation such as fs.writeFileSync(file, msg, flag). This will print to the file and will not invoke AsyncHooks recursively because it is synchronous.

const fs = require('fs');
const util = require('util');

function debug(...args) {
  // Use a function like this one when debugging inside an AsyncHooks callback
  fs.writeFileSync('log.out', `${util.format(...args)}\n`, { flag: 'a' });
}

If an asynchronous operation is needed for logging, it is possible to keep track of what caused the asynchronous operation using the information provided by AsyncHooks itself. The logging should then be skipped when it was the logging itself that caused AsyncHooks callback to call. By doing this the otherwise infinite recursion is broken.

asyncHook.enable()#

Enable the callbacks for a given AsyncHook instance. If no callbacks are provided enabling is a noop.

The AsyncHook instance is disabled by default. If the AsyncHook instance should be enabled immediately after creation, the following pattern can be used.

const async_hooks = require('async_hooks');

const hook = async_hooks.createHook(callbacks).enable();

asyncHook.disable()#

Disable the callbacks for a given AsyncHook instance from the global pool of AsyncHook callbacks to be executed. Once a hook has been disabled it will not be called again until enabled.

For API consistency disable() also returns the AsyncHook instance.

Hook Callbacks#

Key events in the lifetime of asynchronous events have been categorized into four areas: instantiation, before/after the callback is called, and when the instance is destroyed.

init(asyncId, type, triggerAsyncId, resource)#
  • asyncId <number> A unique ID for the async resource.
  • type <string> The type of the async resource.
  • triggerAsyncId <number> The unique ID of the async resource in whose execution context this async resource was created.
  • resource <Object> Reference to the resource representing the async operation, needs to be released during destroy.

Called when a class is constructed that has the possibility to emit an asynchronous event. This does not mean the instance must call before/after before destroy is called, only that the possibility exists.

This behavior can be observed by doing something like opening a resource then closing it before the resource can be used. The following snippet demonstrates this.

require('net').createServer().listen(function() { this.close(); });
// OR
clearTimeout(setTimeout(() => {}, 10));

Every new resource is assigned an ID that is unique within the scope of the current Node.js instance.

type#

The type is a string identifying the type of resource that caused init to be called. Generally, it will correspond to the name of the resource's constructor.

FSEVENTWRAP, FSREQCALLBACK, GETADDRINFOREQWRAP, GETNAMEINFOREQWRAP, HTTPINCOMINGMESSAGE,
HTTPCLIENTREQUEST, JSSTREAM, PIPECONNECTWRAP, PIPEWRAP, PROCESSWRAP, QUERYWRAP,
SHUTDOWNWRAP, SIGNALWRAP, STATWATCHER, TCPCONNECTWRAP, TCPSERVERWRAP, TCPWRAP,
TTYWRAP, UDPSENDWRAP, UDPWRAP, WRITEWRAP, ZLIB, SSLCONNECTION, PBKDF2REQUEST,
RANDOMBYTESREQUEST, TLSWRAP, Microtask, Timeout, Immediate, TickObject

There is also the PROMISE resource type, which is used to track Promise instances and asynchronous work scheduled by them.

Users are able to define their own type when using the public embedder API.

It is possible to have type name collisions. Embedders are encouraged to use unique prefixes, such as the npm package name, to prevent collisions when listening to the hooks.

triggerAsyncId#

triggerAsyncId is the asyncId of the resource that caused (or "triggered") the new resource to initialize and that caused init to call. This is different from async_hooks.executionAsyncId() that only shows when a resource was created, while triggerAsyncId shows why a resource was created.

The following is a simple demonstration of triggerAsyncId:

async_hooks.createHook({
  init(asyncId, type, triggerAsyncId) {
    const eid = async_hooks.executionAsyncId();
    fs.writeSync(
      1, `${type}(${asyncId}): trigger: ${triggerAsyncId} execution: ${eid}\n`);
  }
}).enable();

require('net').createServer((conn) => {}).listen(8080);

Output when hitting the server with nc localhost 8080:

TCPSERVERWRAP(5): trigger: 1 execution: 1
TCPWRAP(7): trigger: 5 execution: 0

The TCPSERVERWRAP is the server which receives the connections.

The TCPWRAP is the new connection from the client. When a new connection is made, the TCPWrap instance is immediately constructed. This happens outside of any JavaScript stack. (An executionAsyncId() of 0 means that it is being executed from C++ with no JavaScript stack above it.) With only that information, it would be impossible to link resources together in terms of what caused them to be created, so triggerAsyncId is given the task of propagating what resource is responsible for the new resource's existence.

resource#

resource is an object that represents the actual async resource that has been initialized. This can contain useful information that can vary based on the value of type. For instance, for the GETADDRINFOREQWRAP resource type, resource provides the hostname used when looking up the IP address for the host in net.Server.listen(). The API for accessing this information is currently not considered public, but using the Embedder API, users can provide and document their own resource objects. For example, such a resource object could contain the SQL query being executed.

In the case of Promises, the resource object will have an isChainedPromise property, set to true if the promise has a parent promise, and false otherwise. For example, in the case of b = a.then(handler), a is considered a parent Promise of b. Here, b is considered a chained promise.

In some cases the resource object is reused for performance reasons, it is thus not safe to use it as a key in a WeakMap or add properties to it.

Asynchronous context example#

The following is an example with additional information about the calls to init between the before and after calls, specifically what the callback to listen() will look like. The output formatting is slightly more elaborate to make calling context easier to see.

let indent = 0;
async_hooks.createHook({
  init(asyncId, type, triggerAsyncId) {
    const eid = async_hooks.executionAsyncId();
    const indentStr = ' '.repeat(indent);
    fs.writeSync(
      1,
      `${indentStr}${type}(${asyncId}):` +
      ` trigger: ${triggerAsyncId} execution: ${eid}\n`);
  },
  before(asyncId) {
    const indentStr = ' '.repeat(indent);
    fs.writeFileSync('log.out',
                     `${indentStr}before:  ${asyncId}\n`, { flag: 'a' });
    indent += 2;
  },
  after(asyncId) {
    indent -= 2;
    const indentStr = ' '.repeat(indent);
    fs.writeFileSync('log.out',
                     `${indentStr}after:  ${asyncId}\n`, { flag: 'a' });
  },
  destroy(asyncId) {
    const indentStr = ' '.repeat(indent);
    fs.writeFileSync('log.out',
                     `${indentStr}destroy:  ${asyncId}\n`, { flag: 'a' });
  },
}).enable();

require('net').createServer(() => {}).listen(8080, () => {
  // Let's wait 10ms before logging the server started.
  setTimeout(() => {
    console.log('>>>', async_hooks.executionAsyncId());
  }, 10);
});

Output from only starting the server:

TCPSERVERWRAP(5): trigger: 1 execution: 1
TickObject(6): trigger: 5 execution: 1
before:  6
  Timeout(7): trigger: 6 execution: 6
after:   6
destroy: 6
before:  7
>>> 7
  TickObject(8): trigger: 7 execution: 7
after:   7
before:  8
after:   8

As illustrated in the example, executionAsyncId() and execution each specify the value of the current execution context; which is delineated by calls to before and after.

Only using execution to graph resource allocation results in the following:

Timeout(7) -> TickObject(6) -> root(1)

The TCPSERVERWRAP is not part of this graph, even though it was the reason for console.log() being called. This is because binding to a port without a hostname is a synchronous operation, but to maintain a completely asynchronous API the user's callback is placed in a process.nextTick().

The graph only shows when a resource was created, not why, so to track the why use triggerAsyncId.

before(asyncId)#

When an asynchronous operation is initiated (such as a TCP server receiving a new connection) or completes (such as writing data to disk) a callback is called to notify the user. The before callback is called just before said callback is executed. asyncId is the unique identifier assigned to the resource about to execute the callback.

The before callback will be called 0 to N times. The before callback will typically be called 0 times if the asynchronous operation was cancelled or, for example, if no connections are received by a TCP server. Persistent asynchronous resources like a TCP server will typically call the before callback multiple times, while other operations like fs.open() will call it only once.

after(asyncId)#

Called immediately after the callback specified in before is completed.

If an uncaught exception occurs during execution of the callback, then after will run after the 'uncaughtException' event is emitted or a domain's handler runs.

destroy(asyncId)#

Called after the resource corresponding to asyncId is destroyed. It is also called asynchronously from the embedder API emitDestroy().

Some resources depend on garbage collection for cleanup, so if a reference is made to the resource object passed to init it is possible that destroy will never be called, causing a memory leak in the application. If the resource does not depend on garbage collection, then this will not be an issue.

promiseResolve(asyncId)#
Added in: v8.6.0

Called when the resolve function passed to the Promise constructor is invoked (either directly or through other means of resolving a promise).

resolve() does not do any observable synchronous work.

The Promise is not necessarily fulfilled or rejected at this point if the Promise was resolved by assuming the state of another Promise.

new Promise((resolve) => resolve(true)).then((a) => {});

calls the following callbacks:

init for PROMISE with id 5, trigger id: 1
  promise resolve 5      # corresponds to resolve(true)
init for PROMISE with id 6, trigger id: 5  # the Promise returned by then()
  before 6               # the then() callback is entered
  promise resolve 6      # the then() callback resolves the promise by returning
  after 6

async_hooks.executionAsyncId()#

History
VersionChanges
v8.2.0

Renamed from currentId

v8.1.0

Added in: v8.1.0

  • Returns: <number> The asyncId of the current execution context. Useful to track when something calls.
const async_hooks = require('async_hooks');

console.log(async_hooks.executionAsyncId());  // 1 - bootstrap
fs.open(path, 'r', (err, fd) => {
  console.log(async_hooks.executionAsyncId());  // 6 - open()
});

The ID returned from executionAsyncId() is related to execution timing, not causality (which is covered by triggerAsyncId()):

const server = net.createServer((conn) => {
  // Returns the ID of the server, not of the new connection, because the
  // callback runs in the execution scope of the server's MakeCallback().
  async_hooks.executionAsyncId();

}).listen(port, () => {
  // Returns the ID of a TickObject (i.e. process.nextTick()) because all
  // callbacks passed to .listen() are wrapped in a nextTick().
  async_hooks.executionAsyncId();
});

Promise contexts may not get precise executionAsyncIds by default. See the section on promise execution tracking.

async_hooks.triggerAsyncId()#

  • Returns: <number> The ID of the resource responsible for calling the callback that is currently being executed.
const server = net.createServer((conn) => {
  // The resource that caused (or triggered) this callback to be called
  // was that of the new connection. Thus the return value of triggerAsyncId()
  // is the asyncId of "conn".
  async_hooks.triggerAsyncId();

}).listen(port, () => {
  // Even though all callbacks passed to .listen() are wrapped in a nextTick()
  // the callback itself exists because the call to the server's .listen()
  // was made. So the return value would be the ID of the server.
  async_hooks.triggerAsyncId();
});

Promise contexts may not get valid triggerAsyncIds by default. See the section on promise execution tracking.

Promise execution tracking#

By default, promise executions are not assigned asyncIds due to the relatively expensive nature of the promise introspection API provided by V8. This means that programs using promises or async/await will not get correct execution and trigger ids for promise callback contexts by default.

const ah = require('async_hooks');
Promise.resolve(1729).then(() => {
  console.log(`eid ${ah.executionAsyncId()} tid ${ah.triggerAsyncId()}`);
});
// produces:
// eid 1 tid 0

Observe that the then() callback claims to have executed in the context of the outer scope even though there was an asynchronous hop involved. Also, the triggerAsyncId value is 0, which means that we are missing context about the resource that caused (triggered) the then() callback to be executed.

Installing async hooks via async_hooks.createHook enables promise execution tracking:

const ah = require('async_hooks');
ah.createHook({ init() {} }).enable(); // forces PromiseHooks to be enabled.
Promise.resolve(1729).then(() => {
  console.log(`eid ${ah.executionAsyncId()} tid ${ah.triggerAsyncId()}`);
});
// produces:
// eid 7 tid 6

In this example, adding any actual hook function enabled the tracking of promises. There are two promises in the example above; the promise created by Promise.resolve() and the promise returned by the call to then(). In the example above, the first promise got the asyncId 6 and the latter got asyncId 7. During the execution of the then() callback, we are executing in the context of promise with asyncId 7. This promise was triggered by async resource 6.

Another subtlety with promises is that before and after callbacks are run only on chained promises. That means promises not created by then()/catch() will not have the before and after callbacks fired on them. For more details see the details of the V8 PromiseHooks API.

JavaScript Embedder API#

Library developers that handle their own asynchronous resources performing tasks like I/O, connection pooling, or managing callback queues may use the AsyncWrap JavaScript API so that all the appropriate callbacks are called.

Class: AsyncResource[src]#

The class AsyncResource is designed to be extended by the embedder's async resources. Using this, users can easily trigger the lifetime events of their own resources.

The init hook will trigger when an AsyncResource is instantiated.

The following is an overview of the AsyncResource API.

const { AsyncResource, executionAsyncId } = require('async_hooks');

// AsyncResource() is meant to be extended. Instantiating a
// new AsyncResource() also triggers init. If triggerAsyncId is omitted then
// async_hook.executionAsyncId() is used.
const asyncResource = new AsyncResource(
  type, { triggerAsyncId: executionAsyncId(), requireManualDestroy: false }
);

// Run a function in the execution context of the resource. This will
// * establish the context of the resource
// * trigger the AsyncHooks before callbacks
// * call the provided function `fn` with the supplied arguments
// * trigger the AsyncHooks after callbacks
// * restore the original execution context
asyncResource.runInAsyncScope(fn, thisArg, ...args);

// Call AsyncHooks destroy callbacks.
asyncResource.emitDestroy();

// Return the unique ID assigned to the AsyncResource instance.
asyncResource.asyncId();

// Return the trigger ID for the AsyncResource instance.
asyncResource.triggerAsyncId();

new AsyncResource(type[, options])[src]#

  • type <string> The type of async event.

  • options <Object>

    • triggerAsyncId <number> The ID of the execution context that created this async event. Default: executionAsyncId().
    • requireManualDestroy <boolean> Disables automatic emitDestroy when the object is garbage collected. This usually does not need to be set (even if emitDestroy is called manually), unless the resource's asyncId is retrieved and the sensitive API's emitDestroy is called with it. Default: false.

Example usage:

class DBQuery extends AsyncResource {
  constructor(db) {
    super('DBQuery');
    this.db = db;
  }

  getInfo(query, callback) {
    this.db.get(query, (err, data) => {
      this.runInAsyncScope(callback, null, err, data);
    });
  }

  close() {
    this.db = null;
    this.emitDestroy();
  }
}

asyncResource.runInAsyncScope(fn[, thisArg, ...args])[src]#

Added in: v9.6.0
  • fn <Function> The function to call in the execution context of this async resource.
  • thisArg <any> The receiver to be used for the function call.
  • ...args <any> Optional arguments to pass to the function.

Call the provided function with the provided arguments in the execution context of the async resource. This will establish the context, trigger the AsyncHooks before callbacks, call the function, trigger the AsyncHooks after callbacks, and then restore the original execution context.

asyncResource.emitDestroy()[src]#

Call all destroy hooks. This should only ever be called once. An error will be thrown if it is called more than once. This must be manually called. If the resource is left to be collected by the GC then the destroy hooks will never be called.

asyncResource.asyncId()[src]#

  • Returns: <number> The unique asyncId assigned to the resource.

asyncResource.triggerAsyncId()[src]#

  • Returns: <number> The same triggerAsyncId that is passed to the AsyncResource constructor.

Buffer#

Stability: 2 - Stable

Prior to the introduction of TypedArray, the JavaScript language had no mechanism for reading or manipulating streams of binary data. The Buffer class was introduced as part of the Node.js API to enable interaction with octet streams in TCP streams, file system operations, and other contexts.

With TypedArray now available, the Buffer class implements the Uint8Array API in a manner that is more optimized and suitable for Node.js.

Instances of the Buffer class are similar to arrays of integers from 0 to 255 (other integers are coerced to this range by & 255 operation) but correspond to fixed-sized, raw memory allocations outside the V8 heap. The size of the Buffer is established when it is created and cannot be changed.

The Buffer class is within the global scope, making it unlikely that one would need to ever use require('buffer').Buffer.

// Creates a zero-filled Buffer of length 10.
const buf1 = Buffer.alloc(10);

// Creates a Buffer of length 10, filled with 0x1.
const buf2 = Buffer.alloc(10, 1);

// Creates an uninitialized buffer of length 10.
// This is faster than calling Buffer.alloc() but the returned
// Buffer instance might contain old data that needs to be
// overwritten using either fill() or write().
const buf3 = Buffer.allocUnsafe(10);

// Creates a Buffer containing [0x1, 0x2, 0x3].
const buf4 = Buffer.from([1, 2, 3]);

// Creates a Buffer containing UTF-8 bytes [0x74, 0xc3, 0xa9, 0x73, 0x74].
const buf5 = Buffer.from('tést');

// Creates a Buffer containing Latin-1 bytes [0x74, 0xe9, 0x73, 0x74].
const buf6 = Buffer.from('tést', 'latin1');

Buffer.from(), Buffer.alloc(), and Buffer.allocUnsafe()#

In versions of Node.js prior to 6.0.0, Buffer instances were created using the Buffer constructor function, which allocates the returned Buffer differently based on what arguments are provided:

  • Passing a number as the first argument to Buffer() (e.g. new Buffer(10)) allocates a new Buffer object of the specified size. Prior to Node.js 8.0.0, the memory allocated for such Buffer instances is not initialized and can contain sensitive data. Such Buffer instances must be subsequently initialized by using either buf.fill(0) or by writing to the entire Buffer. While this behavior is intentional to improve performance, development experience has demonstrated that a more explicit distinction is required between creating a fast-but-uninitialized Buffer versus creating a slower-but-safer Buffer. Since Node.js 8.0.0, Buffer(num) and new Buffer(num) return a Buffer with initialized memory.
  • Passing a string, array, or Buffer as the first argument copies the passed object's data into the Buffer.
  • Passing an ArrayBuffer or a SharedArrayBuffer returns a Buffer that shares allocated memory with the given array buffer.

Because the behavior of new Buffer() is different depending on the type of the first argument, security and reliability issues can be inadvertently introduced into applications when argument validation or Buffer initialization is not performed.

For example, if an attacker can cause an application to receive a number where a string is expected, the application may call new Buffer(100) instead of new Buffer("100"), it will allocate a 100 byte buffer instead of allocating a 3 byte buffer with content "100". This is commonly possible using JSON API calls. Since JSON distinguishes between numeric and string types, it allows injection of numbers where a naive application might expect to always receive a string. Before Node.js 8.0.0, the 100 byte buffer might contain arbitrary pre-existing in-memory data, so may be used to expose in-memory secrets to a remote attacker. Since Node.js 8.0.0, exposure of memory cannot occur because the data is zero-filled. However, other attacks are still possible, such as causing very large buffers to be allocated by the server, leading to performance degradation or crashing on memory exhaustion.

To make the creation of Buffer instances more reliable and less error-prone, the various forms of the new Buffer() constructor have been deprecated and replaced by separate Buffer.from(), Buffer.alloc(), and Buffer.allocUnsafe() methods.

Developers should migrate all existing uses of the new Buffer() constructors to one of these new APIs.

Buffer instances returned by Buffer.allocUnsafe() may be allocated off a shared internal memory pool if size is less than or equal to half Buffer.poolSize. Instances returned by Buffer.allocUnsafeSlow() never use the shared internal memory pool.

The --zero-fill-buffers command line option#

Added in: v5.10.0

Node.js can be started using the --zero-fill-buffers command line option to cause all newly allocated Buffer instances to be zero-filled upon creation by default. Before Node.js 8.0.0, this included buffers allocated by new Buffer(size). Since Node.js 8.0.0, buffers allocated with new are always zero-filled, whether this option is used or not. Buffer.allocUnsafe(), Buffer.allocUnsafeSlow(), and new SlowBuffer(size). Use of this flag can have a significant negative impact on performance. Use of the --zero-fill-buffers option is recommended only when necessary to enforce that newly allocated Buffer instances cannot contain old data that is potentially sensitive.

$ node --zero-fill-buffers
> Buffer.allocUnsafe(5);
<Buffer 00 00 00 00 00>

What makes Buffer.allocUnsafe() and Buffer.allocUnsafeSlow() "unsafe"?#

When calling Buffer.allocUnsafe() and Buffer.allocUnsafeSlow(), the segment of allocated memory is uninitialized (it is not zeroed-out). While this design makes the allocation of memory quite fast, the allocated segment of memory might contain old data that is potentially sensitive. Using a Buffer created by Buffer.allocUnsafe() without completely overwriting the memory can allow this old data to be leaked when the Buffer memory is read.

While there are clear performance advantages to using Buffer.allocUnsafe(), extra care must be taken in order to avoid introducing security vulnerabilities into an application.

Buffers and Character Encodings#

History
VersionChanges
v6.4.0

Introduced latin1 as an alias for binary.

v5.0.0

Removed the deprecated raw and raws encodings.

When string data is stored in or extracted out of a Buffer instance, a character encoding may be specified.

const buf = Buffer.from('hello world', 'ascii');

console.log(buf.toString('hex'));
// Prints: 68656c6c6f20776f726c64
console.log(buf.toString('base64'));
// Prints: aGVsbG8gd29ybGQ=

console.log(Buffer.from('fhqwhgads', 'ascii'));
// Prints: <Buffer 66 68 71 77 68 67 61 64 73>
console.log(Buffer.from('fhqwhgads', 'utf16le'));
// Prints: <Buffer 66 00 68 00 71 00 77 00 68 00 67 00 61 00 64 00 73 00>

The character encodings currently supported by Node.js include:

  • 'ascii': For 7-bit ASCII data only. This encoding is fast and will strip the high bit if set.

  • 'utf8': Multibyte encoded Unicode characters. Many web pages and other document formats use UTF-8.

  • 'utf16le': 2 or 4 bytes, little-endian encoded Unicode characters. Surrogate pairs (U+10000 to U+10FFFF) are supported.

  • 'ucs2': Alias of 'utf16le'.

  • 'base64': Base64 encoding. When creating a Buffer from a string, this encoding will also correctly accept "URL and Filename Safe Alphabet" as specified in RFC 4648, Section 5.

  • 'latin1': A way of encoding the Buffer into a one-byte encoded string (as defined by the IANA in RFC 1345, page 63, to be the Latin-1 supplement block and C0/C1 control codes).

  • 'binary': Alias for 'latin1'.

  • 'hex': Encode each byte as two hexadecimal characters.

Modern Web browsers follow the WHATWG Encoding Standard which aliases both 'latin1' and 'ISO-8859-1' to 'win-1252'. This means that while doing something like http.get(), if the returned charset is one of those listed in the WHATWG specification it is possible that the server actually returned 'win-1252'-encoded data, and using 'latin1' encoding may incorrectly decode the characters.

Buffers and TypedArray#

History
VersionChanges
v3.0.0

The Buffers class now inherits from Uint8Array.

Buffer instances are also Uint8Array instances. However, there are subtle incompatibilities with TypedArray. For example, while ArrayBuffer#slice() creates a copy of the slice, the implementation of Buffer#slice() creates a view over the existing Buffer without copying, making Buffer#slice() far more efficient.

It is also possible to create new TypedArray instances from a Buffer with the following caveats:

  1. The Buffer object's memory is copied to the TypedArray, not shared.

  2. The Buffer object's memory is interpreted as an array of distinct elements, and not as a byte array of the target type. That is, new Uint32Array(Buffer.from([1, 2, 3, 4])) creates a 4-element Uint32Array with elements [1, 2, 3, 4], not a Uint32Array with a single element [0x1020304] or [0x4030201].

It is possible to create a new Buffer that shares the same allocated memory as a TypedArray instance by using the TypedArray object's .buffer property.

const arr = new Uint16Array(2);

arr[0] = 5000;
arr[1] = 4000;

// Copies the contents of `arr`.
const buf1 = Buffer.from(arr);
// Shares memory with `arr`.
const buf2 = Buffer.from(arr.buffer);

console.log(buf1);
// Prints: <Buffer 88 a0>
console.log(buf2);
// Prints: <Buffer 88 13 a0 0f>

arr[1] = 6000;

console.log(buf1);
// Prints: <Buffer 88 a0>
console.log(buf2);
// Prints: <Buffer 88 13 70 17>

When creating a Buffer using a TypedArray's .buffer, it is possible to use only a portion of the underlying ArrayBuffer by passing in byteOffset and length parameters.

const arr = new Uint16Array(20);
const buf = Buffer.from(arr.buffer, 0, 16);

console.log(buf.length);
// Prints: 16

The Buffer.from() and TypedArray.from() have different signatures and implementations. Specifically, the TypedArray variants accept a second argument that is a mapping function that is invoked on every element of the typed array:

  • TypedArray.from(source[, mapFn[, thisArg]])

The Buffer.from() method, however, does not support the use of a mapping function:

Buffers and iteration#

Buffer instances can be iterated over using for..of syntax:

const buf = Buffer.from([1, 2, 3]);

for (const b of buf) {
  console.log(b);
}
// Prints:
//   1
//   2
//   3

Additionally, the buf.values(), buf.keys(), and buf.entries() methods can be used to create iterators.

Class: Buffer#

The Buffer class is a global type for dealing with binary data directly. It can be constructed in a variety of ways.

new Buffer(array)#

History
VersionChanges
v10.0.0

Calling this constructor emits a deprecation warning when run from code outside the node_modules directory.

v7.2.1

Calling this constructor no longer emits a deprecation warning.

v7.0.0

Calling this constructor emits a deprecation warning now.

v6.0.0

Deprecated since: v6.0.0

Stability: 0 - Deprecated: Use Buffer.from(array) instead.

Allocates a new Buffer using an array of octets.

// Creates a new Buffer containing the UTF-8 bytes of the string 'buffer'.
const buf = new Buffer([0x62, 0x75, 0x66, 0x66, 0x65, 0x72]);

new Buffer(arrayBuffer[, byteOffset[, length]])#

History
VersionChanges
v10.0.0

Calling this constructor emits a deprecation warning when run from code outside the node_modules directory.

v7.2.1

Calling this constructor no longer emits a deprecation warning.

v7.0.0

Calling this constructor emits a deprecation warning now.

v6.0.0

The byteOffset and length parameters are supported now.

v6.0.0

Deprecated since: v6.0.0

v3.0.0

Added in: v3.0.0

Stability: 0 - Deprecated: Use Buffer.from(arrayBuffer[, byteOffset[, length]]) instead.

This creates a view of the ArrayBuffer or SharedArrayBuffer without copying the underlying memory. For example, when passed a reference to the .buffer property of a TypedArray instance, the newly created Buffer will share the same allocated memory as the TypedArray.

The optional byteOffset and length arguments specify a memory range within the arrayBuffer that will be shared by the Buffer.

const arr = new Uint16Array(2);

arr[0] = 5000;
arr[1] = 4000;

// Shares memory with `arr`.
const buf = new Buffer(arr.buffer);

console.log(buf);
// Prints: <Buffer 88 13 a0 0f>

// Changing the original Uint16Array changes the Buffer also.
arr[1] = 6000;

console.log(buf);
// Prints: <Buffer 88 13 70 17>

new Buffer(buffer)#

History
VersionChanges
v10.0.0

Calling this constructor emits a deprecation warning when run from code outside the node_modules directory.

v7.2.1

Calling this constructor no longer emits a deprecation warning.

v7.0.0

Calling this constructor emits a deprecation warning now.

v6.0.0

Deprecated since: v6.0.0

Stability: 0 - Deprecated: Use Buffer.from(buffer) instead.

Copies the passed buffer data onto a new Buffer instance.

const buf1 = new Buffer('buffer');
const buf2 = new Buffer(buf1);

buf1[0] = 0x61;

console.log(buf1.toString());
// Prints: auffer
console.log(buf2.toString());
// Prints: buffer

new Buffer(size)#

History
VersionChanges
v10.0.0

Calling this constructor emits a deprecation warning when run from code outside the node_modules directory.

v8.0.0

The new Buffer(size) will return zero-filled memory by default.

v7.2.1

Calling this constructor no longer emits a deprecation warning.

v7.0.0

Calling this constructor emits a deprecation warning now.

v6.0.0

Deprecated since: v6.0.0

Stability: 0 - Deprecated: Use Buffer.alloc() instead (also see Buffer.allocUnsafe()).

  • size <integer> The desired length of the new Buffer.

Allocates a new Buffer of size bytes. If size is larger than buffer.constants.MAX_LENGTH or smaller than 0, ERR_INVALID_OPT_VALUE is thrown. A zero-length Buffer is created if size is 0.

Prior to Node.js 8.0.0, the underlying memory for Buffer instances created in this way is not initialized. The contents of a newly created Buffer are unknown and may contain sensitive data. Use Buffer.alloc(size) instead to initialize a Buffer with zeroes.

const buf = new Buffer(10);

console.log(buf);
// Prints: <Buffer 00 00 00 00 00 00 00 00 00 00>

new Buffer(string[, encoding])#

History
VersionChanges
v10.0.0

Calling this constructor emits a deprecation warning when run from code outside the node_modules directory.

v7.2.1

Calling this constructor no longer emits a deprecation warning.

v7.0.0

Calling this constructor emits a deprecation warning now.

v6.0.0

Deprecated since: v6.0.0

Stability: 0 - Deprecated: Use Buffer.from(string[, encoding]) instead.

  • string <string> String to encode.
  • encoding <string> The encoding of string. Default: 'utf8'.

Creates a new Buffer containing string. The encoding parameter identifies the character encoding of string.

const buf1 = new Buffer('this is a tést');
const buf2 = new Buffer('7468697320697320612074c3a97374', 'hex');

console.log(buf1.toString());
// Prints: this is a tést
console.log(buf2.toString());
// Prints: this is a tést
console.log(buf1.toString('ascii'));
// Prints: this is a tC)st

Class Method: Buffer.alloc(size[, fill[, encoding]])[src]#

History
VersionChanges
v10.0.0

Attempting to fill a non-zero length buffer with a zero length buffer triggers a thrown exception.

v10.0.0

Specifying an invalid string for fill triggers a thrown exception.

v8.9.3

Specifying an invalid string for fill now results in a zero-filled buffer.

v5.10.0

Added in: v5.10.0

Allocates a new Buffer of size bytes. If fill is undefined, the Buffer will be zero-filled.

const buf = Buffer.alloc(5);

console.log(buf);
// Prints: <Buffer 00 00 00 00 00>

If size is larger than buffer.constants.MAX_LENGTH or smaller than 0, ERR_INVALID_OPT_VALUE is thrown. A zero-length Buffer is created if size is 0.

If fill is specified, the allocated Buffer will be initialized by calling buf.fill(fill).

const buf = Buffer.alloc(5, 'a');

console.log(buf);
// Prints: <Buffer 61 61 61 61 61>

If both fill and encoding are specified, the allocated Buffer will be initialized by calling buf.fill(fill, encoding).

const buf = Buffer.alloc(11, 'aGVsbG8gd29ybGQ=', 'base64');

console.log(buf);
// Prints: <Buffer 68 65 6c 6c 6f 20 77 6f 72 6c 64>

Calling Buffer.alloc() can be significantly slower than the alternative Buffer.allocUnsafe() but ensures that the newly created Buffer instance contents will never contain sensitive data.

A TypeError will be thrown if size is not a number.

Class Method: Buffer.allocUnsafe(size)[src]#

History
VersionChanges
v7.0.0

Passing a negative size will now throw an error.

v5.10.0

Added in: v5.10.0

  • size <integer> The desired length of the new Buffer.

Allocates a new Buffer of size bytes. If size is larger than buffer.constants.MAX_LENGTH or smaller than 0, ERR_INVALID_OPT_VALUE is thrown. A zero-length Buffer is created if size is 0.

The underlying memory for Buffer instances created in this way is not initialized. The contents of the newly created Buffer are unknown and may contain sensitive data. Use Buffer.alloc() instead to initialize Buffer instances with zeroes.

const buf = Buffer.allocUnsafe(10);

console.log(buf);
// Prints (contents may vary): <Buffer a0 8b 28 3f 01 00 00 00 50 32>

buf.fill(0);

console.log(buf);
// Prints: <Buffer 00 00 00 00 00 00 00 00 00 00>

A TypeError will be thrown if size is not a number.

The Buffer module pre-allocates an internal Buffer instance of size Buffer.poolSize that is used as a pool for the fast allocation of new Buffer instances created using Buffer.allocUnsafe() and the deprecated new Buffer(size) constructor only when size is less than or equal to Buffer.poolSize >> 1 (floor of Buffer.poolSize divided by two).

Use of this pre-allocated internal memory pool is a key difference between calling Buffer.alloc(size, fill) vs. Buffer.allocUnsafe(size).fill(fill). Specifically, Buffer.alloc(size, fill) will never use the internal Buffer pool, while Buffer.allocUnsafe(size).fill(fill) will use the internal Buffer pool if size is less than or equal to half Buffer.poolSize. The difference is subtle but can be important when an application requires the additional performance that Buffer.allocUnsafe() provides.

Class Method: Buffer.allocUnsafeSlow(size)[src]#

Added in: v5.12.0
  • size <integer> The desired length of the new Buffer.

Allocates a new Buffer of size bytes. If size is larger than buffer.constants.MAX_LENGTH or smaller than 0, ERR_INVALID_OPT_VALUE is thrown. A zero-length Buffer is created if size is 0.

The underlying memory for Buffer instances created in this way is not initialized. The contents of the newly created Buffer are unknown and may contain sensitive data. Use buf.fill(0) to initialize such Buffer instances with zeroes.

When using Buffer.allocUnsafe() to allocate new Buffer instances, allocations under 4KB are sliced from a single pre-allocated Buffer. This allows applications to avoid the garbage collection overhead of creating many individually allocated Buffer instances. This approach improves both performance and memory usage by eliminating the need to track and clean up as many persistent objects.

However, in the case where a developer may need to retain a small chunk of memory from a pool for an indeterminate amount of time, it may be appropriate to create an un-pooled Buffer instance using Buffer.allocUnsafeSlow() and then copying out the relevant bits.

// Need to keep around a few small chunks of memory.
const store = [];

socket.on('readable', () => {
  let data;
  while (null !== (data = readable.read())) {
    // Allocate for retained data.
    const sb = Buffer.allocUnsafeSlow(10);

    // Copy the data into the new allocation.
    data.copy(sb, 0, 0, 10);

    store.push(sb);
  }
});

Buffer.allocUnsafeSlow() should be used only as a last resort after a developer has observed undue memory retention in their applications.

A TypeError will be thrown if size is not a number.

Class Method: Buffer.byteLength(string[, encoding])[src]#

History
VersionChanges
v7.0.0

Passing invalid input will now throw an error.

v5.10.0

The string parameter can now be any TypedArray, DataView or ArrayBuffer.

v0.1.90

Added in: v0.1.90

Returns the actual byte length of a string. This is not the same as String.prototype.length since that returns the number of characters in a string.

For 'base64' and 'hex', this function assumes valid input. For strings that contain non-Base64/Hex-encoded data (e.g. whitespace), the return value might be greater than the length of a Buffer created from the string.

const str = '\u00bd + \u00bc = \u00be';

console.log(`${str}: ${str.length} characters, ` +
            `${Buffer.byteLength(str, 'utf8')} bytes`);
// Prints: ½ + ¼ = ¾: 9 characters, 12 bytes

When string is a Buffer/DataView/TypedArray/ArrayBuffer/ SharedArrayBuffer, the actual byte length is returned.

Class Method: Buffer.compare(buf1, buf2)[src]#

History
VersionChanges
v8.0.0

The arguments can now be Uint8Arrays.

v0.11.13

Added in: v0.11.13

Compares buf1 to buf2 typically for the purpose of sorting arrays of Buffer instances. This is equivalent to calling buf1.compare(buf2).

const buf1 = Buffer.from('1234');
const buf2 = Buffer.from('0123');
const arr = [buf1, buf2];

console.log(arr.sort(Buffer.compare));
// Prints: [ <Buffer 30 31 32 33>, <Buffer 31 32 33 34> ]
// (This result is equal to: [buf2, buf1].)

Class Method: Buffer.concat(list[, totalLength])[src]#

History
VersionChanges
v8.0.0

The elements of list can now be Uint8Arrays.

v0.7.11

Added in: v0.7.11

Returns a new Buffer which is the result of concatenating all the Buffer instances in the list together.

If the list has no items, or if the totalLength is 0, then a new zero-length Buffer is returned.

If totalLength is not provided, it is calculated from the Buffer instances in list. This however causes an additional loop to be executed in order to calculate the totalLength, so it is faster to provide the length explicitly if it is already known.

If totalLength is provided, it is coerced to an unsigned integer. If the combined length of the Buffers in list exceeds totalLength, the result is truncated to totalLength.

// Create a single `Buffer` from a list of three `Buffer` instances.

const buf1 = Buffer.alloc(10);
const buf2 = Buffer.alloc(14);
const buf3 = Buffer.alloc(18);
const totalLength = buf1.length + buf2.length + buf3.length;

console.log(totalLength);
// Prints: 42

const bufA = Buffer.concat([buf1, buf2, buf3], totalLength);

console.log(bufA);
// Prints: <Buffer 00 00 00 00 ...>
console.log(bufA.length);
// Prints: 42

Class Method: Buffer.from(array)[src]#

Added in: v5.10.0

Allocates a new Buffer using an array of octets.

// Creates a new Buffer containing UTF-8 bytes of the string 'buffer'.
const buf = Buffer.from([0x62, 0x75, 0x66, 0x66, 0x65, 0x72]);

A TypeError will be thrown if array is not an Array or other type appropriate for Buffer.from() variants.

Class Method: Buffer.from(arrayBuffer[, byteOffset[, length]])[src]#

Added in: v5.10.0

This creates a view of the ArrayBuffer without copying the underlying memory. For example, when passed a reference to the .buffer property of a TypedArray instance, the newly created Buffer will share the same allocated memory as the TypedArray.

const arr = new Uint16Array(2);

arr[0] = 5000;
arr[1] = 4000;

// Shares memory with `arr`.
const buf = Buffer.from(arr.buffer);

console.log(buf);
// Prints: <Buffer 88 13 a0 0f>

// Changing the original Uint16Array changes the Buffer also.
arr[1] = 6000;

console.log(buf);
// Prints: <Buffer 88 13 70 17>

The optional byteOffset and length arguments specify a memory range within the arrayBuffer that will be shared by the Buffer.

const ab = new ArrayBuffer(10);
const buf = Buffer.from(ab, 0, 2);

console.log(buf.length);
// Prints: 2

A TypeError will be thrown if arrayBuffer is not an ArrayBuffer or a SharedArrayBuffer or other type appropriate for Buffer.from() variants.

Class Method: Buffer.from(buffer)[src]#

Added in: v5.10.0

Copies the passed buffer data onto a new Buffer instance.

const buf1 = Buffer.from('buffer');
const buf2 = Buffer.from(buf1);

buf1[0] = 0x61;

console.log(buf1.toString());
// Prints: auffer
console.log(buf2.toString());
// Prints: buffer

A TypeError will be thrown if buffer is not a Buffer or other type appropriate for Buffer.from() variants.

Class Method: Buffer.from(object[, offsetOrEncoding[, length]])[src]#

Added in: v8.2.0
  • object <Object> An object supporting Symbol.toPrimitive or valueOf().
  • offsetOrEncoding <integer> | <string> A byte-offset or encoding, depending on the value returned either by object.valueOf() or object[Symbol.toPrimitive]().
  • length <integer> A length, depending on the value returned either by object.valueOf() or object[Symbol.toPrimitive]().

For objects whose valueOf() function returns a value not strictly equal to object, returns Buffer.from(object.valueOf(), offsetOrEncoding, length).

const buf = Buffer.from(new String('this is a test'));
// Prints: <Buffer 74 68 69 73 20 69 73 20 61 20 74 65 73 74>

For objects that support Symbol.toPrimitive, returns Buffer.from(object[Symbol.toPrimitive](), offsetOrEncoding, length).

class Foo {
  [Symbol.toPrimitive]() {
    return 'this is a test';
  }
}

const buf = Buffer.from(new Foo(), 'utf8');
// Prints: <Buffer 74 68 69 73 20 69 73 20 61 20 74 65 73 74>

A TypeError will be thrown if object has not mentioned methods or is not of other type appropriate for Buffer.from() variants.

Class Method: Buffer.from(string[, encoding])[src]#

Added in: v5.10.0
  • string <string> A string to encode.
  • encoding <string> The encoding of string. Default: 'utf8'.

Creates a new Buffer containing string. The encoding parameter identifies the character encoding of string.

const buf1 = Buffer.from('this is a tést');
const buf2 = Buffer.from('7468697320697320612074c3a97374', 'hex');

console.log(buf1.toString());
// Prints: this is a tést
console.log(buf2.toString());
// Prints: this is a tést
console.log(buf1.toString('ascii'));
// Prints: this is a tC)st

A TypeError will be thrown if string is not a string or other type appropriate for Buffer.from() variants.

Class Method: Buffer.isBuffer(obj)[src]#

Added in: v0.1.101

Returns true if obj is a Buffer, false otherwise.

Class Method: Buffer.isEncoding(encoding)[src]#

Added in: v0.9.1

Returns true if encoding contains a supported character encoding, or false otherwise.

console.log(Buffer.isEncoding('utf-8'));
// Prints: true

console.log(Buffer.isEncoding('hex'));
// Prints: true

console.log(Buffer.isEncoding('utf/8'));
// Prints: false

console.log(Buffer.isEncoding(''));
// Prints: false

Class Property: Buffer.poolSize[src]#

Added in: v0.11.3

This is the size (in bytes) of pre-allocated internal Buffer instances used for pooling. This value may be modified.

buf[index]#

The index operator [index] can be used to get and set the octet at position index in buf. The values refer to individual bytes, so the legal value range is between 0x00 and 0xFF (hex) or 0 and 255 (decimal).

This operator is inherited from Uint8Array, so its behavior on out-of-bounds access is the same as UInt8Array. In other words, getting returns undefined and setting does nothing.

// Copy an ASCII string into a `Buffer` one byte at a time.

const str = 'Node.js';
const buf = Buffer.allocUnsafe(str.length);

for (let i = 0; i < str.length; i++) {
  buf[i] = str.charCodeAt(i);
}

console.log(buf.toString('ascii'));
// Prints: Node.js

buf.buffer#

  • <ArrayBuffer> The underlying ArrayBuffer object based on which this Buffer object is created.
const arrayBuffer = new ArrayBuffer(16);
const buffer = Buffer.from(arrayBuffer);

console.log(buffer.buffer === arrayBuffer);
// Prints: true

buf.byteOffset#

  • <integer> The byteOffset on the underlying ArrayBuffer object based on which this Buffer object is created.

When setting byteOffset in Buffer.from(ArrayBuffer, byteOffset, length) or sometimes when allocating a buffer smaller than Buffer.poolSize the buffer doesn't start from a zero offset on the underlying ArrayBuffer.

This can cause problems when accessing the underlying ArrayBuffer directly using buf.buffer, as the first bytes in this ArrayBuffer may be unrelated to the buf object itself.

A common issue is when casting a Buffer object to a TypedArray object, in this case one needs to specify the byteOffset correctly:

// Create a buffer smaller than `Buffer.poolSize`.
const nodeBuffer = new Buffer.from([0, 1, 2, 3, 4, 5, 6, 7, 8, 9]);

// When casting the Node.js Buffer to an Int8 TypedArray remember to use the
// byteOffset.
new Int8Array(nodeBuffer.buffer, nodeBuffer.byteOffset, nodeBuffer.length);

buf.compare(target[, targetStart[, targetEnd[, sourceStart[, sourceEnd]]]])[src]#

History
VersionChanges
v8.0.0

The target parameter can now be a Uint8Array.

v5.11.0

Additional parameters for specifying offsets are supported now.

v0.11.13

Added in: v0.11.13

  • target <Buffer> | <Uint8Array> A Buffer or Uint8Array with which to compare buf.
  • targetStart <integer> The offset within target at which to begin comparison. Default: 0.
  • targetEnd <integer> The offset within target at which to end comparison (not inclusive). Default: target.length.
  • sourceStart <integer> The offset within buf at which to begin comparison. Default: 0.
  • sourceEnd <integer> The offset within buf at which to end comparison (not inclusive). Default: buf.length.
  • Returns: <integer>

Compares buf with target and returns a number indicating whether buf comes before, after, or is the same as target in sort order. Comparison is based on the actual sequence of bytes in each Buffer.

  • 0 is returned if target is the same as buf
  • 1 is returned if target should come before buf when sorted.
  • -1 is returned if target should come after buf when sorted.
const buf1 = Buffer.from('ABC');
const buf2 = Buffer.from('BCD');
const buf3 = Buffer.from('ABCD');

console.log(buf1.compare(buf1));
// Prints: 0
console.log(buf1.compare(buf2));
// Prints: -1
console.log(buf1.compare(buf3));
// Prints: -1
console.log(buf2.compare(buf1));
// Prints: 1
console.log(buf2.compare(buf3));
// Prints: 1
console.log([buf1, buf2, buf3].sort(Buffer.compare));
// Prints: [ <Buffer 41 42 43>, <Buffer 41 42 43 44>, <Buffer 42 43 44> ]
// (This result is equal to: [buf1, buf3, buf2].)

The optional targetStart, targetEnd, sourceStart, and sourceEnd arguments can be used to limit the comparison to specific ranges within target and buf respectively.

const buf1 = Buffer.from([1, 2, 3, 4, 5, 6, 7, 8, 9]);
const buf2 = Buffer.from([5, 6, 7, 8, 9, 1, 2, 3, 4]);

console.log(buf1.compare(buf2, 5, 9, 0, 4));
// Prints: 0
console.log(buf1.compare(buf2, 0, 6, 4));
// Prints: -1
console.log(buf1.compare(buf2, 5, 6, 5));
// Prints: 1

ERR_OUT_OF_RANGE is thrown if targetStart < 0, sourceStart < 0, targetEnd > target.byteLength, or sourceEnd > source.byteLength.

buf.copy(target[, targetStart[, sourceStart[, sourceEnd]]])[src]#

Added in: v0.1.90
  • target <Buffer> | <Uint8Array> A Buffer or Uint8Array to copy into.
  • targetStart <integer> The offset within target at which to begin writing. Default: 0.
  • sourceStart <integer> The offset within buf from which to begin copying. Default: 0.
  • sourceEnd <integer> The offset within buf at which to stop copying (not inclusive). Default: buf.length.
  • Returns: <integer> The number of bytes copied.

Copies data from a region of buf to a region in target even if the target memory region overlaps with buf.

// Create two `Buffer` instances.
const buf1 = Buffer.allocUnsafe(26);
const buf2 = Buffer.allocUnsafe(26).fill('!');

for (let i = 0; i < 26; i++) {
  // 97 is the decimal ASCII value for 'a'.
  buf1[i] = i + 97;
}

// Copy `buf1` bytes 16 through 19 into `buf2` starting at byte 8 of `buf2`.
buf1.copy(buf2, 8, 16, 20);

console.log(buf2.toString('ascii', 0, 25));
// Prints: !!!!!!!!qrst!!!!!!!!!!!!!

// Create a `Buffer` and copy data from one region to an overlapping region
// within the same `Buffer`.

const buf = Buffer.allocUnsafe(26);

for (let i = 0; i < 26; i++) {
  // 97 is the decimal ASCII value for 'a'.
  buf[i] = i + 97;
}

buf.copy(buf, 0, 4, 10);

console.log(buf.toString());
// Prints: efghijghijklmnopqrstuvwxyz

buf.entries()#

Added in: v1.1.0

Creates and returns an iterator of [index, byte] pairs from the contents of buf.

// Log the entire contents of a `Buffer`.

const buf = Buffer.from('buffer');

for (const pair of buf.entries()) {
  console.log(pair);
}
// Prints:
//   [0, 98]
//   [1, 117]
//   [2, 102]
//   [3, 102]
//   [4, 101]
//   [5, 114]

buf.equals(otherBuffer)[src]#

History
VersionChanges
v8.0.0

The arguments can now be Uint8Arrays.

v0.11.13

Added in: v0.11.13

Returns true if both buf and otherBuffer have exactly the same bytes, false otherwise.

const buf1 = Buffer.from('ABC');
const buf2 = Buffer.from('414243', 'hex');
const buf3 = Buffer.from('ABCD');

console.log(buf1.equals(buf2));
// Prints: true
console.log(buf1.equals(buf3));
// Prints: false

buf.fill(value[, offset[, end]][, encoding])[src]#

History
VersionChanges
v11.0.0

Throws ERR_OUT_OF_RANGE instead of ERR_INDEX_OUT_OF_RANGE.

v10.0.0

Negative end values throw an ERR_INDEX_OUT_OF_RANGE error.

v10.0.0

Attempting to fill a non-zero length buffer with a zero length buffer triggers a thrown exception.

v10.0.0

Specifying an invalid string for value triggers a thrown exception.

v5.7.0

The encoding parameter is supported now.

v0.5.0

Added in: v0.5.0

Fills buf with the specified value. If the offset and end are not given, the entire buf will be filled:

// Fill a `Buffer` with the ASCII character 'h'.

const b = Buffer.allocUnsafe(50).fill('h');

console.log(b.toString());
// Prints: hhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhhh

value is coerced to a uint32 value if it is not a string, Buffer, or integer. If the resulting integer is greater than 255 (decimal), buf will be filled with value & 255.

If the final write of a fill() operation falls on a multi-byte character, then only the bytes of that character that fit into buf are written:

// Fill a `Buffer` with a two-byte character.

console.log(Buffer.allocUnsafe(3).fill('\u0222'));
// Prints: <Buffer c8 a2 c8>

If value contains invalid characters, it is truncated; if no valid fill data remains, an exception is thrown:

const buf = Buffer.allocUnsafe(5);

console.log(buf.fill('a'));
// Prints: <Buffer 61 61 61 61 61>
console.log(buf.fill('aazz', 'hex'));
// Prints: <Buffer aa aa aa aa aa>
console.log(buf.fill('zz', 'hex'));
// Throws an exception.

buf.includes(value[, byteOffset][, encoding])[src]#

Added in: v5.3.0
  • value <string> | <Buffer> | <Uint8Array> | <integer> What to search for.
  • byteOffset <integer> Where to begin searching in buf. If negative, then offset is calculated from the end of buf. Default: 0.
  • encoding <string> If value is a string, this is its encoding. Default: 'utf8'.
  • Returns: <boolean> true if value was found in buf, false otherwise.

Equivalent to buf.indexOf() !== -1.

const buf = Buffer.from('this is a buffer');

console.log(buf.includes('this'));
// Prints: true
console.log(buf.includes('is'));
// Prints: true
console.log(buf.includes(Buffer.from('a buffer')));
// Prints: true
console.log(buf.includes(97));
// Prints: true (97 is the decimal ASCII value for 'a')
console.log(buf.includes(Buffer.from('a buffer example')));
// Prints: false
console.log(buf.includes(Buffer.from('a buffer example').slice(0, 8)));
// Prints: true
console.log(buf.includes('this', 4));
// Prints: false

buf.indexOf(value[, byteOffset][, encoding])[src]#

History
VersionChanges
v8.0.0

The value can now be a Uint8Array.

v5.7.0, v4.4.0

When encoding is being passed, the byteOffset parameter is no longer required.

v1.5.0

Added in: v1.5.0

  • value <string> | <Buffer> | <Uint8Array> | <integer> What to search for.
  • byteOffset <integer> Where to begin searching in buf. If negative, then offset is calculated from the end of buf. Default: 0.
  • encoding <string> If value is a string, this is the encoding used to determine the binary representation of the string that will be searched for in buf. Default: 'utf8'.
  • Returns: <integer> The index of the first occurrence of value in buf, or -1 if buf does not contain value.

If value is:

  • a string, value is interpreted according to the character encoding in encoding.
  • a Buffer or Uint8Array, value will be used in its entirety. To compare a partial Buffer, use buf.slice().
  • a number, value will be interpreted as an unsigned 8-bit integer value between 0 and 255.
const buf = Buffer.from('this is a buffer');

console.log(buf.indexOf('this'));
// Prints: 0
console.log(buf.indexOf('is'));
// Prints: 2
console.log(buf.indexOf(Buffer.from('a buffer')));
// Prints: 8
console.log(buf.indexOf(97));
// Prints: 8 (97 is the decimal ASCII value for 'a')
console.log(buf.indexOf(Buffer.from('a buffer example')));
// Prints: -1
console.log(buf.indexOf(Buffer.from('a buffer example').slice(0, 8)));
// Prints: 8

const utf16Buffer = Buffer.from('\u039a\u0391\u03a3\u03a3\u0395', 'utf16le');

console.log(utf16Buffer.indexOf('\u03a3', 0, 'utf16le'));
// Prints: 4
console.log(utf16Buffer.indexOf('\u03a3', -4, 'utf16le'));
// Prints: 6

If value is not a string, number, or Buffer, this method will throw a TypeError. If value is a number, it will be coerced to a valid byte value, an integer between 0 and 255.

If byteOffset is not a number, it will be coerced to a number. If the result of coercion is NaN or 0, then the entire buffer will be searched. This behavior matches String#indexOf().

const b = Buffer.from('abcdef');

// Passing a value that's a number, but not a valid byte.
// Prints: 2, equivalent to searching for 99 or 'c'.
console.log(b.indexOf(99.9));
console.log(b.indexOf(256 + 99));

// Passing a byteOffset that coerces to NaN or 0.
// Prints: 1, searching the whole buffer.
console.log(b.indexOf('b', undefined));
console.log(b.indexOf('b', {}));
console.log(b.indexOf('b', null));
console.log(b.indexOf('b', []));

If value is an empty string or empty Buffer and byteOffset is less than buf.length, byteOffset will be returned. If value is empty and byteOffset is at least buf.length, buf.length will be returned.

buf.keys()#

Added in: v1.1.0

Creates and returns an iterator of buf keys (indices).

const buf = Buffer.from('buffer');

for (const key of buf.keys()) {
  console.log(key);
}
// Prints:
//   0
//   1
//   2
//   3
//   4
//   5

buf.lastIndexOf(value[, byteOffset][, encoding])[src]#

History
VersionChanges
v8.0.0

The value can now be a Uint8Array.

v6.0.0

Added in: v6.0.0

  • value <string> | <Buffer> | <Uint8Array> | <integer> What to search for.
  • byteOffset <integer> Where to begin searching in buf. If negative, then offset is calculated from the end of buf. Default: buf.length - 1.
  • encoding <string> If value is a string, this is the encoding used to determine the binary representation of the string that will be searched for in buf. Default: 'utf8'.
  • Returns: <integer> The index of the last occurrence of value in buf, or -1 if buf does not contain value.

Identical to buf.indexOf(), except the last occurrence of value is found rather than the first occurrence.

const buf = Buffer.from('this buffer is a buffer');

console.log(buf.lastIndexOf('this'));
// Prints: 0
console.log(buf.lastIndexOf('buffer'));
// Prints: 17
console.log(buf.lastIndexOf(Buffer.from('buffer')));
// Prints: 17
console.log(buf.lastIndexOf(97));
// Prints: 15 (97 is the decimal ASCII value for 'a')
console.log(buf.lastIndexOf(Buffer.from('yolo')));
// Prints: -1
console.log(buf.lastIndexOf('buffer', 5));
// Prints: 5
console.log(buf.lastIndexOf('buffer', 4));
// Prints: -1

const utf16Buffer = Buffer.from('\u039a\u0391\u03a3\u03a3\u0395', 'utf16le');

console.log(utf16Buffer.lastIndexOf('\u03a3', undefined, 'utf16le'));
// Prints: 6
console.log(utf16Buffer.lastIndexOf('\u03a3', -5, 'utf16le'));
// Prints: 4

If value is not a string, number, or Buffer, this method will throw a TypeError. If value is a number, it will be coerced to a valid byte value, an integer between 0 and 255.

If byteOffset is not a number, it will be coerced to a number. Any arguments that coerce to NaN, like {} or undefined, will search the whole buffer. This behavior matches String#lastIndexOf().

const b = Buffer.from('abcdef');

// Passing a value that's a number, but not a valid byte.
// Prints: 2, equivalent to searching for 99 or 'c'.
console.log(b.lastIndexOf(99.9));
console.log(b.lastIndexOf(256 + 99));

// Passing a byteOffset that coerces to NaN.
// Prints: 1, searching the whole buffer.
console.log(b.lastIndexOf('b', undefined));
console.log(b.lastIndexOf('b', {}));

// Passing a byteOffset that coerces to 0.
// Prints: -1, equivalent to passing 0.
console.log(b.lastIndexOf('b', null));
console.log(b.lastIndexOf('b', []));

If value is an empty string or empty Buffer, byteOffset will be returned.

buf.length#

Added in: v0.1.90

Returns the amount of memory allocated for buf in bytes. This does not necessarily reflect the amount of "usable" data within buf.

// Create a `Buffer` and write a shorter ASCII string to it.

const buf = Buffer.alloc(1234);

console.log(buf.length);
// Prints: 1234

buf.write('some string', 0, 'ascii');

console.log(buf.length);
// Prints: 1234

While the length property is not immutable, changing the value of length can result in undefined and inconsistent behavior. Applications that wish to modify the length of a Buffer should therefore treat length as read-only and use buf.slice() to create a new Buffer.

let buf = Buffer.allocUnsafe(10);

buf.write('abcdefghj', 0, 'ascii');

console.log(buf.length);
// Prints: 10

buf = buf.slice(0, 5);

console.log(buf.length);
// Prints: 5

buf.parent#

Deprecated since: v8.0.0

Stability: 0 - Deprecated: Use buf.buffer instead.

The buf.parent property is a deprecated alias for buf.buffer.

buf.readBigInt64BE([offset])#

buf.readBigInt64LE([offset])#

Added in: v12.0.0
  • offset <integer> Number of bytes to skip before starting to read. Must satisfy: 0 <= offset <= buf.length - 8. Default: 0.
  • Returns: <bigint>

Reads a signed 64-bit integer from buf at the specified offset with the specified endian format (readBigInt64BE() returns big endian, readBigInt64LE() returns little endian).

Integers read from a Buffer are interpreted as two's complement signed values.

buf.readBigUInt64BE([offset])#

buf.readBigUInt64LE([offset])#

Added in: v12.0.0
  • offset <integer> Number of bytes to skip before starting to read. Must satisfy: 0 <= offset <= buf.length - 8. Default: 0.
  • Returns: <bigint>

Reads an unsigned 64-bit integer from buf at the specified offset with specified endian format (readBigUInt64BE() returns big endian, readBigUInt64LE() returns little endian).

const buf = Buffer.from([0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff]);

console.log(buf.readBigUInt64BE(0));
// Prints: 4294967295n

console.log(buf.readBigUInt64LE(0));
// Prints: 18446744069414584320n

buf.readDoubleBE([offset])#

buf.readDoubleLE([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.11.15

Added in: v0.11.15

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 8. Default: 0.
  • Returns: <number>

Reads a 64-bit double from buf at the specified offset with specified endian format (readDoubleBE() returns big endian, readDoubleLE() returns little endian).

const buf = Buffer.from([1, 2, 3, 4, 5, 6, 7, 8]);

console.log(buf.readDoubleBE(0));
// Prints: 8.20788039913184e-304
console.log(buf.readDoubleLE(0));
// Prints: 5.447603722011605e-270
console.log(buf.readDoubleLE(1));
// Throws ERR_OUT_OF_RANGE.

buf.readFloatBE([offset])#

buf.readFloatLE([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.11.15

Added in: v0.11.15

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 4. Default: 0.
  • Returns: <number>

Reads a 32-bit float from buf at the specified offset with specified endian format (readFloatBE() returns big endian, readFloatLE() returns little endian).

const buf = Buffer.from([1, 2, 3, 4]);

console.log(buf.readFloatBE(0));
// Prints: 2.387939260590663e-38
console.log(buf.readFloatLE(0));
// Prints: 1.539989614439558e-36
console.log(buf.readFloatLE(1));
// Throws ERR_OUT_OF_RANGE.

buf.readInt8([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.0

Added in: v0.5.0

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 1. Default: 0.
  • Returns: <integer>

Reads a signed 8-bit integer from buf at the specified offset.

Integers read from a Buffer are interpreted as two's complement signed values.

const buf = Buffer.from([-1, 5]);

console.log(buf.readInt8(0));
// Prints: -1
console.log(buf.readInt8(1));
// Prints: 5
console.log(buf.readInt8(2));
// Throws ERR_OUT_OF_RANGE.

buf.readInt16BE([offset])#

buf.readInt16LE([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 2. Default: 0.
  • Returns: <integer>

Reads a signed 16-bit integer from buf at the specified offset with the specified endian format (readInt16BE() returns big endian, readInt16LE() returns little endian).

Integers read from a Buffer are interpreted as two's complement signed values.

const buf = Buffer.from([0, 5]);

console.log(buf.readInt16BE(0));
// Prints: 5
console.log(buf.readInt16LE(0));
// Prints: 1280
console.log(buf.readInt16LE(1));
// Throws ERR_OUT_OF_RANGE.

buf.readInt32BE([offset])#

buf.readInt32LE([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 4. Default: 0.
  • Returns: <integer>

Reads a signed 32-bit integer from buf at the specified offset with the specified endian format (readInt32BE() returns big endian, readInt32LE() returns little endian).

Integers read from a Buffer are interpreted as two's complement signed values.

const buf = Buffer.from([0, 0, 0, 5]);

console.log(buf.readInt32BE(0));
// Prints: 5
console.log(buf.readInt32LE(0));
// Prints: 83886080
console.log(buf.readInt32LE(1));
// Throws ERR_OUT_OF_RANGE.

buf.readIntBE(offset, byteLength)#

buf.readIntLE(offset, byteLength)#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset and byteLength to uint32 anymore.

v0.11.15

Added in: v0.11.15

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - byteLength.
  • byteLength <integer> Number of bytes to read. Must satisfy 0 < byteLength <= 6.
  • Returns: <integer>

Reads byteLength number of bytes from buf at the specified offset and interprets the result as a two's complement signed value. Supports up to 48 bits of accuracy.

const buf = Buffer.from([0x12, 0x34, 0x56, 0x78, 0x90, 0xab]);

console.log(buf.readIntLE(0, 6).toString(16));
// Prints: -546f87a9cbee
console.log(buf.readIntBE(0, 6).toString(16));
// Prints: 1234567890ab
console.log(buf.readIntBE(1, 6).toString(16));
// Throws ERR_OUT_OF_RANGE.
console.log(buf.readIntBE(1, 0).toString(16));
// Throws ERR_OUT_OF_RANGE.

buf.readUInt8([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.0

Added in: v0.5.0

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 1. Default: 0.
  • Returns: <integer>

Reads an unsigned 8-bit integer from buf at the specified offset.

const buf = Buffer.from([1, -2]);

console.log(buf.readUInt8(0));
// Prints: 1
console.log(buf.readUInt8(1));
// Prints: 254
console.log(buf.readUInt8(2));
// Throws ERR_OUT_OF_RANGE.

buf.readUInt16BE([offset])#

buf.readUInt16LE([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 2. Default: 0.
  • Returns: <integer>

Reads an unsigned 16-bit integer from buf at the specified offset with specified endian format (readUInt16BE() returns big endian, readUInt16LE() returns little endian).

const buf = Buffer.from([0x12, 0x34, 0x56]);

console.log(buf.readUInt16BE(0).toString(16));
// Prints: 1234
console.log(buf.readUInt16LE(0).toString(16));
// Prints: 3412
console.log(buf.readUInt16BE(1).toString(16));
// Prints: 3456
console.log(buf.readUInt16LE(1).toString(16));
// Prints: 5634
console.log(buf.readUInt16LE(2).toString(16));
// Throws ERR_OUT_OF_RANGE.

buf.readUInt32BE([offset])#

buf.readUInt32LE([offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - 4. Default: 0.
  • Returns: <integer>

Reads an unsigned 32-bit integer from buf at the specified offset with specified endian format (readUInt32BE() returns big endian, readUInt32LE() returns little endian).

const buf = Buffer.from([0x12, 0x34, 0x56, 0x78]);

console.log(buf.readUInt32BE(0).toString(16));
// Prints: 12345678
console.log(buf.readUInt32LE(0).toString(16));
// Prints: 78563412
console.log(buf.readUInt32LE(1).toString(16));
// Throws ERR_OUT_OF_RANGE.

buf.readUIntBE(offset, byteLength)#

buf.readUIntLE(offset, byteLength)#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset and byteLength to uint32 anymore.

v0.11.15

Added in: v0.11.15

  • offset <integer> Number of bytes to skip before starting to read. Must satisfy 0 <= offset <= buf.length - byteLength.
  • byteLength <integer> Number of bytes to read. Must satisfy 0 < byteLength <= 6.
  • Returns: <integer>

Reads byteLength number of bytes from buf at the specified offset and interprets the result as an unsigned integer. Supports up to 48 bits of accuracy.

const buf = Buffer.from([0x12, 0x34, 0x56, 0x78, 0x90, 0xab]);

console.log(buf.readUIntBE(0, 6).toString(16));
// Prints: 1234567890ab
console.log(buf.readUIntLE(0, 6).toString(16));
// Prints: ab9078563412
console.log(buf.readUIntBE(1, 6).toString(16));
// Throws ERR_OUT_OF_RANGE.

buf.subarray([start[, end]])#

Added in: v3.0.0

Returns a new Buffer that references the same memory as the original, but offset and cropped by the start and end indices.

Specifying end greater than buf.length will return the same result as that of end equal to buf.length.

Modifying the new Buffer slice will modify the memory in the original Buffer because the allocated memory of the two objects overlap.

// Create a `Buffer` with the ASCII alphabet, take a slice, and modify one byte
// from the original `Buffer`.

const buf1 = Buffer.allocUnsafe(26);

for (let i = 0; i < 26; i++) {
  // 97 is the decimal ASCII value for 'a'.
  buf1[i] = i + 97;
}

const buf2 = buf1.subarray(0, 3);

console.log(buf2.toString('ascii', 0, buf2.length));
// Prints: abc

buf1[0] = 33;

console.log(buf2.toString('ascii', 0, buf2.length));
// Prints: !bc

Specifying negative indexes causes the slice to be generated relative to the end of buf rather than the beginning.

const buf = Buffer.from('buffer');

console.log(buf.subarray(-6, -1).toString());
// Prints: buffe
// (Equivalent to buf.subarray(0, 5).)

console.log(buf.subarray(-6, -2).toString());
// Prints: buff
// (Equivalent to buf.subarray(0, 4).)

console.log(buf.subarray(-5, -2).toString());
// Prints: uff
// (Equivalent to buf.subarray(1, 4).)

buf.slice([start[, end]])[src]#

History
VersionChanges
v7.1.0, v6.9.2

Coercing the offsets to integers now handles values outside the 32-bit integer range properly.

v7.0.0

All offsets are now coerced to integers before doing any calculations with them.

v0.3.0

Added in: v0.3.0

Returns a new Buffer that references the same memory as the original, but offset and cropped by the start and end indices.

This is the same behavior as buf.subarray().

This method is not compatible with the Uint8Array.prototype.slice(), which is a superclass of Buffer. To copy the slice, use Uint8Array.prototype.slice().

const buf = Buffer.from('buffer');

const copiedBuf = Uint8Array.prototype.slice.call(buf);
copiedBuf[0]++;
console.log(copiedBuf.toString());
// Prints: cuffer

console.log(buf.toString());
// Prints: buffer

buf.swap16()[src]#

Added in: v5.10.0

Interprets buf as an array of unsigned 16-bit integers and swaps the byte order in-place. Throws ERR_INVALID_BUFFER_SIZE if buf.length is not a multiple of 2.

const buf1 = Buffer.from([0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8]);

console.log(buf1);
// Prints: <Buffer 01 02 03 04 05 06 07 08>

buf1.swap16();

console.log(buf1);
// Prints: <Buffer 02 01 04 03 06 05 08 07>

const buf2 = Buffer.from([0x1, 0x2, 0x3]);

buf2.swap16();
// Throws ERR_INVALID_BUFFER_SIZE.

One convenient use of buf.swap16() is to perform a fast in-place conversion between UTF-16 little-endian and UTF-16 big-endian:

const buf = Buffer.from('This is little-endian UTF-16', 'utf16le');
buf.swap16(); // Convert to big-endian UTF-16 text.

buf.swap32()[src]#

Added in: v5.10.0

Interprets buf as an array of unsigned 32-bit integers and swaps the byte order in-place. Throws ERR_INVALID_BUFFER_SIZE if buf.length is not a multiple of 4.

const buf1 = Buffer.from([0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8]);

console.log(buf1);
// Prints: <Buffer 01 02 03 04 05 06 07 08>

buf1.swap32();

console.log(buf1);
// Prints: <Buffer 04 03 02 01 08 07 06 05>

const buf2 = Buffer.from([0x1, 0x2, 0x3]);

buf2.swap32();
// Throws ERR_INVALID_BUFFER_SIZE.

buf.swap64()[src]#

Added in: v6.3.0

Interprets buf as an array of 64-bit numbers and swaps byte order in-place. Throws ERR_INVALID_BUFFER_SIZE if buf.length is not a multiple of 8.

const buf1 = Buffer.from([0x1, 0x2, 0x3, 0x4, 0x5, 0x6, 0x7, 0x8]);

console.log(buf1);
// Prints: <Buffer 01 02 03 04 05 06 07 08>

buf1.swap64();

console.log(buf1);
// Prints: <Buffer 08 07 06 05 04 03 02 01>

const buf2 = Buffer.from([0x1, 0x2, 0x3]);

buf2.swap64();
// Throws ERR_INVALID_BUFFER_SIZE.

JavaScript cannot encode 64-bit integers. This method is intended for working with 64-bit floats.

buf.toJSON()[src]#

Added in: v0.9.2

Returns a JSON representation of buf. JSON.stringify() implicitly calls this function when stringifying a Buffer instance.

const buf = Buffer.from([0x1, 0x2, 0x3, 0x4, 0x5]);
const json = JSON.stringify(buf);

console.log(json);
// Prints: {"type":"Buffer","data":[1,2,3,4,5]}

const copy = JSON.parse(json, (key, value) => {
  return value && value.type === 'Buffer' ?
    Buffer.from(value.data) :
    value;
});

console.log(copy);
// Prints: <Buffer 01 02 03 04 05>

buf.toString([encoding[, start[, end]]])[src]#

Added in: v0.1.90
  • encoding <string> The character encoding to use. Default: 'utf8'.
  • start <integer> The byte offset to start decoding at. Default: 0.
  • end <integer> The byte offset to stop decoding at (not inclusive). Default: buf.length.
  • Returns: <string>

Decodes buf to a string according to the specified character encoding in encoding. start and end may be passed to decode only a subset of buf.

The maximum length of a string instance (in UTF-16 code units) is available as buffer.constants.MAX_STRING_LENGTH.

const buf1 = Buffer.allocUnsafe(26);

for (let i = 0; i < 26; i++) {
  // 97 is the decimal ASCII value for 'a'.
  buf1[i] = i + 97;
}

console.log(buf1.toString('ascii'));
// Prints: abcdefghijklmnopqrstuvwxyz
console.log(buf1.toString('ascii', 0, 5));
// Prints: abcde

const buf2 = Buffer.from('tést');

console.log(buf2.toString('hex'));
// Prints: 74c3a97374
console.log(buf2.toString('utf8', 0, 3));
// Prints: té
console.log(buf2.toString(undefined, 0, 3));
// Prints: té

buf.values()#

Added in: v1.1.0

Creates and returns an iterator for buf values (bytes). This function is called automatically when a Buffer is used in a for..of statement.

const buf = Buffer.from('buffer');

for (const value of buf.values()) {
  console.log(value);
}
// Prints:
//   98
//   117
//   102
//   102
//   101
//   114

for (const value of buf) {
  console.log(value);
}
// Prints:
//   98
//   117
//   102
//   102
//   101
//   114

buf.write(string[, offset[, length]][, encoding])[src]#

Added in: v0.1.90
  • string <string> String to write to buf.
  • offset <integer> Number of bytes to skip before starting to write string. Default: 0.
  • length <integer> Number of bytes to write. Default: buf.length - offset.
  • encoding <string> The character encoding of string. Default: 'utf8'.
  • Returns: <integer> Number of bytes written.

Writes string to buf at offset according to the character encoding in encoding. The length parameter is the number of bytes to write. If buf did not contain enough space to fit the entire string, only part of string will be written. However, partially encoded characters will not be written.

const buf = Buffer.alloc(256);

const len = buf.write('\u00bd + \u00bc = \u00be', 0);

console.log(`${len} bytes: ${buf.toString('utf8', 0, len)}`);
// Prints: 12 bytes: ½ + ¼ = ¾

buf.writeBigInt64BE(value[, offset])#

buf.writeBigInt64LE(value[, offset])#

Added in: v12.0.0
  • value <bigint> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy: 0 <= offset <= buf.length - 8. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeBigInt64BE() writes big endian, writeBigInt64LE() writes little endian).

value is interpreted and written as a two's complement signed integer.

const buf = Buffer.allocUnsafe(8);

buf.writeBigInt64BE(0x0102030405060708n, 0);

console.log(buf);
// Prints: <Buffer 01 02 03 04 05 06 07 08>

buf.writeBigUInt64BE(value[, offset])#

buf.writeBigUInt64LE(value[, offset])#

Added in: v12.0.0
  • value <bigint> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy: 0 <= offset <= buf.length - 8. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeBigUInt64BE() writes big endian, writeBigUInt64LE() writes little endian).

const buf = Buffer.allocUnsafe(8);

buf.writeBigUInt64LE(0xdecafafecacefaden, 0);

console.log(buf);
// Prints: <Buffer de fa ce ca fe fa ca de>

buf.writeDoubleBE(value[, offset])#

buf.writeDoubleLE(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.11.15

Added in: v0.11.15

  • value <number> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 8. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeDoubleBE() writes big endian, writeDoubleLE() writes little endian). value should be a valid 64-bit double. Behavior is undefined when value is anything other than a 64-bit double.

const buf = Buffer.allocUnsafe(8);

buf.writeDoubleBE(123.456, 0);

console.log(buf);
// Prints: <Buffer 40 5e dd 2f 1a 9f be 77>

buf.writeDoubleLE(123.456, 0);

console.log(buf);
// Prints: <Buffer 77 be 9f 1a 2f dd 5e 40>

buf.writeFloatBE(value[, offset])#

buf.writeFloatLE(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.11.15

Added in: v0.11.15

  • value <number> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 4. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeFloatBE() writes big endian, writeFloatLE() writes little endian). value should be a valid 32-bit float. Behavior is undefined when value is anything other than a 32-bit float.

const buf = Buffer.allocUnsafe(4);

buf.writeFloatBE(0xcafebabe, 0);

console.log(buf);
// Prints: <Buffer 4f 4a fe bb>

buf.writeFloatLE(0xcafebabe, 0);

console.log(buf);
// Prints: <Buffer bb fe 4a 4f>

buf.writeInt8(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.0

Added in: v0.5.0

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 1. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset. value should be a valid signed 8-bit integer. Behavior is undefined when value is anything other than a signed 8-bit integer.

value is interpreted and written as a two's complement signed integer.

const buf = Buffer.allocUnsafe(2);

buf.writeInt8(2, 0);
buf.writeInt8(-2, 1);

console.log(buf);
// Prints: <Buffer 02 fe>

buf.writeInt16BE(value[, offset])#

buf.writeInt16LE(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 2. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeInt16BE() writes big endian, writeInt16LE() writes little endian). value should be a valid signed 16-bit integer. Behavior is undefined when value is anything other than a signed 16-bit integer.

value is interpreted and written as a two's complement signed integer.

const buf = Buffer.allocUnsafe(4);

buf.writeInt16BE(0x0102, 0);
buf.writeInt16LE(0x0304, 2);

console.log(buf);
// Prints: <Buffer 01 02 04 03>

buf.writeInt32BE(value[, offset])#

buf.writeInt32LE(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 4. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeInt32BE() writes big endian, writeInt32LE() writes little endian). value should be a valid signed 32-bit integer. Behavior is undefined when value is anything other than a signed 32-bit integer.

value is interpreted and written as a two's complement signed integer.

const buf = Buffer.allocUnsafe(8);

buf.writeInt32BE(0x01020304, 0);
buf.writeInt32LE(0x05060708, 4);

console.log(buf);
// Prints: <Buffer 01 02 03 04 08 07 06 05>

buf.writeIntBE(value, offset, byteLength)#

buf.writeIntLE(value, offset, byteLength)#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset and byteLength to uint32 anymore.

v0.11.15

Added in: v0.11.15

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - byteLength.
  • byteLength <integer> Number of bytes to write. Must satisfy 0 < byteLength <= 6.
  • Returns: <integer> offset plus the number of bytes written.

Writes byteLength bytes of value to buf at the specified offset. Supports up to 48 bits of accuracy. Behavior is undefined when value is anything other than a signed integer.

const buf = Buffer.allocUnsafe(6);

buf.writeIntBE(0x1234567890ab, 0, 6);

console.log(buf);
// Prints: <Buffer 12 34 56 78 90 ab>

buf.writeIntLE(0x1234567890ab, 0, 6);

console.log(buf);
// Prints: <Buffer ab 90 78 56 34 12>

buf.writeUInt8(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.0

Added in: v0.5.0

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 1. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset. value should be a valid unsigned 8-bit integer. Behavior is undefined when value is anything other than an unsigned 8-bit integer.

const buf = Buffer.allocUnsafe(4);

buf.writeUInt8(0x3, 0);
buf.writeUInt8(0x4, 1);
buf.writeUInt8(0x23, 2);
buf.writeUInt8(0x42, 3);

console.log(buf);
// Prints: <Buffer 03 04 23 42>

buf.writeUInt16BE(value[, offset])#

buf.writeUInt16LE(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 2. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeUInt16BE() writes big endian, writeUInt16LE() writes little endian). value should be a valid unsigned 16-bit integer. Behavior is undefined when value is anything other than an unsigned 16-bit integer.

const buf = Buffer.allocUnsafe(4);

buf.writeUInt16BE(0xdead, 0);
buf.writeUInt16BE(0xbeef, 2);

console.log(buf);
// Prints: <Buffer de ad be ef>

buf.writeUInt16LE(0xdead, 0);
buf.writeUInt16LE(0xbeef, 2);

console.log(buf);
// Prints: <Buffer ad de ef be>

buf.writeUInt32BE(value[, offset])#

buf.writeUInt32LE(value[, offset])#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - 4. Default: 0.
  • Returns: <integer> offset plus the number of bytes written.

Writes value to buf at the specified offset with specified endian format (writeUInt32BE() writes big endian, writeUInt32LE() writes little endian). value should be a valid unsigned 32-bit integer. Behavior is undefined when value is anything other than an unsigned 32-bit integer.

const buf = Buffer.allocUnsafe(4);

buf.writeUInt32BE(0xfeedface, 0);

console.log(buf);
// Prints: <Buffer fe ed fa ce>

buf.writeUInt32LE(0xfeedface, 0);

console.log(buf);
// Prints: <Buffer ce fa ed fe>

buf.writeUIntBE(value, offset, byteLength)#

buf.writeUIntLE(value, offset, byteLength)#

History
VersionChanges
v10.0.0

Removed noAssert and no implicit coercion of the offset and byteLength to uint32 anymore.

v0.5.5

Added in: v0.5.5

  • value <integer> Number to be written to buf.
  • offset <integer> Number of bytes to skip before starting to write. Must satisfy 0 <= offset <= buf.length - byteLength.
  • byteLength <integer> Number of bytes to write. Must satisfy 0 < byteLength <= 6.
  • Returns: <integer> offset plus the number of bytes written.

Writes byteLength bytes of value to buf at the specified offset. Supports up to 48 bits of accuracy. Behavior is undefined when value is anything other than an unsigned integer.

const buf = Buffer.allocUnsafe(6);

buf.writeUIntBE(0x1234567890ab, 0, 6);

console.log(buf);
// Prints: <Buffer 12 34 56 78 90 ab>

buf.writeUIntLE(0x1234567890ab, 0, 6);

console.log(buf);
// Prints: <Buffer ab 90 78 56 34 12>

buffer.INSPECT_MAX_BYTES#

Added in: v0.5.4

Returns the maximum number of bytes that will be returned when buf.inspect() is called. This can be overridden by user modules. See util.inspect() for more details on buf.inspect() behavior.

This is a property on the buffer module returned by require('buffer'), not on the Buffer global or a Buffer instance.

buffer.kMaxLength#

Added in: v3.0.0
  • <integer> The largest size allowed for a single Buffer instance.

An alias for buffer.constants.MAX_LENGTH.

This is a property on the buffer module returned by require('buffer'), not on the Buffer global or a Buffer instance.

buffer.transcode(source, fromEnc, toEnc)#

History
VersionChanges
v8.0.0

The source parameter can now be a Uint8Array.

v7.1.0

Added in: v7.1.0

Re-encodes the given Buffer or Uint8Array instance from one character encoding to another. Returns a new Buffer instance.

Throws if the fromEnc or toEnc specify invalid character encodings or if conversion from fromEnc to toEnc is not permitted.

Encodings supported by buffer.transcode() are: 'ascii', 'utf8', 'utf16le', 'ucs2', 'latin1', and 'binary'.

The transcoding process will use substitution characters if a given byte sequence cannot be adequately represented in the target encoding. For instance:

const buffer = require('buffer');

const newBuf = buffer.transcode(Buffer.from('€'), 'utf8', 'ascii');
console.log(newBuf.toString('ascii'));
// Prints: '?'

Because the Euro () sign is not representable in US-ASCII, it is replaced with ? in the transcoded Buffer.

This is a property on the buffer module returned by require('buffer'), not on the Buffer global or a Buffer instance.

Class: SlowBuffer#

Deprecated since: v6.0.0

Stability: 0 - Deprecated: Use Buffer.allocUnsafeSlow() instead.

Returns an un-pooled Buffer.

In order to avoid the garbage collection overhead of creating many individually allocated Buffer instances, by default allocations under 4KB are sliced from a single larger allocated object.

In the case where a developer may need to retain a small chunk of memory from a pool for an indeterminate amount of time, it may be appropriate to create an un-pooled Buffer instance using SlowBuffer then copy out the relevant bits.

// Need to keep around a few small chunks of memory.
const store = [];

socket.on('readable', () => {
  let data;
  while (null !== (data = readable.read())) {
    // Allocate for retained data.
    const sb = SlowBuffer(10);

    // Copy the data into the new allocation.
    data.copy(sb, 0, 0, 10);

    store.push(sb);
  }
});

Use of SlowBuffer should be used only as a last resort after a developer has observed undue memory retention in their applications.

new SlowBuffer(size)#

Deprecated since: v6.0.0

Stability: 0 - Deprecated: Use Buffer.allocUnsafeSlow() instead.

  • size <integer> The desired length of the new SlowBuffer.

Allocates a new Buffer of size bytes. If size is larger than buffer.constants.MAX_LENGTH or smaller than 0, ERR_INVALID_OPT_VALUE is thrown. A zero-length Buffer is created if size is 0.

The underlying memory for SlowBuffer instances is not initialized. The contents of a newly created SlowBuffer are unknown and may contain sensitive data. Use buf.fill(0) to initialize a SlowBuffer with zeroes.

const { SlowBuffer } = require('buffer');

const buf = new SlowBuffer(5);

console.log(buf);
// Prints: (contents may vary): <Buffer 78 e0 82 02 01>

buf.fill(0);

console.log(buf);
// Prints: <Buffer 00 00 00 00 00>

Buffer Constants#

Added in: v8.2.0

buffer.constants is a property on the buffer module returned by require('buffer'), not on the Buffer global or a Buffer instance.

buffer.constants.MAX_LENGTH#

Added in: v8.2.0
  • <integer> The largest size allowed for a single Buffer instance.

On 32-bit architectures, this value is (2^30)-1 (~1GB). On 64-bit architectures, this value is (2^31)-1 (~2GB).

This value is also available as buffer.kMaxLength.

buffer.constants.MAX_STRING_LENGTH#

Added in: v8.2.0
  • <integer> The largest length allowed for a single string instance.

Represents the largest length that a string primitive can have, counted in UTF-16 code units.

This value may depend on the JS engine that is being used.

C++ Addons#

Node.js Addons are dynamically-linked shared objects, written in C++, that can be loaded into Node.js using the require() function, and used just as if they were an ordinary Node.js module. They are used primarily to provide an interface between JavaScript running in Node.js and C/C++ libraries.

There are three options for implementing Addons: N-API, nan, or direct use of internal V8, libuv and Node.js libraries. Unless you need direct access to functionality which is not exposed by N-API, use N-API. Refer to C/C++ Addons with N-API for more information on N-API.

When not using N-API, implementing Addons is complicated, involving knowledge of several components and APIs:

  • V8: the C++ library Node.js currently uses to provide the JavaScript implementation. V8 provides the mechanisms for creating objects, calling functions, etc. V8's API is documented mostly in the v8.h header file (deps/v8/include/v8.h in the Node.js source tree), which is also available online.

  • libuv: The C library that implements the Node.js event loop, its worker threads and all of the asynchronous behaviors of the platform. It also serves as a cross-platform abstraction library, giving easy, POSIX-like access across all major operating systems to many common system tasks, such as interacting with the filesystem, sockets, timers, and system events. libuv also provides a pthreads-like threading abstraction that may be used to power more sophisticated asynchronous Addons that need to move beyond the standard event loop. Addon authors are encouraged to think about how to avoid blocking the event loop with I/O or other time-intensive tasks by off-loading work via libuv to non-blocking system operations, worker threads or a custom use of libuv's threads.

  • Internal Node.js libraries. Node.js itself exports C++ APIs that Addons can use, the most important of which is the node::ObjectWrap class.

  • Node.js includes other statically linked libraries including OpenSSL. These other libraries are located in the deps/ directory in the Node.js source tree. Only the libuv, OpenSSL, V8 and zlib symbols are purposefully re-exported by Node.js and may be used to various extents by Addons. See Linking to Node.js' own dependencies for additional information.

All of the following examples are available for download and may be used as the starting-point for an Addon.

Hello world#

This "Hello world" example is a simple Addon, written in C++, that is the equivalent of the following JavaScript code:

module.exports.hello = () => 'world';

First, create the file hello.cc:

// hello.cc
#include <node.h>

namespace demo {

using v8::FunctionCallbackInfo;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Object;
using v8::String;
using v8::Value;

void Method(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  args.GetReturnValue().Set(String::NewFromUtf8(
      isolate, "world", NewStringType::kNormal).ToLocalChecked());
}

void Initialize(Local<Object> exports) {
  NODE_SET_METHOD(exports, "hello", Method);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, Initialize)

}  // namespace demo

All Node.js Addons must export an initialization function following the pattern:

void Initialize(Local<Object> exports);
NODE_MODULE(NODE_GYP_MODULE_NAME, Initialize)

There is no semi-colon after NODE_MODULE as it's not a function (see node.h).

The module_name must match the filename of the final binary (excluding the .node suffix).

In the hello.cc example, then, the initialization function is Initialize and the addon module name is addon.

When building addons with node-gyp, using the macro NODE_GYP_MODULE_NAME as the first parameter of NODE_MODULE() will ensure that the name of the final binary will be passed to NODE_MODULE().

Context-aware addons#

There are environments in which Node.js addons may need to be loaded multiple times in multiple contexts. For example, the Electron runtime runs multiple instances of Node.js in a single process. Each instance will have its own require() cache, and thus each instance will need a native addon to behave correctly when loaded via require(). From the addon's perspective, this means that it must support multiple initializations.

A context-aware addon can be constructed by using the macro NODE_MODULE_INITIALIZER, which expands to the name of a function which Node.js will expect to find when it loads an addon. An addon can thus be initialized as in the following example:

using namespace v8;

extern "C" NODE_MODULE_EXPORT void
NODE_MODULE_INITIALIZER(Local<Object> exports,
                        Local<Value> module,
                        Local<Context> context) {
  /* Perform addon initialization steps here. */
}

Another option is to use the macro NODE_MODULE_INIT(), which will also construct a context-aware addon. Unlike NODE_MODULE(), which is used to construct an addon around a given addon initializer function, NODE_MODULE_INIT() serves as the declaration of such an initializer to be followed by a function body.

The following three variables may be used inside the function body following an invocation of NODE_MODULE_INIT():

  • Local<Object> exports,
  • Local<Value> module, and
  • Local<Context> context

The choice to build a context-aware addon carries with it the responsibility of carefully managing global static data. Since the addon may be loaded multiple times, potentially even from different threads, any global static data stored in the addon must be properly protected, and must not contain any persistent references to JavaScript objects. The reason for this is that JavaScript objects are only valid in one context, and will likely cause a crash when accessed from the wrong context or from a different thread than the one on which they were created.

The context-aware addon can be structured to avoid global static data by performing the following steps:

  • defining a class which will hold per-addon-instance data. Such a class should include a v8::Persistent<v8::Object> which will hold a weak reference to the addon's exports object. The callback associated with the weak reference will then destroy the instance of the class.
  • constructing an instance of this class in the addon initializer such that the v8::Persistent<v8::Object> is set to the exports object.
  • storing the instance of the class in a v8::External, and
  • passing the v8::External to all methods exposed to JavaScript by passing it to the v8::FunctionTemplate constructor which creates the native-backed JavaScript functions. The v8::FunctionTemplate constructor's third parameter accepts the v8::External.

This will ensure that the per-addon-instance data reaches each binding that can be called from JavaScript. The per-addon-instance data must also be passed into any asynchronous callbacks the addon may create.

The following example illustrates the implementation of a context-aware addon:

#include <node.h>

using namespace v8;

class AddonData {
 public:
  AddonData(Isolate* isolate, Local<Object> exports):
      call_count(0) {
    // Link the existence of this object instance to the existence of exports.
    exports_.Reset(isolate, exports);
    exports_.SetWeak(this, DeleteMe, WeakCallbackType::kParameter);
  }

  ~AddonData() {
    if (!exports_.IsEmpty()) {
      // Reset the reference to avoid leaking data.
      exports_.ClearWeak();
      exports_.Reset();
    }
  }

  // Per-addon data.
  int call_count;

 private:
  // Method to call when "exports" is about to be garbage-collected.
  static void DeleteMe(const WeakCallbackInfo<AddonData>& info) {
    delete info.GetParameter();
  }

  // Weak handle to the "exports" object. An instance of this class will be
  // destroyed along with the exports object to which it is weakly bound.
  v8::Persistent<v8::Object> exports_;
};

static void Method(const v8::FunctionCallbackInfo<v8::Value>& info) {
  // Retrieve the per-addon-instance data.
  AddonData* data =
      reinterpret_cast<AddonData*>(info.Data().As<External>()->Value());
  data->call_count++;
  info.GetReturnValue().Set((double)data->call_count);
}

// Initialize this addon to be context-aware.
NODE_MODULE_INIT(/* exports, module, context */) {
  Isolate* isolate = context->GetIsolate();

  // Create a new instance of AddonData for this instance of the addon.
  AddonData* data = new AddonData(isolate, exports);
  // Wrap the data in a v8::External so we can pass it to the method we expose.
  Local<External> external = External::New(isolate, data);

  // Expose the method "Method" to JavaScript, and make sure it receives the
  // per-addon-instance data we created above by passing `external` as the
  // third parameter to the FunctionTemplate constructor.
  exports->Set(context,
               String::NewFromUtf8(isolate, "method", NewStringType::kNormal)
                  .ToLocalChecked(),
               FunctionTemplate::New(isolate, Method, external)
                  ->GetFunction(context).ToLocalChecked()).FromJust();
}

Worker support#

In order to support Worker threads, addons need to clean up any resources they may have allocated when such a thread exists. This can be achieved through the usage of the AddEnvironmentCleanupHook() function:

void AddEnvironmentCleanupHook(v8::Isolate* isolate,
                               void (*fun)(void* arg),
                               void* arg);

This function adds a hook that will run before a given Node.js instance shuts down. If necessary, such hooks can be removed using RemoveEnvironmentCleanupHook() before they are run, which has the same signature.

In order to be loaded from multiple Node.js environments, such as a main thread and a Worker thread, an add-on needs to either:

  • Be an N-API addon, or
  • Be declared as context-aware using NODE_MODULE_INIT() as described above

Building#

Once the source code has been written, it must be compiled into the binary addon.node file. To do so, create a file called binding.gyp in the top-level of the project describing the build configuration of the module using a JSON-like format. This file is used by node-gyp — a tool written specifically to compile Node.js Addons.

{
  "targets": [
    {
      "target_name": "addon",
      "sources": [ "hello.cc" ]
    }
  ]
}

A version of the node-gyp utility is bundled and distributed with Node.js as part of npm. This version is not made directly available for developers to use and is intended only to support the ability to use the npm install command to compile and install Addons. Developers who wish to use node-gyp directly can install it using the command npm install -g node-gyp. See the node-gyp installation instructions for more information, including platform-specific requirements.

Once the binding.gyp file has been created, use node-gyp configure to generate the appropriate project build files for the current platform. This will generate either a Makefile (on Unix platforms) or a vcxproj file (on Windows) in the build/ directory.

Next, invoke the node-gyp build command to generate the compiled addon.node file. This will be put into the build/Release/ directory.

When using npm install to install a Node.js Addon, npm uses its own bundled version of node-gyp to perform this same set of actions, generating a compiled version of the Addon for the user's platform on demand.

Once built, the binary Addon can be used from within Node.js by pointing require() to the built addon.node module:

// hello.js
const addon = require('./build/Release/addon');

console.log(addon.hello());
// Prints: 'world'

Because the exact path to the compiled Addon binary can vary depending on how it is compiled (i.e. sometimes it may be in ./build/Debug/), Addons can use the bindings package to load the compiled module.

While the bindings package implementation is more sophisticated in how it locates Addon modules, it is essentially using a try…catch pattern similar to:

try {
  return require('./build/Release/addon.node');
} catch (err) {
  return require('./build/Debug/addon.node');
}

Linking to Node.js' own dependencies#

Node.js uses statically linked libraries such as V8, libuv and OpenSSL. All Addons are required to link to V8 and may link to any of the other dependencies as well. Typically, this is as simple as including the appropriate #include <...> statements (e.g. #include <v8.h>) and node-gyp will locate the appropriate headers automatically. However, there are a few caveats to be aware of:

  • When node-gyp runs, it will detect the specific release version of Node.js and download either the full source tarball or just the headers. If the full source is downloaded, Addons will have complete access to the full set of Node.js dependencies. However, if only the Node.js headers are downloaded, then only the symbols exported by Node.js will be available.

  • node-gyp can be run using the --nodedir flag pointing at a local Node.js source image. Using this option, the Addon will have access to the full set of dependencies.

Loading Addons using require()#

The filename extension of the compiled Addon binary is .node (as opposed to .dll or .so). The require() function is written to look for files with the .node file extension and initialize those as dynamically-linked libraries.

When calling require(), the .node extension can usually be omitted and Node.js will still find and initialize the Addon. One caveat, however, is that Node.js will first attempt to locate and load modules or JavaScript files that happen to share the same base name. For instance, if there is a file addon.js in the same directory as the binary addon.node, then require('addon') will give precedence to the addon.js file and load it instead.

Native Abstractions for Node.js#

Each of the examples illustrated in this document make direct use of the Node.js and V8 APIs for implementing Addons. The V8 API can, and has, changed dramatically from one V8 release to the next (and one major Node.js release to the next). With each change, Addons may need to be updated and recompiled in order to continue functioning. The Node.js release schedule is designed to minimize the frequency and impact of such changes but there is little that Node.js can do currently to ensure stability of the V8 APIs.

The Native Abstractions for Node.js (or nan) provide a set of tools that Addon developers are recommended to use to keep compatibility between past and future releases of V8 and Node.js. See the nan examples for an illustration of how it can be used.

N-API#

Stability: 2 - Stable

N-API is an API for building native Addons. It is independent from the underlying JavaScript runtime (e.g. V8) and is maintained as part of Node.js itself. This API will be Application Binary Interface (ABI) stable across versions of Node.js. It is intended to insulate Addons from changes in the underlying JavaScript engine and allow modules compiled for one version to run on later versions of Node.js without recompilation. Addons are built/packaged with the same approach/tools outlined in this document (node-gyp, etc.). The only difference is the set of APIs that are used by the native code. Instead of using the V8 or Native Abstractions for Node.js APIs, the functions available in the N-API are used.

Creating and maintaining an addon that benefits from the ABI stability provided by N-API carries with it certain implementation considerations.

To use N-API in the above "Hello world" example, replace the content of hello.cc with the following. All other instructions remain the same.

// hello.cc using N-API
#include <node_api.h>

namespace demo {

napi_value Method(napi_env env, napi_callback_info args) {
  napi_value greeting;
  napi_status status;

  status = napi_create_string_utf8(env, "world", NAPI_AUTO_LENGTH, &greeting);
  if (status != napi_ok) return nullptr;
  return greeting;
}

napi_value init(napi_env env, napi_value exports) {
  napi_status status;
  napi_value fn;

  status = napi_create_function(env, nullptr, 0, Method, nullptr, &fn);
  if (status != napi_ok) return nullptr;

  status = napi_set_named_property(env, exports, "hello", fn);
  if (status != napi_ok) return nullptr;
  return exports;
}

NAPI_MODULE(NODE_GYP_MODULE_NAME, init)

}  // namespace demo

The functions available and how to use them are documented in C/C++ Addons with N-API.

Addon examples#

Following are some example Addons intended to help developers get started. The examples make use of the V8 APIs. Refer to the online V8 reference for help with the various V8 calls, and V8's Embedder's Guide for an explanation of several concepts used such as handles, scopes, function templates, etc.

Each of these examples using the following binding.gyp file:

{
  "targets": [
    {
      "target_name": "addon",
      "sources": [ "addon.cc" ]
    }
  ]
}

In cases where there is more than one .cc file, simply add the additional filename to the sources array:

"sources": ["addon.cc", "myexample.cc"]

Once the binding.gyp file is ready, the example Addons can be configured and built using node-gyp:

$ node-gyp configure build

Function arguments#

Addons will typically expose objects and functions that can be accessed from JavaScript running within Node.js. When functions are invoked from JavaScript, the input arguments and return value must be mapped to and from the C/C++ code.

The following example illustrates how to read function arguments passed from JavaScript and how to return a result:

// addon.cc
#include <node.h>

namespace demo {

using v8::Exception;
using v8::FunctionCallbackInfo;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Number;
using v8::Object;
using v8::String;
using v8::Value;

// This is the implementation of the "add" method
// Input arguments are passed using the
// const FunctionCallbackInfo<Value>& args struct
void Add(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();

  // Check the number of arguments passed.
  if (args.Length() < 2) {
    // Throw an Error that is passed back to JavaScript
    isolate->ThrowException(Exception::TypeError(
        String::NewFromUtf8(isolate,
                            "Wrong number of arguments",
                            NewStringType::kNormal).ToLocalChecked()));
    return;
  }

  // Check the argument types
  if (!args[0]->IsNumber() || !args[1]->IsNumber()) {
    isolate->ThrowException(Exception::TypeError(
        String::NewFromUtf8(isolate,
                            "Wrong arguments",
                            NewStringType::kNormal).ToLocalChecked()));
    return;
  }

  // Perform the operation
  double value =
      args[0].As<Number>()->Value() + args[1].As<Number>()->Value();
  Local<Number> num = Number::New(isolate, value);

  // Set the return value (using the passed in
  // FunctionCallbackInfo<Value>&)
  args.GetReturnValue().Set(num);
}

void Init(Local<Object> exports) {
  NODE_SET_METHOD(exports, "add", Add);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, Init)

}  // namespace demo

Once compiled, the example Addon can be required and used from within Node.js:

// test.js
const addon = require('./build/Release/addon');

console.log('This should be eight:', addon.add(3, 5));

Callbacks#

It is common practice within Addons to pass JavaScript functions to a C++ function and execute them from there. The following example illustrates how to invoke such callbacks:

// addon.cc
#include <node.h>

namespace demo {

using v8::Context;
using v8::Function;
using v8::FunctionCallbackInfo;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Null;
using v8::Object;
using v8::String;
using v8::Value;

void RunCallback(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  Local<Context> context = isolate->GetCurrentContext();
  Local<Function> cb = Local<Function>::Cast(args[0]);
  const unsigned argc = 1;
  Local<Value> argv[argc] = {
      String::NewFromUtf8(isolate,
                          "hello world",
                          NewStringType::kNormal).ToLocalChecked() };
  cb->Call(context, Null(isolate), argc, argv).ToLocalChecked();
}

void Init(Local<Object> exports, Local<Object> module) {
  NODE_SET_METHOD(module, "exports", RunCallback);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, Init)

}  // namespace demo

This example uses a two-argument form of Init() that receives the full module object as the second argument. This allows the Addon to completely overwrite exports with a single function instead of adding the function as a property of exports.

To test it, run the following JavaScript:

// test.js
const addon = require('./build/Release/addon');

addon((msg) => {
  console.log(msg);
// Prints: 'hello world'
});

In this example, the callback function is invoked synchronously.

Object factory#

Addons can create and return new objects from within a C++ function as illustrated in the following example. An object is created and returned with a property msg that echoes the string passed to createObject():

// addon.cc
#include <node.h>

namespace demo {

using v8::Context;
using v8::FunctionCallbackInfo;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Object;
using v8::String;
using v8::Value;

void CreateObject(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  Local<Context> context = isolate->GetCurrentContext();

  Local<Object> obj = Object::New(isolate);
  obj->Set(context,
           String::NewFromUtf8(isolate,
                               "msg",
                               NewStringType::kNormal).ToLocalChecked(),
                               args[0]->ToString(context).ToLocalChecked())
           .FromJust();

  args.GetReturnValue().Set(obj);
}

void Init(Local<Object> exports, Local<Object> module) {
  NODE_SET_METHOD(module, "exports", CreateObject);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, Init)

}  // namespace demo

To test it in JavaScript:

// test.js
const addon = require('./build/Release/addon');

const obj1 = addon('hello');
const obj2 = addon('world');
console.log(obj1.msg, obj2.msg);
// Prints: 'hello world'

Function factory#

Another common scenario is creating JavaScript functions that wrap C++ functions and returning those back to JavaScript:

// addon.cc
#include <node.h>

namespace demo {

using v8::Context;
using v8::Function;
using v8::FunctionCallbackInfo;
using v8::FunctionTemplate;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Object;
using v8::String;
using v8::Value;

void MyFunction(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  args.GetReturnValue().Set(String::NewFromUtf8(
      isolate, "hello world", NewStringType::kNormal).ToLocalChecked());
}

void CreateFunction(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();

  Local<Context> context = isolate->GetCurrentContext();
  Local<FunctionTemplate> tpl = FunctionTemplate::New(isolate, MyFunction);
  Local<Function> fn = tpl->GetFunction(context).ToLocalChecked();

  // omit this to make it anonymous
  fn->SetName(String::NewFromUtf8(
      isolate, "theFunction", NewStringType::kNormal).ToLocalChecked());

  args.GetReturnValue().Set(fn);
}

void Init(Local<Object> exports, Local<Object> module) {
  NODE_SET_METHOD(module, "exports", CreateFunction);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, Init)

}  // namespace demo

To test:

// test.js
const addon = require('./build/Release/addon');

const fn = addon();
console.log(fn());
// Prints: 'hello world'

Wrapping C++ objects#

It is also possible to wrap C++ objects/classes in a way that allows new instances to be created using the JavaScript new operator:

// addon.cc
#include <node.h>
#include "myobject.h"

namespace demo {

using v8::Local;
using v8::Object;

void InitAll(Local<Object> exports) {
  MyObject::Init(exports);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, InitAll)

}  // namespace demo

Then, in myobject.h, the wrapper class inherits from node::ObjectWrap:

// myobject.h
#ifndef MYOBJECT_H
#define MYOBJECT_H

#include <node.h>
#include <node_object_wrap.h>

namespace demo {

class MyObject : public node::ObjectWrap {
 public:
  static void Init(v8::Local<v8::Object> exports);

 private:
  explicit MyObject(double value = 0);
  ~MyObject();

  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void PlusOne(const v8::FunctionCallbackInfo<v8::Value>& args);
  static v8::Persistent<v8::Function> constructor;
  double value_;
};

}  // namespace demo

#endif

In myobject.cc, implement the various methods that are to be exposed. Below, the method plusOne() is exposed by adding it to the constructor's prototype:

// myobject.cc
#include "myobject.h"

namespace demo {

using v8::Context;
using v8::Function;
using v8::FunctionCallbackInfo;
using v8::FunctionTemplate;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Number;
using v8::Object;
using v8::Persistent;
using v8::String;
using v8::Value;

Persistent<Function> MyObject::constructor;

MyObject::MyObject(double value) : value_(value) {
}

MyObject::~MyObject() {
}

void MyObject::Init(Local<Object> exports) {
  Isolate* isolate = exports->GetIsolate();

  // Prepare constructor template
  Local<FunctionTemplate> tpl = FunctionTemplate::New(isolate, New);
  tpl->SetClassName(String::NewFromUtf8(
      isolate, "MyObject", NewStringType::kNormal).ToLocalChecked());
  tpl->InstanceTemplate()->SetInternalFieldCount(1);

  // Prototype
  NODE_SET_PROTOTYPE_METHOD(tpl, "plusOne", PlusOne);

  Local<Context> context = isolate->GetCurrentContext();
  constructor.Reset(isolate, tpl->GetFunction(context).ToLocalChecked());
  exports->Set(context, String::NewFromUtf8(
      isolate, "MyObject", NewStringType::kNormal).ToLocalChecked(),
               tpl->GetFunction(context).ToLocalChecked()).FromJust();
}

void MyObject::New(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  Local<Context> context = isolate->GetCurrentContext();

  if (args.IsConstructCall()) {
    // Invoked as constructor: `new MyObject(...)`
    double value = args[0]->IsUndefined() ?
        0 : args[0]->NumberValue(context).FromMaybe(0);
    MyObject* obj = new MyObject(value);
    obj->Wrap(args.This());
    args.GetReturnValue().Set(args.This());
  } else {
    // Invoked as plain function `MyObject(...)`, turn into construct call.
    const int argc = 1;
    Local<Value> argv[argc] = { args[0] };
    Local<Function> cons = Local<Function>::New(isolate, constructor);
    Local<Object> result =
        cons->NewInstance(context, argc, argv).ToLocalChecked();
    args.GetReturnValue().Set(result);
  }
}

void MyObject::PlusOne(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();

  MyObject* obj = ObjectWrap::Unwrap<MyObject>(args.Holder());
  obj->value_ += 1;

  args.GetReturnValue().Set(Number::New(isolate, obj->value_));
}

}  // namespace demo

To build this example, the myobject.cc file must be added to the binding.gyp:

{
  "targets": [
    {
      "target_name": "addon",
      "sources": [
        "addon.cc",
        "myobject.cc"
      ]
    }
  ]
}

Test it with:

// test.js
const addon = require('./build/Release/addon');

const obj = new addon.MyObject(10);
console.log(obj.plusOne());
// Prints: 11
console.log(obj.plusOne());
// Prints: 12
console.log(obj.plusOne());
// Prints: 13

The destructor for a wrapper object will run when the object is garbage-collected. For destructor testing, there are command-line flags that can be used to make it possible to force garbage collection. These flags are provided by the underlying V8 JavaScript engine. They are subject to change or removal at any time. They are not documented by Node.js or V8, and they should never be used outside of testing.

Factory of wrapped objects#

Alternatively, it is possible to use a factory pattern to avoid explicitly creating object instances using the JavaScript new operator:

const obj = addon.createObject();
// instead of:
// const obj = new addon.Object();

First, the createObject() method is implemented in addon.cc:

// addon.cc
#include <node.h>
#include "myobject.h"

namespace demo {

using v8::FunctionCallbackInfo;
using v8::Isolate;
using v8::Local;
using v8::Object;
using v8::String;
using v8::Value;

void CreateObject(const FunctionCallbackInfo<Value>& args) {
  MyObject::NewInstance(args);
}

void InitAll(Local<Object> exports, Local<Object> module) {
  MyObject::Init(exports->GetIsolate());

  NODE_SET_METHOD(module, "exports", CreateObject);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, InitAll)

}  // namespace demo

In myobject.h, the static method NewInstance() is added to handle instantiating the object. This method takes the place of using new in JavaScript:

// myobject.h
#ifndef MYOBJECT_H
#define MYOBJECT_H

#include <node.h>
#include <node_object_wrap.h>

namespace demo {

class MyObject : public node::ObjectWrap {
 public:
  static void Init(v8::Isolate* isolate);
  static void NewInstance(const v8::FunctionCallbackInfo<v8::Value>& args);

 private:
  explicit MyObject(double value = 0);
  ~MyObject();

  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
  static void PlusOne(const v8::FunctionCallbackInfo<v8::Value>& args);
  static v8::Persistent<v8::Function> constructor;
  double value_;
};

}  // namespace demo

#endif

The implementation in myobject.cc is similar to the previous example:

// myobject.cc
#include <node.h>
#include "myobject.h"

namespace demo {

using v8::Context;
using v8::Function;
using v8::FunctionCallbackInfo;
using v8::FunctionTemplate;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Number;
using v8::Object;
using v8::Persistent;
using v8::String;
using v8::Value;

Persistent<Function> MyObject::constructor;

MyObject::MyObject(double value) : value_(value) {
}

MyObject::~MyObject() {
}

void MyObject::Init(Isolate* isolate) {
  // Prepare constructor template
  Local<FunctionTemplate> tpl = FunctionTemplate::New(isolate, New);
  tpl->SetClassName(String::NewFromUtf8(
      isolate, "MyObject", NewStringType::kNormal).ToLocalChecked());
  tpl->InstanceTemplate()->SetInternalFieldCount(1);

  // Prototype
  NODE_SET_PROTOTYPE_METHOD(tpl, "plusOne", PlusOne);

  Local<Context> context = isolate->GetCurrentContext();
  constructor.Reset(isolate, tpl->GetFunction(context).ToLocalChecked());
}

void MyObject::New(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  Local<Context> context = isolate->GetCurrentContext();

  if (args.IsConstructCall()) {
    // Invoked as constructor: `new MyObject(...)`
    double value = args[0]->IsUndefined() ?
        0 : args[0]->NumberValue(context).FromMaybe(0);
    MyObject* obj = new MyObject(value);
    obj->Wrap(args.This());
    args.GetReturnValue().Set(args.This());
  } else {
    // Invoked as plain function `MyObject(...)`, turn into construct call.
    const int argc = 1;
    Local<Value> argv[argc] = { args[0] };
    Local<Function> cons = Local<Function>::New(isolate, constructor);
    Local<Object> instance =
        cons->NewInstance(context, argc, argv).ToLocalChecked();
    args.GetReturnValue().Set(instance);
  }
}

void MyObject::NewInstance(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();

  const unsigned argc = 1;
  Local<Value> argv[argc] = { args[0] };
  Local<Function> cons = Local<Function>::New(isolate, constructor);
  Local<Context> context = isolate->GetCurrentContext();
  Local<Object> instance =
      cons->NewInstance(context, argc, argv).ToLocalChecked();

  args.GetReturnValue().Set(instance);
}

void MyObject::PlusOne(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();

  MyObject* obj = ObjectWrap::Unwrap<MyObject>(args.Holder());
  obj->value_ += 1;

  args.GetReturnValue().Set(Number::New(isolate, obj->value_));
}

}  // namespace demo

Once again, to build this example, the myobject.cc file must be added to the binding.gyp:

{
  "targets": [
    {
      "target_name": "addon",
      "sources": [
        "addon.cc",
        "myobject.cc"
      ]
    }
  ]
}

Test it with:

// test.js
const createObject = require('./build/Release/addon');

const obj = createObject(10);
console.log(obj.plusOne());
// Prints: 11
console.log(obj.plusOne());
// Prints: 12
console.log(obj.plusOne());
// Prints: 13

const obj2 = createObject(20);
console.log(obj2.plusOne());
// Prints: 21
console.log(obj2.plusOne());
// Prints: 22
console.log(obj2.plusOne());
// Prints: 23

Passing wrapped objects around#

In addition to wrapping and returning C++ objects, it is possible to pass wrapped objects around by unwrapping them with the Node.js helper function node::ObjectWrap::Unwrap. The following examples shows a function add() that can take two MyObject objects as input arguments:

// addon.cc
#include <node.h>
#include <node_object_wrap.h>
#include "myobject.h"

namespace demo {

using v8::Context;
using v8::FunctionCallbackInfo;
using v8::Isolate;
using v8::Local;
using v8::Number;
using v8::Object;
using v8::String;
using v8::Value;

void CreateObject(const FunctionCallbackInfo<Value>& args) {
  MyObject::NewInstance(args);
}

void Add(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  Local<Context> context = isolate->GetCurrentContext();

  MyObject* obj1 = node::ObjectWrap::Unwrap<MyObject>(
      args[0]->ToObject(context).ToLocalChecked());
  MyObject* obj2 = node::ObjectWrap::Unwrap<MyObject>(
      args[1]->ToObject(context).ToLocalChecked());

  double sum = obj1->value() + obj2->value();
  args.GetReturnValue().Set(Number::New(isolate, sum));
}

void InitAll(Local<Object> exports) {
  MyObject::Init(exports->GetIsolate());

  NODE_SET_METHOD(exports, "createObject", CreateObject);
  NODE_SET_METHOD(exports, "add", Add);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, InitAll)

}  // namespace demo

In myobject.h, a new public method is added to allow access to private values after unwrapping the object.

// myobject.h
#ifndef MYOBJECT_H
#define MYOBJECT_H

#include <node.h>
#include <node_object_wrap.h>

namespace demo {

class MyObject : public node::ObjectWrap {
 public:
  static void Init(v8::Isolate* isolate);
  static void NewInstance(const v8::FunctionCallbackInfo<v8::Value>& args);
  inline double value() const { return value_; }

 private:
  explicit MyObject(double value = 0);
  ~MyObject();

  static void New(const v8::FunctionCallbackInfo<v8::Value>& args);
  static v8::Persistent<v8::Function> constructor;
  double value_;
};

}  // namespace demo

#endif

The implementation of myobject.cc is similar to before:

// myobject.cc
#include <node.h>
#include "myobject.h"

namespace demo {

using v8::Context;
using v8::Function;
using v8::FunctionCallbackInfo;
using v8::FunctionTemplate;
using v8::Isolate;
using v8::Local;
using v8::NewStringType;
using v8::Object;
using v8::Persistent;
using v8::String;
using v8::Value;

Persistent<Function> MyObject::constructor;

MyObject::MyObject(double value) : value_(value) {
}

MyObject::~MyObject() {
}

void MyObject::Init(Isolate* isolate) {
  // Prepare constructor template
  Local<FunctionTemplate> tpl = FunctionTemplate::New(isolate, New);
  tpl->SetClassName(String::NewFromUtf8(
      isolate, "MyObject", NewStringType::kNormal).ToLocalChecked());
  tpl->InstanceTemplate()->SetInternalFieldCount(1);

  Local<Context> context = isolate->GetCurrentContext();
  constructor.Reset(isolate, tpl->GetFunction(context).ToLocalChecked());
}

void MyObject::New(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();
  Local<Context> context = isolate->GetCurrentContext();

  if (args.IsConstructCall()) {
    // Invoked as constructor: `new MyObject(...)`
    double value = args[0]->IsUndefined() ?
        0 : args[0]->NumberValue(context).FromMaybe(0);
    MyObject* obj = new MyObject(value);
    obj->Wrap(args.This());
    args.GetReturnValue().Set(args.This());
  } else {
    // Invoked as plain function `MyObject(...)`, turn into construct call.
    const int argc = 1;
    Local<Value> argv[argc] = { args[0] };
    Local<Function> cons = Local<Function>::New(isolate, constructor);
    Local<Object> instance =
        cons->NewInstance(context, argc, argv).ToLocalChecked();
    args.GetReturnValue().Set(instance);
  }
}

void MyObject::NewInstance(const FunctionCallbackInfo<Value>& args) {
  Isolate* isolate = args.GetIsolate();

  const unsigned argc = 1;
  Local<Value> argv[argc] = { args[0] };
  Local<Function> cons = Local<Function>::New(isolate, constructor);
  Local<Context> context = isolate->GetCurrentContext();
  Local<Object> instance =
      cons->NewInstance(context, argc, argv).ToLocalChecked();

  args.GetReturnValue().Set(instance);
}

}  // namespace demo

Test it with:

// test.js
const addon = require('./build/Release/addon');

const obj1 = addon.createObject(10);
const obj2 = addon.createObject(20);
const result = addon.add(obj1, obj2);

console.log(result);
// Prints: 30

AtExit hooks#

An AtExit hook is a function that is invoked after the Node.js event loop has ended but before the JavaScript VM is terminated and Node.js shuts down. AtExit hooks are registered using the node::AtExit API.

void AtExit(callback, args)#

  • callback <void (*)(void*)> A pointer to the function to call at exit.
  • args <void*> A pointer to pass to the callback at exit.

Registers exit hooks that run after the event loop has ended but before the VM is killed.

AtExit takes two parameters: a pointer to a callback function to run at exit, and a pointer to untyped context data to be passed to that callback.

Callbacks are run in last-in first-out order.

The following addon.cc implements AtExit:

// addon.cc
#include <assert.h>
#include <stdlib.h>
#include <node.h>

namespace demo {

using node::AtExit;
using v8::HandleScope;
using v8::Isolate;
using v8::Local;
using v8::Object;

static char cookie[] = "yum yum";
static int at_exit_cb1_called = 0;
static int at_exit_cb2_called = 0;

static void at_exit_cb1(void* arg) {
  Isolate* isolate = static_cast<Isolate*>(arg);
  HandleScope scope(isolate);
  Local<Object> obj = Object::New(isolate);
  assert(!obj.IsEmpty());  // assert VM is still alive
  assert(obj->IsObject());
  at_exit_cb1_called++;
}

static void at_exit_cb2(void* arg) {
  assert(arg == static_cast<void*>(cookie));
  at_exit_cb2_called++;
}

static void sanity_check(void*) {
  assert(at_exit_cb1_called == 1);
  assert(at_exit_cb2_called == 2);
}

void init(Local<Object> exports) {
  AtExit(at_exit_cb2, cookie);
  AtExit(at_exit_cb2, cookie);
  AtExit(at_exit_cb1, exports->GetIsolate());
  AtExit(sanity_check);
}

NODE_MODULE(NODE_GYP_MODULE_NAME, init)

}  // namespace demo

Test in JavaScript by running:

// test.js
require('./build/Release/addon');

N-API#

Stability: 2 - Stable

N-API (pronounced N as in the letter, followed by API) is an API for building native Addons. It is independent from the underlying JavaScript runtime (for example, V8) and is maintained as part of Node.js itself. This API will be Application Binary Interface (ABI) stable across versions of Node.js. It is intended to insulate Addons from changes in the underlying JavaScript engine and allow modules compiled for one major version to run on later major versions of Node.js without recompilation. The ABI Stability guide provides a more in-depth explanation.

Addons are built/packaged with the same approach/tools outlined in the section titled C++ Addons. The only difference is the set of APIs that are used by the native code. Instead of using the V8 or Native Abstractions for Node.js APIs, the functions available in the N-API are used.

APIs exposed by N-API are generally used to create and manipulate JavaScript values. Concepts and operations generally map to ideas specified in the ECMA-262 Language Specification. The APIs have the following properties:

  • All N-API calls return a status code of type napi_status. This status indicates whether the API call succeeded or failed.
  • The API's return value is passed via an out parameter.
  • All JavaScript values are abstracted behind an opaque type named napi_value.
  • In case of an error status code, additional information can be obtained using napi_get_last_error_info. More information can be found in the error handling section Error Handling.

The N-API is a C API that ensures ABI stability across Node.js versions and different compiler levels. A C++ API can be easier to use. To support using C++, the project maintains a C++ wrapper module called node-addon-api. This wrapper provides an inlineable C++ API. Binaries built with node-addon-api will depend on the symbols for the N-API C-based functions exported by Node.js. node-addon-api is a more efficient way to write code that calls N-API. Take, for example, the following node-addon-api code. The first section shows the node-addon-api code and the second section shows what actually gets used in the addon.

Object obj = Object::New(env);
obj["foo"] = String::New(env, "bar");

napi_status status;
napi_value object, string;
status = napi_create_object(env, &object);
if (status != napi_ok) {
  napi_throw_error(env, ...);
  return;
}

status = napi_create_string_utf8(env, "bar", NAPI_AUTO_LENGTH, &string);
if (status != napi_ok) {
  napi_throw_error(env, ...);
  return;
}

status = napi_set_named_property(env, object, "foo", string);
if (status != napi_ok) {
  napi_throw_error(env, ...);
  return;
}

The end result is that the addon only uses the exported C APIs. As a result, it still gets the benefits of the ABI stability provided by the C API.

When using node-addon-api instead of the C APIs, start with the API docs for node-addon-api.

Implications of ABI Stability#

Although N-API provides an ABI stability guarantee, other parts of Node.js do not, and any external libraries used from the addon may not. In particular, none of the following APIs provide an ABI stability guarantee across major versions:

  • the Node.js C++ APIs available via any of

    #include <node.h>
#include <node_buffer.h>
#include <node_version.h>
#include <node_object_wrap.h>

  • the libuv APIs which are also included with Node.js and available via

    #include <uv.h>

  • the V8 API available via

    #include <v8.h>

Thus, for an addon to remain ABI-compatible across Node.js major versions, it must make use exclusively of N-API by restricting itself to using

#include <node_api.h>

and by checking, for all external libraries that it uses, that the external library makes ABI stability guarantees similar to N-API.

Building#

Unlike modules written in JavaScript, developing and deploying Node.js native addons using N-API requires an additional set of tools. Besides the basic tools required to develop for Node.js, the native addon developer requires a toolchain that can compile C and C++ code into a binary. In addition, depending upon how the native addon is deployed, the user of the native addon will also need to have a C/C++ toolchain installed.

For Linux developers, the necessary C/C++ toolchain packages are readily available. GCC is widely used in the Node.js community to build and test across a variety of plarforms. For many developers, the LLVM compiler infrastructure is also a good choice.

For Mac developers, Xcode offers all the required compiler tools. However, it is not necessary to install the entire Xcode IDE. The following command installs the necessary toolchain:

xcode-select --install

For Windows developers, Visual Studio offers all the required compiler tools. However, it is not necessary to install the entire Visual Studio IDE. The following command installs the necessary toolchain:

npm install --global --production windows-build-tools

The sections below describe the additional tools available for developing and deploying Node.js native addons.

Build tools#

Both the tools listed here require that users of the native addon have a C/C++ toolchain installed in order to successfully install the native addon.

node-gyp#

node-gyp is a build system based on Google's GYP tool and comes bundled with npm. GYP, and therefore node-gyp, requires that Python be installed.

Historically, node-gyp has been the tool of choice for building native addons. It has widespread adoption and documentation. However, some developers have run into limitations in node-gyp.

CMake.js#

CMake.js is an alternative build system based on CMake.

CMake.js is a good choice for projects that already use CMake or for developers affected by limitations in node-gyp.

Uploading precompiled binaries#

The three tools listed here permit native addon developers and maintainers to create and upload binaries to public or private servers. These tools are typically integrated with CI/CD build systems like Travis CI and AppVeyor to build and upload binaries for a variety of platforms and architectures. These binaries are then available for download by users who do not need to have a C/C++ toolchain installed.

node-pre-gyp#

node-pre-gyp is a tool based on node-gyp that adds the ability to upload binaries to a server of the developer's choice. node-pre-gyp has particularly good support for uploading binaries to Amazon S3.

prebuild#

prebuild is a tool that supports builds using either node-gyp or CMake.js. Unlike node-pre-gyp which supports a variety of servers, prebuild uploads binaries only to GitHub releases. prebuild is a good choice for GitHub projects using CMake.js.

prebuildify#

prebuildify is tool based on node-gyp. The advantage of prebuildify is that the built binaries are bundled with the native module when it's uploaded to npm. The binaries are downloaded from npm and are immediately available to the module user when the native module is installed.

Usage#

In order to use the N-API functions, include the file node_api.h which is located in the src directory in the node development tree:

#include <node_api.h>

This will opt into the default NAPI_VERSION for the given release of Node.js. In order to ensure compatibility with specific versions of N-API, the version can be specified explicitly when including the header:

#define NAPI_VERSION 3
#include <node_api.h>

This restricts the N-API surface to just the functionality that was available in the specified (and earlier) versions.

Some of the N-API surface is considered experimental and requires explicit opt-in to access those APIs:

#define NAPI_EXPERIMENTAL
#include <node_api.h>

In this case the entire API surface, including any experimental APIs, will be available to the module code.

N-API Version Matrix#

N-API versions are additive and versioned independently from Node.js. Version 4 is an extension to version 3 in that it has all of the APIs from version 3 with some additions. This means that it is not necessary to recompile for new versions of Node.js which are listed as supporting a later version.

12345
v6.xv6.14.2*
v8.xv8.0.0*v8.10.0*v8.11.2v8.16.0
v9.xv9.0.0*v9.3.0*v9.11.0*
v10.xv10.0.0v10.16.0
v11.xv11.0.0v11.8.0
v12.xv12.0.0v12.11.0
v13.xv13.0.0

* Indicates that the N-API version was released as experimental

The N-APIs associated strictly with accessing ECMAScript features from native code can be found separately in js_native_api.h and js_native_api_types.h. The APIs defined in these headers are included in node_api.h and node_api_types.h. The headers are structured in this way in order to allow implementations of N-API outside of Node.js. For those implementations the Node.js specific APIs may not be applicable.

The Node.js-specific parts of an addon can be separated from the code that exposes the actual functionality to the JavaScript environment so that the latter may be used with multiple implementations of N-API. In the example below, addon.c and addon.h refer only to js_native_api.h. This ensures that addon.c can be reused to compile against either the Node.js implementation of N-API or any implementation of N-API outside of Node.js.

addon_node.c is a separate file that contains the Node.js specific entry point to the addon and which instantiates the addon by calling into addon.c when the addon is loaded into a Node.js environment.

// addon.h
#ifndef _ADDON_H_
#define _ADDON_H_
#include <js_native_api.h>
napi_value create_addon(napi_env env);
#endif  // _ADDON_H_

// addon.c
#include "addon.h"

#define NAPI_CALL(env, call)                                      \
  do {                                                            \
    napi_status status = (call);                                  \
    if (status != napi_ok) {                                      \
      const napi_extended_error_info* error_info = NULL;          \
      napi_get_last_error_info((env), &error_info);               \
      bool is_pending;                                            \
      napi_is_exception_pending((env), &is_pending);              \
      if (!is_pending) {                                          \
        const char* message = (error_info->error_message == NULL) \
            ? "empty error message"                               \
            : error_info->error_message;                          \
        napi_throw_error((env), NULL, message);                   \
        return NULL;                                              \
      }                                                           \
    }                                                             \
  } while(0)

static napi_value
DoSomethingUseful(napi_env env, napi_callback_info info) {
  // Do something useful.
  return NULL;
}

napi_value create_addon(napi_env env) {
  napi_value result;
  NAPI_CALL(env, napi_create_object(env, &result));

  napi_value exported_function;
  NAPI_CALL(env, napi_create_function(env,
                                      "doSomethingUseful",
                                      NAPI_AUTO_LENGTH,
                                      DoSomethingUseful,
                                      NULL,
                                      &exported_function));

  NAPI_CALL(env, napi_set_named_property(env,
                                         result,
                                         "doSomethingUseful",
                                         exported_function));

  return result;
}

// addon_node.c
#include <node_api.h>
#include "addon.h"

NAPI_MODULE_INIT() {
  // This function body is expected to return a `napi_value`.
  // The variables `napi_env env` and `napi_value exports` may be used within
  // the body, as they are provided by the definition of `NAPI_MODULE_INIT()`.
  return create_addon(env);
}

Environment Life Cycle APIs#

Stability: 1 - Experimental

Section 8.7 of the ECMAScript Language Specification defines the concept of an "Agent" as a self-contained environment in which JavaScript code runs. Multiple such Agents may be started and terminated either concurrently or in sequence by the process.

A Node.js environment corresponds to an ECMAScript Agent. In the main process, an environment is created at startup, and additional environments can be created on separate threads to serve as worker threads. When Node.js is embedded in another application, the main thread of the application may also construct and destroy a Node.js environment multiple times during the life cycle of the application process such that each Node.js environment created by the application may, in turn, during its life cycle create and destroy additional environments as worker threads.

From the perspective of a native addon this means that the bindings it provides may be called multiple times, from multiple contexts, and even concurrently from multiple threads.

Native addons may need to allocate global state of which they make use during their entire life cycle such that the state must be unique to each instance of the addon.

To this env, N-API provides a way to allocate data such that its life cycle is tied to the life cycle of the Agent.

napi_set_instance_data#

Added in: v12.8.0 
napi_status napi_set_instance_data(napi_env env,
                                   void* data,
                                   napi_finalize finalize_cb,
                                   void* finalize_hint);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] data: The data item to make available to bindings of this instance.
  • [in] finalize_cb: The function to call when the environment is being torn down. The function receives data so that it might free it.
  • [in] finalize_hint: Optional hint to pass to the finalize callback during collection.

Returns napi_ok if the API succeeded.

This API associates data with the currently running Agent. data can later be retrieved using napi_get_instance_data(). Any existing data associated with the currently running Agent which was set by means of a previous call to napi_set_instance_data() will be overwritten. If a finalize_cb was provided by the previous call, it will not be called.

napi_get_instance_data#

Added in: v12.8.0 
napi_status napi_get_instance_data(napi_env env,
                                   void** data);
  • [in] env: The environment that the N-API call is invoked under.
  • [out] data: The data item that was previously associated with the currently running Agent by a call to napi_set_instance_data().

Returns napi_ok if the API succeeded.

This API retrieves data that was previously associated with the currently running Agent via napi_set_instance_data(). If no data is set, the call will succeed and data will be set to NULL.

Basic N-API Data Types#

N-API exposes the following fundamental datatypes as abstractions that are consumed by the various APIs. These APIs should be treated as opaque, introspectable only with other N-API calls.

napi_status#

Added in: v8.0.0 N-API version: 1

Integral status code indicating the success or failure of a N-API call. Currently, the following status codes are supported.

typedef enum {
  napi_ok,
  napi_invalid_arg,
  napi_object_expected,
  napi_string_expected,
  napi_name_expected,
  napi_function_expected,
  napi_number_expected,
  napi_boolean_expected,
  napi_array_expected,
  napi_generic_failure,
  napi_pending_exception,
  napi_cancelled,
  napi_escape_called_twice,
  napi_handle_scope_mismatch,
  napi_callback_scope_mismatch,
  napi_queue_full,
  napi_closing,
  napi_bigint_expected,
  napi_date_expected,
  napi_arraybuffer_expected,
  napi_detachable_arraybuffer_expected,
} napi_status;

If additional information is required upon an API returning a failed status, it can be obtained by calling napi_get_last_error_info.

napi_extended_error_info#

Added in: v8.0.0 N-API version: 1 
typedef struct {
  const char* error_message;
  void* engine_reserved;
  uint32_t engine_error_code;
  napi_status error_code;
} napi_extended_error_info;
  • error_message: UTF8-encoded string containing a VM-neutral description of the error.
  • engine_reserved: Reserved for VM-specific error details. This is currently not implemented for any VM.
  • engine_error_code: VM-specific error code. This is currently not implemented for any VM.
  • error_code: The N-API status code that originated with the last error.

See the Error Handling section for additional information.

napi_env#

napi_env is used to represent a context that the underlying N-API implementation can use to persist VM-specific state. This structure is passed to native functions when they're invoked, and it must be passed back when making N-API calls. Specifically, the same napi_env that was passed in when the initial native function was called must be passed to any subsequent nested N-API calls. Caching the napi_env for the purpose of general reuse is not allowed.

napi_value#

This is an opaque pointer that is used to represent a JavaScript value.

napi_threadsafe_function#

Added in: v10.6.0 N-API version: 4

This is an opaque pointer that represents a JavaScript function which can be called asynchronously from multiple threads via napi_call_threadsafe_function().

napi_threadsafe_function_release_mode#

Added in: v10.6.0 N-API version: 4

A value to be given to napi_release_threadsafe_function() to indicate whether the thread-safe function is to be closed immediately (napi_tsfn_abort) or merely released (napi_tsfn_release) and thus available for subsequent use via napi_acquire_threadsafe_function() and napi_call_threadsafe_function().

typedef enum {
  napi_tsfn_release,
  napi_tsfn_abort
} napi_threadsafe_function_release_mode;

napi_threadsafe_function_call_mode#

Added in: v10.6.0 N-API version: 4

A value to be given to napi_call_threadsafe_function() to indicate whether the call should block whenever the queue associated with the thread-safe function is full.

typedef enum {
  napi_tsfn_nonblocking,
  napi_tsfn_blocking
} napi_threadsafe_function_call_mode;

N-API Memory Management types#

napi_handle_scope#

This is an abstraction used to control and modify the lifetime of objects created within a particular scope. In general, N-API values are created within the context of a handle scope. When a native method is called from JavaScript, a default handle scope will exist. If the user does not explicitly create a new handle scope, N-API values will be created in the default handle scope. For any invocations of code outside the execution of a native method (for instance, during a libuv callback invocation), the module is required to create a scope before invoking any functions that can result in the creation of JavaScript values.

Handle scopes are created using napi_open_handle_scope and are destroyed using napi_close_handle_scope. Closing the scope can indicate to the GC that all napi_values created during the lifetime of the handle scope are no longer referenced from the current stack frame.

For more details, review the Object Lifetime Management.

napi_escapable_handle_scope#

Added in: v8.0.0 N-API version: 1

Escapable handle scopes are a special type of handle scope to return values created within a particular handle scope to a parent scope.

napi_ref#

Added in: v8.0.0 N-API version: 1

This is the abstraction to use to reference a napi_value. This allows for users to manage the lifetimes of JavaScript values, including defining their minimum lifetimes explicitly.

For more details, review the Object Lifetime Management.

N-API Callback types#

napi_callback_info#

Added in: v8.0.0 N-API version: 1

Opaque datatype that is passed to a callback function. It can be used for getting additional information about the context in which the callback was invoked.

napi_callback#

Added in: v8.0.0 N-API version: 1

Function pointer type for user-provided native functions which are to be exposed to JavaScript via N-API. Callback functions should satisfy the following signature:

typedef napi_value (*napi_callback)(napi_env, napi_callback_info);

napi_finalize#

Added in: v8.0.0 N-API version: 1

Function pointer type for add-on provided functions that allow the user to be notified when externally-owned data is ready to be cleaned up because the object with which it was associated with, has been garbage-collected. The user must provide a function satisfying the following signature which would get called upon the object's collection. Currently, napi_finalize can be used for finding out when objects that have external data are collected.

typedef void (*napi_finalize)(napi_env env,
                              void* finalize_data,
                              void* finalize_hint);

napi_async_execute_callback#

Added in: v8.0.0 N-API version: 1

Function pointer used with functions that support asynchronous operations. Callback functions must satisfy the following signature:

typedef void (*napi_async_execute_callback)(napi_env env, void* data);

Implementations of this function must avoid making N-API calls that execute JavaScript or interact with JavaScript objects. N-API calls should be in the napi_async_complete_callback instead. Do not use the napi_env parameter as it will likely result in execution of JavaScript.

napi_async_complete_callback#

Added in: v8.0.0 N-API version: 1

Function pointer used with functions that support asynchronous operations. Callback functions must satisfy the following signature:

typedef void (*napi_async_complete_callback)(napi_env env,
                                             napi_status status,
                                             void* data);

napi_threadsafe_function_call_js#

Added in: v10.6.0 N-API version: 4

Function pointer used with asynchronous thread-safe function calls. The callback will be called on the main thread. Its purpose is to use a data item arriving via the queue from one of the secondary threads to construct the parameters necessary for a call into JavaScript, usually via napi_call_function, and then make the call into JavaScript.

The data arriving from the secondary thread via the queue is given in the data parameter and the JavaScript function to call is given in the js_callback parameter.

N-API sets up the environment prior to calling this callback, so it is sufficient to call the JavaScript function via napi_call_function rather than via napi_make_callback.

Callback functions must satisfy the following signature:

typedef void (*napi_threadsafe_function_call_js)(napi_env env,
                                                 napi_value js_callback,
                                                 void* context,
                                                 void* data);
  • [in] env: The environment to use for API calls, or NULL if the thread-safe function is being torn down and data may need to be freed.
  • [in] js_callback: The JavaScript function to call, or NULL if the thread-safe function is being torn down and data may need to be freed. It may also be NULL if the thread-safe function was created without js_callback.
  • [in] context: The optional data with which the thread-safe function was created.
  • [in] data: Data created by the secondary thread. It is the responsibility of the callback to convert this native data to JavaScript values (with N-API functions) that can be passed as parameters when js_callback is invoked. This pointer is managed entirely by the threads and this callback. Thus this callback should free the data.

Error Handling#

N-API uses both return values and JavaScript exceptions for error handling. The following sections explain the approach for each case.

Return values#

All of the N-API functions share the same error handling pattern. The return type of all API functions is napi_status.

The return value will be napi_ok if the request was successful and no uncaught JavaScript exception was thrown. If an error occurred AND an exception was thrown, the napi_status value for the error will be returned. If an exception was thrown, and no error occurred, napi_pending_exception will be returned.

In cases where a return value other than napi_ok or napi_pending_exception is returned, napi_is_exception_pending must be called to check if an exception is pending. See the section on exceptions for more details.

The full set of possible napi_status values is defined in napi_api_types.h.

The napi_status return value provides a VM-independent representation of the error which occurred. In some cases it is useful to be able to get more detailed information, including a string representing the error as well as VM (engine)-specific information.

In order to retrieve this information napi_get_last_error_info is provided which returns a napi_extended_error_info structure. The format of the napi_extended_error_info structure is as follows:

Added in: v10.6.0 N-API version: 4 
typedef struct napi_extended_error_info {
  const char* error_message;
  void* engine_reserved;
  uint32_t engine_error_code;
  napi_status error_code;
};
  • error_message: Textual representation of the error that occurred.
  • engine_reserved: Opaque handle reserved for engine use only.
  • engine_error_code: VM specific error code.
  • error_code: n-api status code for the last error.

napi_get_last_error_info returns the information for the last N-API call that was made.

Do not rely on the content or format of any of the extended information as it is not subject to SemVer and may change at any time. It is intended only for logging purposes.

napi_get_last_error_info#

Added in: v8.0.0 N-API version: 1 
napi_status
napi_get_last_error_info(napi_env env,
                         const napi_extended_error_info** result);
  • [in] env: The environment that the API is invoked under.
  • [out] result: The napi_extended_error_info structure with more information about the error.

Returns napi_ok if the API succeeded.

This API retrieves a napi_extended_error_info structure with information about the last error that occurred.

The content of the napi_extended_error_info returned is only valid up until an n-api function is called on the same env.

Do not rely on the content or format of any of the extended information as it is not subject to SemVer and may change at any time. It is intended only for logging purposes.

This API can be called even if there is a pending JavaScript exception.

Exceptions#

Any N-API function call may result in a pending JavaScript exception. This is obviously the case for any function that may cause the execution of JavaScript, but N-API specifies that an exception may be pending on return from any of the API functions.

If the napi_status returned by a function is napi_ok then no exception is pending and no additional action is required. If the napi_status returned is anything other than napi_ok or napi_pending_exception, in order to try to recover and continue instead of simply returning immediately, napi_is_exception_pending must be called in order to determine if an exception is pending or not.

In many cases when an N-API function is called and an exception is already pending, the function will return immediately with a napi_status of napi_pending_exception. However, this is not the case for all functions. N-API allows a subset of the functions to be called to allow for some minimal cleanup before returning to JavaScript. In that case, napi_status will reflect the status for the function. It will not reflect previous pending exceptions. To avoid confusion, check the error status after every function call.

When an exception is pending one of two approaches can be employed.

The first approach is to do any appropriate cleanup and then return so that execution will return to JavaScript. As part of the transition back to JavaScript, the exception will be thrown at the point in the JavaScript code where the native method was invoked. The behavior of most N-API calls is unspecified while an exception is pending, and many will simply return napi_pending_exception, so do as little as possible and then return to JavaScript where the exception can be handled.

The second approach is to try to handle the exception. There will be cases where the native code can catch the exception, take the appropriate action, and then continue. This is only recommended in specific cases where it is known that the exception can be safely handled. In these cases napi_get_and_clear_last_exception can be used to get and clear the exception. On success, result will contain the handle to the last JavaScript Object thrown. If it is determined, after retrieving the exception, the exception cannot be handled after all it can be re-thrown it with napi_throw where error is the JavaScript Error object to be thrown.

The following utility functions are also available in case native code needs to throw an exception or determine if a napi_value is an instance of a JavaScript Error object: napi_throw_error, napi_throw_type_error, napi_throw_range_error and napi_is_error.

The following utility functions are also available in case native code needs to create an Error object: napi_create_error, napi_create_type_error, and napi_create_range_error, where result is the napi_value that refers to the newly created JavaScript Error object.

The Node.js project is adding error codes to all of the errors generated internally. The goal is for applications to use these error codes for all error checking. The associated error messages will remain, but will only be meant to be used for logging and display with the expectation that the message can change without SemVer applying. In order to support this model with N-API, both in internal functionality and for module specific functionality (as its good practice), the throw_ and create_ functions take an optional code parameter which is the string for the code to be added to the error object. If the optional parameter is NULL then no code will be associated with the error. If a code is provided, the name associated with the error is also updated to be:

originalName [code]

where originalName is the original name associated with the error and code is the code that was provided. For example, if the code is 'ERR_ERROR_1' and a TypeError is being created the name will be:

TypeError [ERR_ERROR_1]

napi_throw#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_throw(napi_env env, napi_value error);
  • [in] env: The environment that the API is invoked under.
  • [in] error: The JavaScript value to be thrown.

Returns napi_ok if the API succeeded.

This API throws the JavaScript value provided.

napi_throw_error#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_throw_error(napi_env env,
                                         const char* code,
                                         const char* msg);
  • [in] env: The environment that the API is invoked under.
  • [in] code: Optional error code to be set on the error.
  • [in] msg: C string representing the text to be associated with the error.

Returns napi_ok if the API succeeded.

This API throws a JavaScript Error with the text provided.

napi_throw_type_error#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_throw_type_error(napi_env env,
                                              const char* code,
                                              const char* msg);
  • [in] env: The environment that the API is invoked under.
  • [in] code: Optional error code to be set on the error.
  • [in] msg: C string representing the text to be associated with the error.

Returns napi_ok if the API succeeded.

This API throws a JavaScript TypeError with the text provided.

napi_throw_range_error#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_throw_range_error(napi_env env,
                                               const char* code,
                                               const char* msg);
  • [in] env: The environment that the API is invoked under.
  • [in] code: Optional error code to be set on the error.
  • [in] msg: C string representing the text to be associated with the error.

Returns napi_ok if the API succeeded.

This API throws a JavaScript RangeError with the text provided.

napi_is_error#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_is_error(napi_env env,
                                      napi_value value,
                                      bool* result);
  • [in] env: The environment that the API is invoked under.
  • [in] value: The napi_value to be checked.
  • [out] result: Boolean value that is set to true if napi_value represents an error, false otherwise.

Returns napi_ok if the API succeeded.

This API queries a napi_value to check if it represents an error object.

napi_create_error#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_create_error(napi_env env,
                                          napi_value code,
                                          napi_value msg,
                                          napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] code: Optional napi_value with the string for the error code to be associated with the error.
  • [in] msg: napi_value that references a JavaScript String to be used as the message for the Error.
  • [out] result: napi_value representing the error created.

Returns napi_ok if the API succeeded.

This API returns a JavaScript Error with the text provided.

napi_create_type_error#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_create_type_error(napi_env env,
                                               napi_value code,
                                               napi_value msg,
                                               napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] code: Optional napi_value with the string for the error code to be associated with the error.
  • [in] msg: napi_value that references a JavaScript String to be used as the message for the Error.
  • [out] result: napi_value representing the error created.

Returns napi_ok if the API succeeded.

This API returns a JavaScript TypeError with the text provided.

napi_create_range_error#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_create_range_error(napi_env env,
                                                napi_value code,
                                                napi_value msg,
                                                napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] code: Optional napi_value with the string for the error code to be associated with the error.
  • [in] msg: napi_value that references a JavaScript String to be used as the message for the Error.
  • [out] result: napi_value representing the error created.

Returns napi_ok if the API succeeded.

This API returns a JavaScript RangeError with the text provided.

napi_get_and_clear_last_exception#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_and_clear_last_exception(napi_env env,
                                              napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [out] result: The exception if one is pending, NULL otherwise.

Returns napi_ok if the API succeeded.

This API returns true if an exception is pending.

This API can be called even if there is a pending JavaScript exception.

napi_is_exception_pending#

Added in: v8.0.0 N-API version: 1 
napi_status napi_is_exception_pending(napi_env env, bool* result);
  • [in] env: The environment that the API is invoked under.
  • [out] result: Boolean value that is set to true if an exception is pending.

Returns napi_ok if the API succeeded.

This API returns true if an exception is pending.

This API can be called even if there is a pending JavaScript exception.

napi_fatal_exception#

Added in: v9.10.0 N-API version: 3 
napi_status napi_fatal_exception(napi_env env, napi_value err);
  • [in] env: The environment that the API is invoked under.
  • [in] err: The error that is passed to 'uncaughtException'.

Trigger an 'uncaughtException' in JavaScript. Useful if an async callback throws an exception with no way to recover.

Fatal Errors#

In the event of an unrecoverable error in a native module, a fatal error can be thrown to immediately terminate the process.

napi_fatal_error#

Added in: v8.2.0 N-API version: 1 
NAPI_NO_RETURN void napi_fatal_error(const char* location,
                                                 size_t location_len,
                                                 const char* message,
                                                 size_t message_len);
  • [in] location: Optional location at which the error occurred.
  • [in] location_len: The length of the location in bytes, or NAPI_AUTO_LENGTH if it is null-terminated.
  • [in] message: The message associated with the error.
  • [in] message_len: The length of the message in bytes, or NAPI_AUTO_LENGTH if it is null-terminated.

The function call does not return, the process will be terminated.

This API can be called even if there is a pending JavaScript exception.

Object Lifetime management#

As N-API calls are made, handles to objects in the heap for the underlying VM may be returned as napi_values. These handles must hold the objects 'live' until they are no longer required by the native code, otherwise the objects could be collected before the native code was finished using them.

As object handles are returned they are associated with a 'scope'. The lifespan for the default scope is tied to the lifespan of the native method call. The result is that, by default, handles remain valid and the objects associated with these handles will be held live for the lifespan of the native method call.

In many cases, however, it is necessary that the handles remain valid for either a shorter or longer lifespan than that of the native method. The sections which follow describe the N-API functions that can be used to change the handle lifespan from the default.

Making handle lifespan shorter than that of the native method#

It is often necessary to make the lifespan of handles shorter than the lifespan of a native method. For example, consider a native method that has a loop which iterates through the elements in a large array:

for (int i = 0; i < 1000000; i++) {
  napi_value result;
  napi_status status = napi_get_element(env, object, i, &result);
  if (status != napi_ok) {
    break;
  }
  // do something with element
}

This would result in a large number of handles being created, consuming substantial resources. In addition, even though the native code could only use the most recent handle, all of the associated objects would also be kept alive since they all share the same scope.

To handle this case, N-API provides the ability to establish a new 'scope' to which newly created handles will be associated. Once those handles are no longer required, the scope can be 'closed' and any handles associated with the scope are invalidated. The methods available to open/close scopes are napi_open_handle_scope and napi_close_handle_scope.

N-API only supports a single nested hierarchy of scopes. There is only one active scope at any time, and all new handles will be associated with that scope while it is active. Scopes must be closed in the reverse order from which they are opened. In addition, all scopes created within a native method must be closed before returning from that method.

Taking the earlier example, adding calls to napi_open_handle_scope and napi_close_handle_scope would ensure that at most a single handle is valid throughout the execution of the loop:

for (int i = 0; i < 1000000; i++) {
  napi_handle_scope scope;
  napi_status status = napi_open_handle_scope(env, &scope);
  if (status != napi_ok) {
    break;
  }
  napi_value result;
  status = napi_get_element(env, object, i, &result);
  if (status != napi_ok) {
    break;
  }
  // do something with element
  status = napi_close_handle_scope(env, scope);
  if (status != napi_ok) {
    break;
  }
}

When nesting scopes, there are cases where a handle from an inner scope needs to live beyond the lifespan of that scope. N-API supports an 'escapable scope' in order to support this case. An escapable scope allows one handle to be 'promoted' so that it 'escapes' the current scope and the lifespan of the handle changes from the current scope to that of the outer scope.

The methods available to open/close escapable scopes are napi_open_escapable_handle_scope and napi_close_escapable_handle_scope.

The request to promote a handle is made through napi_escape_handle which can only be called once.

napi_open_handle_scope#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_open_handle_scope(napi_env env,
                                               napi_handle_scope* result);
  • [in] env: The environment that the API is invoked under.
  • [out] result: napi_value representing the new scope.

Returns napi_ok if the API succeeded.

This API open a new scope.

napi_close_handle_scope#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_close_handle_scope(napi_env env,
                                                napi_handle_scope scope);
  • [in] env: The environment that the API is invoked under.
  • [in] scope: napi_value representing the scope to be closed.

Returns napi_ok if the API succeeded.

This API closes the scope passed in. Scopes must be closed in the reverse order from which they were created.

This API can be called even if there is a pending JavaScript exception.

napi_open_escapable_handle_scope#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status
    napi_open_escapable_handle_scope(napi_env env,
                                     napi_handle_scope* result);
  • [in] env: The environment that the API is invoked under.
  • [out] result: napi_value representing the new scope.

Returns napi_ok if the API succeeded.

This API open a new scope from which one object can be promoted to the outer scope.

napi_close_escapable_handle_scope#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status
    napi_close_escapable_handle_scope(napi_env env,
                                      napi_handle_scope scope);
  • [in] env: The environment that the API is invoked under.
  • [in] scope: napi_value representing the scope to be closed.

Returns napi_ok if the API succeeded.

This API closes the scope passed in. Scopes must be closed in the reverse order from which they were created.

This API can be called even if there is a pending JavaScript exception.

napi_escape_handle#

Added in: v8.0.0 N-API version: 1 
napi_status napi_escape_handle(napi_env env,
                               napi_escapable_handle_scope scope,
                               napi_value escapee,
                               napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] scope: napi_value representing the current scope.
  • [in] escapee: napi_value representing the JavaScript Object to be escaped.
  • [out] result: napi_value representing the handle to the escaped Object in the outer scope.

Returns napi_ok if the API succeeded.

This API promotes the handle to the JavaScript object so that it is valid for the lifetime of the outer scope. It can only be called once per scope. If it is called more than once an error will be returned.

This API can be called even if there is a pending JavaScript exception.

References to objects with a lifespan longer than that of the native method#

In some cases an addon will need to be able to create and reference objects with a lifespan longer than that of a single native method invocation. For example, to create a constructor and later use that constructor in a request to creates instances, it must be possible to reference the constructor object across many different instance creation requests. This would not be possible with a normal handle returned as a napi_value as described in the earlier section. The lifespan of a normal handle is managed by scopes and all scopes must be closed before the end of a native method.

N-API provides methods to create persistent references to an object. Each persistent reference has an associated count with a value of 0 or higher. The count determines if the reference will keep the corresponding object live. References with a count of 0 do not prevent the object from being collected and are often called 'weak' references. Any count greater than 0 will prevent the object from being collected.

References can be created with an initial reference count. The count can then be modified through napi_reference_ref and napi_reference_unref. If an object is collected while the count for a reference is 0, all subsequent calls to get the object associated with the reference napi_get_reference_value will return NULL for the returned napi_value. An attempt to call napi_reference_ref for a reference whose object has been collected will result in an error.

References must be deleted once they are no longer required by the addon. When a reference is deleted it will no longer prevent the corresponding object from being collected. Failure to delete a persistent reference will result in a 'memory leak' with both the native memory for the persistent reference and the corresponding object on the heap being retained forever.

There can be multiple persistent references created which refer to the same object, each of which will either keep the object live or not based on its individual count.

napi_create_reference#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_create_reference(napi_env env,
                                              napi_value value,
                                              int initial_refcount,
                                              napi_ref* result);
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing the Object to which we want a reference.
  • [in] initial_refcount: Initial reference count for the new reference.
  • [out] result: napi_ref pointing to the new reference.

Returns napi_ok if the API succeeded.

This API create a new reference with the specified reference count to the Object passed in.

napi_delete_reference#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_delete_reference(napi_env env, napi_ref ref);
  • [in] env: The environment that the API is invoked under.
  • [in] ref: napi_ref to be deleted.

Returns napi_ok if the API succeeded.

This API deletes the reference passed in.

This API can be called even if there is a pending JavaScript exception.

napi_reference_ref#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_reference_ref(napi_env env,
                                           napi_ref ref,
                                           int* result);
  • [in] env: The environment that the API is invoked under.
  • [in] ref: napi_ref for which the reference count will be incremented.
  • [out] result: The new reference count.

Returns napi_ok if the API succeeded.

This API increments the reference count for the reference passed in and returns the resulting reference count.

napi_reference_unref#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_reference_unref(napi_env env,
                                             napi_ref ref,
                                             int* result);
  • [in] env: The environment that the API is invoked under.
  • [in] ref: napi_ref for which the reference count will be decremented.
  • [out] result: The new reference count.

Returns napi_ok if the API succeeded.

This API decrements the reference count for the reference passed in and returns the resulting reference count.

napi_get_reference_value#

Added in: v8.0.0 N-API version: 1 
NAPI_EXTERN napi_status napi_get_reference_value(napi_env env,
                                                 napi_ref ref,
                                                 napi_value* result);

the napi_value passed in or out of these methods is a handle to the object to which the reference is related.

  • [in] env: The environment that the API is invoked under.
  • [in] ref: napi_ref for which we requesting the corresponding Object.
  • [out] result: The napi_value for the Object referenced by the napi_ref.

Returns napi_ok if the API succeeded.

If still valid, this API returns the napi_value representing the JavaScript Object associated with the napi_ref. Otherwise, result will be NULL.

Cleanup on exit of the current Node.js instance#

While a Node.js process typically releases all its resources when exiting, embedders of Node.js, or future Worker support, may require addons to register clean-up hooks that will be run once the current Node.js instance exits.

N-API provides functions for registering and un-registering such callbacks. When those callbacks are run, all resources that are being held by the addon should be freed up.

napi_add_env_cleanup_hook#

Added in: v10.2.0 N-API version: 3 
NODE_EXTERN napi_status napi_add_env_cleanup_hook(napi_env env,
                                                  void (*fun)(void* arg),
                                                  void* arg);

Registers fun as a function to be run with the arg parameter once the current Node.js environment exits.

A function can safely be specified multiple times with different arg values. In that case, it will be called multiple times as well. Providing the same fun and arg values multiple times is not allowed and will lead the process to abort.

The hooks will be called in reverse order, i.e. the most recently added one will be called first.

Removing this hook can be done by using napi_remove_env_cleanup_hook. Typically, that happens when the resource for which this hook was added is being torn down anyway.

napi_remove_env_cleanup_hook#

Added in: v10.2.0 N-API version: 3 
NAPI_EXTERN napi_status napi_remove_env_cleanup_hook(napi_env env,
                                                     void (*fun)(void* arg),
                                                     void* arg);

Unregisters fun as a function to be run with the arg parameter once the current Node.js environment exits. Both the argument and the function value need to be exact matches.

The function must have originally been registered with napi_add_env_cleanup_hook, otherwise the process will abort.

Module registration#

N-API modules are registered in a manner similar to other modules except that instead of using the NODE_MODULE macro the following is used:

NAPI_MODULE(NODE_GYP_MODULE_NAME, Init)

The next difference is the signature for the Init method. For a N-API module it is as follows:

napi_value Init(napi_env env, napi_value exports);

The return value from Init is treated as the exports object for the module. The Init method is passed an empty object via the exports parameter as a convenience. If Init returns NULL, the parameter passed as exports is exported by the module. N-API modules cannot modify the module object but can specify anything as the exports property of the module.

To add the method hello as a function so that it can be called as a method provided by the addon:

napi_value Init(napi_env env, napi_value exports) {
  napi_status status;
  napi_property_descriptor desc =
    {"hello", NULL, Method, NULL, NULL, NULL, napi_default, NULL};
  status = napi_define_properties(env, exports, 1, &desc);
  if (status != napi_ok) return NULL;
  return exports;
}

To set a function to be returned by the require() for the addon:

napi_value Init(napi_env env, napi_value exports) {
  napi_value method;
  napi_status status;
  status = napi_create_function(env, "exports", NAPI_AUTO_LENGTH, Method, NULL, &method);
  if (status != napi_ok) return NULL;
  return method;
}

To define a class so that new instances can be created (often used with Object Wrap):

// NOTE: partial example, not all referenced code is included
napi_value Init(napi_env env, napi_value exports) {
  napi_status status;
  napi_property_descriptor properties[] = {
    { "value", NULL, NULL, GetValue, SetValue, NULL, napi_default, NULL },
    DECLARE_NAPI_METHOD("plusOne", PlusOne),
    DECLARE_NAPI_METHOD("multiply", Multiply),
  };

  napi_value cons;
  status =
      napi_define_class(env, "MyObject", New, NULL, 3, properties, &cons);
  if (status != napi_ok) return NULL;

  status = napi_create_reference(env, cons, 1, &constructor);
  if (status != napi_ok) return NULL;

  status = napi_set_named_property(env, exports, "MyObject", cons);
  if (status != napi_ok) return NULL;

  return exports;
}

If the module will be loaded multiple times during the lifetime of the Node.js process, use the NAPI_MODULE_INIT macro to initialize the module:

NAPI_MODULE_INIT() {
  napi_value answer;
  napi_status result;

  status = napi_create_int64(env, 42, &answer);
  if (status != napi_ok) return NULL;

  status = napi_set_named_property(env, exports, "answer", answer);
  if (status != napi_ok) return NULL;

  return exports;
}

This macro includes NAPI_MODULE, and declares an Init function with a special name and with visibility beyond the addon. This will allow Node.js to initialize the module even if it is loaded multiple times.

There are a few design considerations when declaring a module that may be loaded multiple times. The documentation of context-aware addons provides more details.

The variables env and exports will be available inside the function body following the macro invocation.

For more details on setting properties on objects, see the section on Working with JavaScript Properties.

For more details on building addon modules in general, refer to the existing API.

Working with JavaScript Values#

N-API exposes a set of APIs to create all types of JavaScript values. Some of these types are documented under Section 6 of the ECMAScript Language Specification.

Fundamentally, these APIs are used to do one of the following:

  1. Create a new JavaScript object
  2. Convert from a primitive C type to an N-API value
  3. Convert from N-API value to a primitive C type
  4. Get global instances including undefined and null

N-API values are represented by the type napi_value. Any N-API call that requires a JavaScript value takes in a napi_value. In some cases, the API does check the type of the napi_value up-front. However, for better performance, it's better for the caller to make sure that the napi_value in question is of the JavaScript type expected by the API.

Enum types#

napi_valuetype#

typedef enum {
  // ES6 types (corresponds to typeof)
  napi_undefined,
  napi_null,
  napi_boolean,
  napi_number,
  napi_string,
  napi_symbol,
  napi_object,
  napi_function,
  napi_external,
  napi_bigint,
} napi_valuetype;

Describes the type of a napi_value. This generally corresponds to the types described in Section 6.1 of the ECMAScript Language Specification. In addition to types in that section, napi_valuetype can also represent Functions and Objects with external data.

A JavaScript value of type napi_external appears in JavaScript as a plain object such that no properties can be set on it, and no prototype.

napi_typedarray_type#

typedef enum {
  napi_int8_array,
  napi_uint8_array,
  napi_uint8_clamped_array,
  napi_int16_array,
  napi_uint16_array,
  napi_int32_array,
  napi_uint32_array,
  napi_float32_array,
  napi_float64_array,
  napi_bigint64_array,
  napi_biguint64_array,
} napi_typedarray_type;

This represents the underlying binary scalar datatype of the TypedArray. Elements of this enum correspond to Section 22.2 of the ECMAScript Language Specification.

Object Creation Functions#

napi_create_array#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_array(napi_env env, napi_value* result)
  • [in] env: The environment that the N-API call is invoked under.
  • [out] result: A napi_value representing a JavaScript Array.

Returns napi_ok if the API succeeded.

This API returns an N-API value corresponding to a JavaScript Array type. JavaScript arrays are described in Section 22.1 of the ECMAScript Language Specification.

napi_create_array_with_length#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_array_with_length(napi_env env,
                                          size_t length,
                                          napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] length: The initial length of the Array.
  • [out] result: A napi_value representing a JavaScript Array.

Returns napi_ok if the API succeeded.

This API returns an N-API value corresponding to a JavaScript Array type. The Array's length property is set to the passed-in length parameter. However, the underlying buffer is not guaranteed to be pre-allocated by the VM when the array is created. That behavior is left to the underlying VM implementation. If the buffer must be a contiguous block of memory that can be directly read and/or written via C, consider using napi_create_external_arraybuffer.

JavaScript arrays are described in Section 22.1 of the ECMAScript Language Specification.

napi_create_arraybuffer#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_arraybuffer(napi_env env,
                                    size_t byte_length,
                                    void** data,
                                    napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] length: The length in bytes of the array buffer to create.
  • [out] data: Pointer to the underlying byte buffer of the ArrayBuffer.
  • [out] result: A napi_value representing a JavaScript ArrayBuffer.

Returns napi_ok if the API succeeded.

This API returns an N-API value corresponding to a JavaScript ArrayBuffer. ArrayBuffers are used to represent fixed-length binary data buffers. They are normally used as a backing-buffer for TypedArray objects. The ArrayBuffer allocated will have an underlying byte buffer whose size is determined by the length parameter that's passed in. The underlying buffer is optionally returned back to the caller in case the caller wants to directly manipulate the buffer. This buffer can only be written to directly from native code. To write to this buffer from JavaScript, a typed array or DataView object would need to be created.

JavaScript ArrayBuffer objects are described in Section 24.1 of the ECMAScript Language Specification.

napi_create_buffer#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_buffer(napi_env env,
                               size_t size,
                               void** data,
                               napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] size: Size in bytes of the underlying buffer.
  • [out] data: Raw pointer to the underlying buffer.
  • [out] result: A napi_value representing a node::Buffer.

Returns napi_ok if the API succeeded.

This API allocates a node::Buffer object. While this is still a fully-supported data structure, in most cases using a TypedArray will suffice.

napi_create_buffer_copy#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_buffer_copy(napi_env env,
                                    size_t length,
                                    const void* data,
                                    void** result_data,
                                    napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] size: Size in bytes of the input buffer (should be the same as the size of the new buffer).
  • [in] data: Raw pointer to the underlying buffer to copy from.
  • [out] result_data: Pointer to the new Buffer's underlying data buffer.
  • [out] result: A napi_value representing a node::Buffer.

Returns napi_ok if the API succeeded.

This API allocates a node::Buffer object and initializes it with data copied from the passed-in buffer. While this is still a fully-supported data structure, in most cases using a TypedArray will suffice.

napi_create_date#

Added in: v11.11.0 
napi_status napi_create_date(napi_env env,
                             double time,
                             napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] time: ECMAScript time value in milliseconds since 01 January, 1970 UTC.
  • [out] result: A napi_value representing a JavaScript Date.

Returns napi_ok if the API succeeded.

This API does not observe leap seconds; they are ignored, as ECMAScript aligns with POSIX time specification.

This API allocates a JavaScript Date object.

JavaScript Date objects are described in Section 20.3 of the ECMAScript Language Specification.

napi_create_external#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_external(napi_env env,
                                 void* data,
                                 napi_finalize finalize_cb,
                                 void* finalize_hint,
                                 napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] data: Raw pointer to the external data.
  • [in] finalize_cb: Optional callback to call when the external value is being collected.
  • [in] finalize_hint: Optional hint to pass to the finalize callback during collection.
  • [out] result: A napi_value representing an external value.

Returns napi_ok if the API succeeded.

This API allocates a JavaScript value with external data attached to it. This is used to pass external data through JavaScript code, so it can be retrieved later by native code using napi_get_value_external.

The API adds a napi_finalize callback which will be called when the JavaScript object just created is ready for garbage collection. It is similar to napi_wrap() except that:

  • the native data cannot be retrieved later using napi_unwrap(),
  • nor can it be removed later using napi_remove_wrap(), and
  • the object created by the API can be used with napi_wrap().

The created value is not an object, and therefore does not support additional properties. It is considered a distinct value type: calling napi_typeof() with an external value yields napi_external.

napi_create_external_arraybuffer#

Added in: v8.0.0 N-API version: 1 
napi_status
napi_create_external_arraybuffer(napi_env env,
                                 void* external_data,
                                 size_t byte_length,
                                 napi_finalize finalize_cb,
                                 void* finalize_hint,
                                 napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] external_data: Pointer to the underlying byte buffer of the ArrayBuffer.
  • [in] byte_length: The length in bytes of the underlying buffer.
  • [in] finalize_cb: Optional callback to call when the ArrayBuffer is being collected.
  • [in] finalize_hint: Optional hint to pass to the finalize callback during collection.
  • [out] result: A napi_value representing a JavaScript ArrayBuffer.

Returns napi_ok if the API succeeded.

This API returns an N-API value corresponding to a JavaScript ArrayBuffer. The underlying byte buffer of the ArrayBuffer is externally allocated and managed. The caller must ensure that the byte buffer remains valid until the finalize callback is called.

The API adds a napi_finalize callback which will be called when the JavaScript object just created is ready for garbage collection. It is similar to napi_wrap() except that:

  • the native data cannot be retrieved later using napi_unwrap(),
  • nor can it be removed later using napi_remove_wrap(), and
  • the object created by the API can be used with napi_wrap().

JavaScript ArrayBuffers are described in Section 24.1 of the ECMAScript Language Specification.

napi_create_external_buffer#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_external_buffer(napi_env env,
                                        size_t length,
                                        void* data,
                                        napi_finalize finalize_cb,
                                        void* finalize_hint,
                                        napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] length: Size in bytes of the input buffer (should be the same as the size of the new buffer).
  • [in] data: Raw pointer to the underlying buffer to copy from.
  • [in] finalize_cb: Optional callback to call when the ArrayBuffer is being collected.
  • [in] finalize_hint: Optional hint to pass to the finalize callback during collection.
  • [out] result: A napi_value representing a node::Buffer.

Returns napi_ok if the API succeeded.

This API allocates a node::Buffer object and initializes it with data backed by the passed in buffer. While this is still a fully-supported data structure, in most cases using a TypedArray will suffice.

The API adds a napi_finalize callback which will be called when the JavaScript object just created is ready for garbage collection. It is similar to napi_wrap() except that:

  • the native data cannot be retrieved later using napi_unwrap(),
  • nor can it be removed later using napi_remove_wrap(), and
  • the object created by the API can be used with napi_wrap().

For Node.js >=4 Buffers are Uint8Arrays.

napi_create_object#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_object(napi_env env, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [out] result: A napi_value representing a JavaScript Object.

Returns napi_ok if the API succeeded.

This API allocates a default JavaScript Object. It is the equivalent of doing new Object() in JavaScript.

The JavaScript Object type is described in Section 6.1.7 of the ECMAScript Language Specification.

napi_create_symbol#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_symbol(napi_env env,
                               napi_value description,
                               napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] description: Optional napi_value which refers to a JavaScript String to be set as the description for the symbol.
  • [out] result: A napi_value representing a JavaScript Symbol.

Returns napi_ok if the API succeeded.

This API creates a JavaScript Symbol object from a UTF8-encoded C string.

The JavaScript Symbol type is described in Section 19.4 of the ECMAScript Language Specification.

napi_create_typedarray#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_typedarray(napi_env env,
                                   napi_typedarray_type type,
                                   size_t length,
                                   napi_value arraybuffer,
                                   size_t byte_offset,
                                   napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] type: Scalar datatype of the elements within the TypedArray.
  • [in] length: Number of elements in the TypedArray.
  • [in] arraybuffer: ArrayBuffer underlying the typed array.
  • [in] byte_offset: The byte offset within the ArrayBuffer from which to start projecting the TypedArray.
  • [out] result: A napi_value representing a JavaScript TypedArray.

Returns napi_ok if the API succeeded.

This API creates a JavaScript TypedArray object over an existing ArrayBuffer. TypedArray objects provide an array-like view over an underlying data buffer where each element has the same underlying binary scalar datatype.

It's required that (length * size_of_element) + byte_offset should be <= the size in bytes of the array passed in. If not, a RangeError exception is raised.

JavaScript TypedArray objects are described in Section 22.2 of the ECMAScript Language Specification.

napi_create_dataview#

Added in: v8.3.0 N-API version: 1 
napi_status napi_create_dataview(napi_env env,
                                 size_t byte_length,
                                 napi_value arraybuffer,
                                 size_t byte_offset,
                                 napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] length: Number of elements in the DataView.
  • [in] arraybuffer: ArrayBuffer underlying the DataView.
  • [in] byte_offset: The byte offset within the ArrayBuffer from which to start projecting the DataView.
  • [out] result: A napi_value representing a JavaScript DataView.

Returns napi_ok if the API succeeded.

This API creates a JavaScript DataView object over an existing ArrayBuffer. DataView objects provide an array-like view over an underlying data buffer, but one which allows items of different size and type in the ArrayBuffer.

It is required that byte_length + byte_offset is less than or equal to the size in bytes of the array passed in. If not, a RangeError exception is raised.

JavaScript DataView objects are described in Section 24.3 of the ECMAScript Language Specification.

Functions to convert from C types to N-API#

napi_create_int32#

Added in: v8.4.0 N-API version: 1 
napi_status napi_create_int32(napi_env env, int32_t value, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: Integer value to be represented in JavaScript.
  • [out] result: A napi_value representing a JavaScript Number.

Returns napi_ok if the API succeeded.

This API is used to convert from the C int32_t type to the JavaScript Number type.

The JavaScript Number type is described in Section 6.1.6 of the ECMAScript Language Specification.

napi_create_uint32#

Added in: v8.4.0 N-API version: 1 
napi_status napi_create_uint32(napi_env env, uint32_t value, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: Unsigned integer value to be represented in JavaScript.
  • [out] result: A napi_value representing a JavaScript Number.

Returns napi_ok if the API succeeded.

This API is used to convert from the C uint32_t type to the JavaScript Number type.

The JavaScript Number type is described in Section 6.1.6 of the ECMAScript Language Specification.

napi_create_int64#

Added in: v8.4.0 N-API version: 1 
napi_status napi_create_int64(napi_env env, int64_t value, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: Integer value to be represented in JavaScript.
  • [out] result: A napi_value representing a JavaScript Number.

Returns napi_ok if the API succeeded.

This API is used to convert from the C int64_t type to the JavaScript Number type.

The JavaScript Number type is described in Section 6.1.6 of the ECMAScript Language Specification. Note the complete range of int64_t cannot be represented with full precision in JavaScript. Integer values outside the range of Number.MIN_SAFE_INTEGER -(2^53 - 1) - Number.MAX_SAFE_INTEGER (2^53 - 1) will lose precision.

napi_create_double#

Added in: v8.4.0 N-API version: 1 
napi_status napi_create_double(napi_env env, double value, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: Double-precision value to be represented in JavaScript.
  • [out] result: A napi_value representing a JavaScript Number.

Returns napi_ok if the API succeeded.

This API is used to convert from the C double type to the JavaScript Number type.

The JavaScript Number type is described in Section 6.1.6 of the ECMAScript Language Specification.

napi_create_bigint_int64#

Added in: v10.7.0

Stability: 1 - Experimental

napi_status napi_create_bigint_int64(napi_env env,
                                     int64_t value,
                                     napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] value: Integer value to be represented in JavaScript.
  • [out] result: A napi_value representing a JavaScript BigInt.

Returns napi_ok if the API succeeded.

This API converts the C int64_t type to the JavaScript BigInt type.

napi_create_bigint_uint64#

Added in: v10.7.0

Stability: 1 - Experimental

napi_status napi_create_bigint_uint64(napi_env env,
                                      uint64_t value,
                                      napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] value: Unsigned integer value to be represented in JavaScript.
  • [out] result: A napi_value representing a JavaScript BigInt.

Returns napi_ok if the API succeeded.

This API converts the C uint64_t type to the JavaScript BigInt type.

napi_create_bigint_words#

Added in: v10.7.0

Stability: 1 - Experimental

napi_status napi_create_bigint_words(napi_env env,
                                     int sign_bit,
                                     size_t word_count,
                                     const uint64_t* words,
                                     napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] sign_bit: Determines if the resulting BigInt will be positive or negative.
  • [in] word_count: The length of the words array.
  • [in] words: An array of uint64_t little-endian 64-bit words.
  • [out] result: A napi_value representing a JavaScript BigInt.

Returns napi_ok if the API succeeded.

This API converts an array of unsigned 64-bit words into a single BigInt value.

The resulting BigInt is calculated as: (–1)sign_bit (words[0] × (264)0 + words[1] × (264)1 + …)

napi_create_string_latin1#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_string_latin1(napi_env env,
                                      const char* str,
                                      size_t length,
                                      napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] str: Character buffer representing an ISO-8859-1-encoded string.
  • [in] length: The length of the string in bytes, or NAPI_AUTO_LENGTH if it is null-terminated.
  • [out] result: A napi_value representing a JavaScript String.

Returns napi_ok if the API succeeded.

This API creates a JavaScript String object from an ISO-8859-1-encoded C string. The native string is copied.

The JavaScript String type is described in Section 6.1.4 of the ECMAScript Language Specification.

napi_create_string_utf16#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_string_utf16(napi_env env,
                                     const char16_t* str,
                                     size_t length,
                                     napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] str: Character buffer representing a UTF16-LE-encoded string.
  • [in] length: The length of the string in two-byte code units, or NAPI_AUTO_LENGTH if it is null-terminated.
  • [out] result: A napi_value representing a JavaScript String.

Returns napi_ok if the API succeeded.

This API creates a JavaScript String object from a UTF16-LE-encoded C string. The native string is copied.

The JavaScript String type is described in Section 6.1.4 of the ECMAScript Language Specification.

napi_create_string_utf8#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_string_utf8(napi_env env,
                                    const char* str,
                                    size_t length,
                                    napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] str: Character buffer representing a UTF8-encoded string.
  • [in] length: The length of the string in bytes, or NAPI_AUTO_LENGTH if it is null-terminated.
  • [out] result: A napi_value representing a JavaScript String.

Returns napi_ok if the API succeeded.

This API creates a JavaScript String object from a UTF8-encoded C string. The native string is copied.

The JavaScript String type is described in Section 6.1.4 of the ECMAScript Language Specification.

Functions to convert from N-API to C types#

napi_get_array_length#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_array_length(napi_env env,
                                  napi_value value,
                                  uint32_t* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing the JavaScript Array whose length is being queried.
  • [out] result: uint32 representing length of the array.

Returns napi_ok if the API succeeded.

This API returns the length of an array.

Array length is described in Section 22.1.4.1 of the ECMAScript Language Specification.

napi_get_arraybuffer_info#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_arraybuffer_info(napi_env env,
                                      napi_value arraybuffer,
                                      void** data,
                                      size_t* byte_length)
  • [in] env: The environment that the API is invoked under.
  • [in] arraybuffer: napi_value representing the ArrayBuffer being queried.
  • [out] data: The underlying data buffer of the ArrayBuffer.
  • [out] byte_length: Length in bytes of the underlying data buffer.

Returns napi_ok if the API succeeded.

This API is used to retrieve the underlying data buffer of an ArrayBuffer and its length.

WARNING: Use caution while using this API. The lifetime of the underlying data buffer is managed by the ArrayBuffer even after it's returned. A possible safe way to use this API is in conjunction with napi_create_reference, which can be used to guarantee control over the lifetime of the ArrayBuffer. It's also safe to use the returned data buffer within the same callback as long as there are no calls to other APIs that might trigger a GC.

napi_get_buffer_info#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_buffer_info(napi_env env,
                                 napi_value value,
                                 void** data,
                                 size_t* length)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing the node::Buffer being queried.
  • [out] data: The underlying data buffer of the node::Buffer.
  • [out] length: Length in bytes of the underlying data buffer.

Returns napi_ok if the API succeeded.

This API is used to retrieve the underlying data buffer of a node::Buffer and it's length.

Warning: Use caution while using this API since the underlying data buffer's lifetime is not guaranteed if it's managed by the VM.

napi_get_prototype#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_prototype(napi_env env,
                               napi_value object,
                               napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] object: napi_value representing JavaScript Object whose prototype to return. This returns the equivalent of Object.getPrototypeOf (which is not the same as the function's prototype property).
  • [out] result: napi_value representing prototype of the given object.

Returns napi_ok if the API succeeded.

napi_get_typedarray_info#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_typedarray_info(napi_env env,
                                     napi_value typedarray,
                                     napi_typedarray_type* type,
                                     size_t* length,
                                     void** data,
                                     napi_value* arraybuffer,
                                     size_t* byte_offset)
  • [in] env: The environment that the API is invoked under.
  • [in] typedarray: napi_value representing the TypedArray whose properties to query.
  • [out] type: Scalar datatype of the elements within the TypedArray.
  • [out] length: The number of elements in the TypedArray.
  • [out] data: The data buffer underlying the TypedArray adjusted by the byte_offset value so that it points to the first element in the TypedArray.
  • [out] arraybuffer: The ArrayBuffer underlying the TypedArray.
  • [out] byte_offset: The byte offset within the underlying native array at which the first element of the arrays is located. The value for the data parameter has already been adjusted so that data points to the first element in the array. Therefore, the first byte of the native array would be at data - byte_offset.

Returns napi_ok if the API succeeded.

This API returns various properties of a typed array.

Warning: Use caution while using this API since the underlying data buffer is managed by the VM.

napi_get_dataview_info#

Added in: v8.3.0 N-API version: 1 
napi_status napi_get_dataview_info(napi_env env,
                                   napi_value dataview,
                                   size_t* byte_length,
                                   void** data,
                                   napi_value* arraybuffer,
                                   size_t* byte_offset)
  • [in] env: The environment that the API is invoked under.
  • [in] dataview: napi_value representing the DataView whose properties to query.
  • [out] byte_length: Number of bytes in the DataView.
  • [out] data: The data buffer underlying the DataView.
  • [out] arraybuffer: ArrayBuffer underlying the DataView.
  • [out] byte_offset: The byte offset within the data buffer from which to start projecting the DataView.

Returns napi_ok if the API succeeded.

This API returns various properties of a DataView.

napi_get_date_value#

Added in: v11.11.0 
napi_status napi_get_date_value(napi_env env,
                                napi_value value,
                                double* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing a JavaScript Date.
  • [out] result: Time value as a double represented as milliseconds since midnight at the beginning of 01 January, 1970 UTC.

This API does not observe leap seconds; they are ignored, as ECMAScript aligns with POSIX time specification.

Returns napi_ok if the API succeeded. If a non-date napi_value is passed in it returns napi_date_expected.

This API returns the C double primitive of time value for the given JavaScript Date.

napi_get_value_bool#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_bool(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript Boolean.
  • [out] result: C boolean primitive equivalent of the given JavaScript Boolean.

Returns napi_ok if the API succeeded. If a non-boolean napi_value is passed in it returns napi_boolean_expected.

This API returns the C boolean primitive equivalent of the given JavaScript Boolean.

napi_get_value_double#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_double(napi_env env,
                                  napi_value value,
                                  double* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript Number.
  • [out] result: C double primitive equivalent of the given JavaScript Number.

Returns napi_ok if the API succeeded. If a non-number napi_value is passed in it returns napi_number_expected.

This API returns the C double primitive equivalent of the given JavaScript Number.

napi_get_value_bigint_int64#

Added in: v10.7.0

Stability: 1 - Experimental

napi_status napi_get_value_bigint_int64(napi_env env,
                                        napi_value value,
                                        int64_t* result,
                                        bool* lossless);
  • [in] env: The environment that the API is invoked under
  • [in] value: napi_value representing JavaScript BigInt.
  • [out] result: C int64_t primitive equivalent of the given JavaScript BigInt.
  • [out] lossless: Indicates whether the BigInt value was converted losslessly.

Returns napi_ok if the API succeeded. If a non-BigInt is passed in it returns napi_bigint_expected.

This API returns the C int64_t primitive equivalent of the given JavaScript BigInt. If needed it will truncate the value, setting lossless to false.

napi_get_value_bigint_uint64#

Added in: v10.7.0

Stability: 1 - Experimental

napi_status napi_get_value_bigint_uint64(napi_env env,
                                        napi_value value,
                                        uint64_t* result,
                                        bool* lossless);
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript BigInt.
  • [out] result: C uint64_t primitive equivalent of the given JavaScript BigInt.
  • [out] lossless: Indicates whether the BigInt value was converted losslessly.

Returns napi_ok if the API succeeded. If a non-BigInt is passed in it returns napi_bigint_expected.

This API returns the C uint64_t primitive equivalent of the given JavaScript BigInt. If needed it will truncate the value, setting lossless to false.

napi_get_value_bigint_words#

Added in: v10.7.0

Stability: 1 - Experimental

napi_status napi_get_value_bigint_words(napi_env env,
                                        napi_value value,
                                        int* sign_bit,
                                        size_t* word_count,
                                        uint64_t* words);
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript BigInt.
  • [out] sign_bit: Integer representing if the JavaScript BigInt is positive or negative.
  • [in/out] word_count: Must be initialized to the length of the words array. Upon return, it will be set to the actual number of words that would be needed to store this BigInt.
  • [out] words: Pointer to a pre-allocated 64-bit word array.

Returns napi_ok if the API succeeded.

This API converts a single BigInt value into a sign bit, 64-bit little-endian array, and the number of elements in the array. sign_bit and words may be both set to NULL, in order to get only word_count.

napi_get_value_external#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_external(napi_env env,
                                    napi_value value,
                                    void** result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript external value.
  • [out] result: Pointer to the data wrapped by the JavaScript external value.

Returns napi_ok if the API succeeded. If a non-external napi_value is passed in it returns napi_invalid_arg.

This API retrieves the external data pointer that was previously passed to napi_create_external().

napi_get_value_int32#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_int32(napi_env env,
                                 napi_value value,
                                 int32_t* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript Number.
  • [out] result: C int32 primitive equivalent of the given JavaScript Number.

Returns napi_ok if the API succeeded. If a non-number napi_value is passed in napi_number_expected.

This API returns the C int32 primitive equivalent of the given JavaScript Number.

If the number exceeds the range of the 32 bit integer, then the result is truncated to the equivalent of the bottom 32 bits. This can result in a large positive number becoming a negative number if the value is > 2^31 -1.

Non-finite number values (NaN, +Infinity, or -Infinity) set the result to zero.

napi_get_value_int64#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_int64(napi_env env,
                                 napi_value value,
                                 int64_t* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript Number.
  • [out] result: C int64 primitive equivalent of the given JavaScript Number.

Returns napi_ok if the API succeeded. If a non-number napi_value is passed in it returns napi_number_expected.

This API returns the C int64 primitive equivalent of the given JavaScript Number.

Number values outside the range of Number.MIN_SAFE_INTEGER -(2^53 - 1) - Number.MAX_SAFE_INTEGER (2^53 - 1) will lose precision.

Non-finite number values (NaN, +Infinity, or -Infinity) set the result to zero.

napi_get_value_string_latin1#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_string_latin1(napi_env env,
                                         napi_value value,
                                         char* buf,
                                         size_t bufsize,
                                         size_t* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript string.
  • [in] buf: Buffer to write the ISO-8859-1-encoded string into. If NULL is passed in, the length of the string (in bytes) is returned.
  • [in] bufsize: Size of the destination buffer. When this value is insufficient, the returned string will be truncated.
  • [out] result: Number of bytes copied into the buffer, excluding the null terminator.

Returns napi_ok if the API succeeded. If a non-String napi_value is passed in it returns napi_string_expected.

This API returns the ISO-8859-1-encoded string corresponding the value passed in.

napi_get_value_string_utf8#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_string_utf8(napi_env env,
                                       napi_value value,
                                       char* buf,
                                       size_t bufsize,
                                       size_t* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript string.
  • [in] buf: Buffer to write the UTF8-encoded string into. If NULL is passed in, the length of the string (in bytes) is returned.
  • [in] bufsize: Size of the destination buffer. When this value is insufficient, the returned string will be truncated.
  • [out] result: Number of bytes copied into the buffer, excluding the null terminator.

Returns napi_ok if the API succeeded. If a non-String napi_value is passed in it returns napi_string_expected.

This API returns the UTF8-encoded string corresponding the value passed in.

napi_get_value_string_utf16#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_string_utf16(napi_env env,
                                        napi_value value,
                                        char16_t* buf,
                                        size_t bufsize,
                                        size_t* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript string.
  • [in] buf: Buffer to write the UTF16-LE-encoded string into. If NULL is passed in, the length of the string (in 2-byte code units) is returned.
  • [in] bufsize: Size of the destination buffer. When this value is insufficient, the returned string will be truncated.
  • [out] result: Number of 2-byte code units copied into the buffer, excluding the null terminator.

Returns napi_ok if the API succeeded. If a non-String napi_value is passed in it returns napi_string_expected.

This API returns the UTF16-encoded string corresponding the value passed in.

napi_get_value_uint32#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_value_uint32(napi_env env,
                                  napi_value value,
                                  uint32_t* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: napi_value representing JavaScript Number.
  • [out] result: C primitive equivalent of the given napi_value as a uint32_t.

Returns napi_ok if the API succeeded. If a non-number napi_value is passed in it returns napi_number_expected.

This API returns the C primitive equivalent of the given napi_value as a uint32_t.

Functions to get global instances#

napi_get_boolean#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_boolean(napi_env env, bool value, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The value of the boolean to retrieve.
  • [out] result: napi_value representing JavaScript Boolean singleton to retrieve.

Returns napi_ok if the API succeeded.

This API is used to return the JavaScript singleton object that is used to represent the given boolean value.

napi_get_global#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_global(napi_env env, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [out] result: napi_value representing JavaScript global object.

Returns napi_ok if the API succeeded.

This API returns the global object.

napi_get_null#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_null(napi_env env, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [out] result: napi_value representing JavaScript null object.

Returns napi_ok if the API succeeded.

This API returns the null object.

napi_get_undefined#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_undefined(napi_env env, napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [out] result: napi_value representing JavaScript Undefined value.

Returns napi_ok if the API succeeded.

This API returns the Undefined object.

Working with JavaScript Values and Abstract Operations#

N-API exposes a set of APIs to perform some abstract operations on JavaScript values. Some of these operations are documented under Section 7 of the ECMAScript Language Specification.

These APIs support doing one of the following:

  1. Coerce JavaScript values to specific JavaScript types (such as Number or String).
  2. Check the type of a JavaScript value.
  3. Check for equality between two JavaScript values.

napi_coerce_to_bool#

Added in: v8.0.0 N-API version: 1 
napi_status napi_coerce_to_bool(napi_env env,
                                napi_value value,
                                napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to coerce.
  • [out] result: napi_value representing the coerced JavaScript Boolean.

Returns napi_ok if the API succeeded.

This API implements the abstract operation ToBoolean() as defined in Section 7.1.2 of the ECMAScript Language Specification. This API can be re-entrant if getters are defined on the passed-in Object.

napi_coerce_to_number#

Added in: v8.0.0 N-API version: 1 
napi_status napi_coerce_to_number(napi_env env,
                                  napi_value value,
                                  napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to coerce.
  • [out] result: napi_value representing the coerced JavaScript Number.

Returns napi_ok if the API succeeded.

This API implements the abstract operation ToNumber() as defined in Section 7.1.3 of the ECMAScript Language Specification. This API can be re-entrant if getters are defined on the passed-in Object.

napi_coerce_to_object#

Added in: v8.0.0 N-API version: 1 
napi_status napi_coerce_to_object(napi_env env,
                                  napi_value value,
                                  napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to coerce.
  • [out] result: napi_value representing the coerced JavaScript Object.

Returns napi_ok if the API succeeded.

This API implements the abstract operation ToObject() as defined in Section 7.1.13 of the ECMAScript Language Specification. This API can be re-entrant if getters are defined on the passed-in Object.

napi_coerce_to_string#

Added in: v8.0.0 N-API version: 1 
napi_status napi_coerce_to_string(napi_env env,
                                  napi_value value,
                                  napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to coerce.
  • [out] result: napi_value representing the coerced JavaScript String.

Returns napi_ok if the API succeeded.

This API implements the abstract operation ToString() as defined in Section 7.1.13 of the ECMAScript Language Specification. This API can be re-entrant if getters are defined on the passed-in Object.

napi_typeof#

Added in: v8.0.0 N-API version: 1 
napi_status napi_typeof(napi_env env, napi_value value, napi_valuetype* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value whose type to query.
  • [out] result: The type of the JavaScript value.

Returns napi_ok if the API succeeded.

  • napi_invalid_arg if the type of value is not a known ECMAScript type and value is not an External value.

This API represents behavior similar to invoking the typeof Operator on the object as defined in Section 12.5.5 of the ECMAScript Language Specification. However, it has support for detecting an External value. If value has a type that is invalid, an error is returned.

napi_instanceof#

Added in: v8.0.0 N-API version: 1 
napi_status napi_instanceof(napi_env env,
                            napi_value object,
                            napi_value constructor,
                            bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] object: The JavaScript value to check.
  • [in] constructor: The JavaScript function object of the constructor function to check against.
  • [out] result: Boolean that is set to true if object instanceof constructor is true.

Returns napi_ok if the API succeeded.

This API represents invoking the instanceof Operator on the object as defined in Section 12.10.4 of the ECMAScript Language Specification.

napi_is_array#

Added in: v8.0.0 N-API version: 1 
napi_status napi_is_array(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to check.
  • [out] result: Whether the given object is an array.

Returns napi_ok if the API succeeded.

This API represents invoking the IsArray operation on the object as defined in Section 7.2.2 of the ECMAScript Language Specification.

napi_is_arraybuffer#

Added in: v8.0.0 N-API version: 1 
napi_status napi_is_arraybuffer(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to check.
  • [out] result: Whether the given object is an ArrayBuffer.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in is an array buffer.

napi_is_buffer#

Added in: v8.0.0 N-API version: 1 
napi_status napi_is_buffer(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to check.
  • [out] result: Whether the given napi_value represents a node::Buffer object.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in is a buffer.

napi_is_date#

Added in: v11.11.0 
napi_status napi_is_date(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to check.
  • [out] result: Whether the given napi_value represents a JavaScript Date object.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in is a date.

napi_is_error#

Added in: v8.0.0 N-API version: 1 
napi_status napi_is_error(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to check.
  • [out] result: Whether the given napi_value represents an Error object.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in is an Error.

napi_is_typedarray#

Added in: v8.0.0 N-API version: 1 
napi_status napi_is_typedarray(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to check.
  • [out] result: Whether the given napi_value represents a TypedArray.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in is a typed array.

napi_is_dataview#

Added in: v8.3.0 N-API version: 1 
napi_status napi_is_dataview(napi_env env, napi_value value, bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] value: The JavaScript value to check.
  • [out] result: Whether the given napi_value represents a DataView.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in is a DataView.

napi_strict_equals#

Added in: v8.0.0 N-API version: 1 
napi_status napi_strict_equals(napi_env env,
                               napi_value lhs,
                               napi_value rhs,
                               bool* result)
  • [in] env: The environment that the API is invoked under.
  • [in] lhs: The JavaScript value to check.
  • [in] rhs: The JavaScript value to check against.
  • [out] result: Whether the two napi_value objects are equal.

Returns napi_ok if the API succeeded.

This API represents the invocation of the Strict Equality algorithm as defined in Section 7.2.14 of the ECMAScript Language Specification.

napi_detach_arraybuffer#

Added in: v13.0.0 
napi_status napi_detach_arraybuffer(napi_env env,
                                    napi_value arraybuffer)
  • [in] env: The environment that the API is invoked under.
  • [in] arraybuffer: The JavaScript ArrayBuffer to be detached.

Returns napi_ok if the API succeeded. If a non-detachable ArrayBuffer is passed in it returns napi_detachable_arraybuffer_expected.

Generally, an ArrayBuffer is non-detachable if it has been detached before. The engine may impose additional conditions on whether an ArrayBuffer is detachable. For example, V8 requires that the ArrayBuffer be external, that is, created with napi_create_external_arraybuffer.

This API represents the invocation of the ArrayBuffer detach operation as defined in Section 24.1.1.3 of the ECMAScript Language Specification.

Working with JavaScript Properties#

N-API exposes a set of APIs to get and set properties on JavaScript objects. Some of these types are documented under Section 7 of the ECMAScript Language Specification.

Properties in JavaScript are represented as a tuple of a key and a value. Fundamentally, all property keys in N-API can be represented in one of the following forms:

  • Named: a simple UTF8-encoded string
  • Integer-Indexed: an index value represented by uint32_t
  • JavaScript value: these are represented in N-API by napi_value. This can be a napi_value representing a String, Number, or Symbol.

N-API values are represented by the type napi_value. Any N-API call that requires a JavaScript value takes in a napi_value. However, it's the caller's responsibility to make sure that the napi_value in question is of the JavaScript type expected by the API.

The APIs documented in this section provide a simple interface to get and set properties on arbitrary JavaScript objects represented by napi_value.

For instance, consider the following JavaScript code snippet:

const obj = {};
obj.myProp = 123;

The equivalent can be done using N-API values with the following snippet:

napi_status status = napi_generic_failure;

// const obj = {}
napi_value obj, value;
status = napi_create_object(env, &obj);
if (status != napi_ok) return status;

// Create a napi_value for 123
status = napi_create_int32(env, 123, &value);
if (status != napi_ok) return status;

// obj.myProp = 123
status = napi_set_named_property(env, obj, "myProp", value);
if (status != napi_ok) return status;

Indexed properties can be set in a similar manner. Consider the following JavaScript snippet:

const arr = [];
arr[123] = 'hello';

The equivalent can be done using N-API values with the following snippet:

napi_status status = napi_generic_failure;

// const arr = [];
napi_value arr, value;
status = napi_create_array(env, &arr);
if (status != napi_ok) return status;

// Create a napi_value for 'hello'
status = napi_create_string_utf8(env, "hello", NAPI_AUTO_LENGTH, &value);
if (status != napi_ok) return status;

// arr[123] = 'hello';
status = napi_set_element(env, arr, 123, value);
if (status != napi_ok) return status;

Properties can be retrieved using the APIs described in this section. Consider the following JavaScript snippet:

const arr = [];
const value = arr[123];

The following is the approximate equivalent of the N-API counterpart:

napi_status status = napi_generic_failure;

// const arr = []
napi_value arr, value;
status = napi_create_array(env, &arr);
if (status != napi_ok) return status;

// const value = arr[123]
status = napi_get_element(env, arr, 123, &value);
if (status != napi_ok) return status;

Finally, multiple properties can also be defined on an object for performance reasons. Consider the following JavaScript:

const obj = {};
Object.defineProperties(obj, {
  'foo': { value: 123, writable: true, configurable: true, enumerable: true },
  'bar': { value: 456, writable: true, configurable: true, enumerable: true }
});

The following is the approximate equivalent of the N-API counterpart:

napi_status status = napi_status_generic_failure;

// const obj = {};
napi_value obj;
status = napi_create_object(env, &obj);
if (status != napi_ok) return status;

// Create napi_values for 123 and 456
napi_value fooValue, barValue;
status = napi_create_int32(env, 123, &fooValue);
if (status != napi_ok) return status;
status = napi_create_int32(env, 456, &barValue);
if (status != napi_ok) return status;

// Set the properties
napi_property_descriptor descriptors[] = {
  { "foo", NULL, NULL, NULL, NULL, fooValue, napi_default, NULL },
  { "bar", NULL, NULL, NULL, NULL, barValue, napi_default, NULL }
}
status = napi_define_properties(env,
                                obj,
                                sizeof(descriptors) / sizeof(descriptors[0]),
                                descriptors);
if (status != napi_ok) return status;

Structures#

napi_property_attributes#

typedef enum {
  napi_default = 0,
  napi_writable = 1 << 0,
  napi_enumerable = 1 << 1,
  napi_configurable = 1 << 2,

  // Used with napi_define_class to distinguish static properties
  // from instance properties. Ignored by napi_define_properties.
  napi_static = 1 << 10,
} napi_property_attributes;

napi_property_attributes are flags used to control the behavior of properties set on a JavaScript object. Other than napi_static they correspond to the attributes listed in Section 6.1.7.1 of the ECMAScript Language Specification. They can be one or more of the following bitflags:

  • napi_default: No explicit attributes are set on the property. By default, a property is read only, not enumerable and not configurable.
  • napi_writable: The property is writable.
  • napi_enumerable: The property is enumerable.
  • napi_configurable: The property is configurable as defined in Section 6.1.7.1 of the ECMAScript Language Specification.
  • napi_static: The property will be defined as a static property on a class as opposed to an instance property, which is the default. This is used only by napi_define_class. It is ignored by napi_define_properties.

napi_property_descriptor#

typedef struct {
  // One of utf8name or name should be NULL.
  const char* utf8name;
  napi_value name;

  napi_callback method;
  napi_callback getter;
  napi_callback setter;
  napi_value value;

  napi_property_attributes attributes;
  void* data;
} napi_property_descriptor;
  • utf8name: Optional String describing the key for the property, encoded as UTF8. One of utf8name or name must be provided for the property.
  • name: Optional napi_value that points to a JavaScript string or symbol to be used as the key for the property. One of utf8name or name must be provided for the property.
  • value: The value that's retrieved by a get access of the property if the property is a data property. If this is passed in, set getter, setter, method and data to NULL (since these members won't be used).
  • getter: A function to call when a get access of the property is performed. If this is passed in, set value and method to NULL (since these members won't be used). The given function is called implicitly by the runtime when the property is accessed from JavaScript code (or if a get on the property is performed using a N-API call).
  • setter: A function to call when a set access of the property is performed. If this is passed in, set value and method to NULL (since these members won't be used). The given function is called implicitly by the runtime when the property is set from JavaScript code (or if a set on the property is performed using a N-API call).
  • method: Set this to make the property descriptor object's value property to be a JavaScript function represented by method. If this is passed in, set value, getter and setter to NULL (since these members won't be used).
  • attributes: The attributes associated with the particular property. See napi_property_attributes.
  • data: The callback data passed into method, getter and setter if this function is invoked.

Functions#

napi_get_property_names#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_property_names(napi_env env,
                                    napi_value object,
                                    napi_value* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object from which to retrieve the properties.
  • [out] result: A napi_value representing an array of JavaScript values that represent the property names of the object. The API can be used to iterate over result using napi_get_array_length and napi_get_element.

Returns napi_ok if the API succeeded.

This API returns the names of the enumerable properties of object as an array of strings. The properties of object whose key is a symbol will not be included.

napi_set_property#

Added in: v8.0.0 N-API version: 1 
napi_status napi_set_property(napi_env env,
                              napi_value object,
                              napi_value key,
                              napi_value value);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object on which to set the property.
  • [in] key: The name of the property to set.
  • [in] value: The property value.

Returns napi_ok if the API succeeded.

This API set a property on the Object passed in.

napi_get_property#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_property(napi_env env,
                              napi_value object,
                              napi_value key,
                              napi_value* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object from which to retrieve the property.
  • [in] key: The name of the property to retrieve.
  • [out] result: The value of the property.

Returns napi_ok if the API succeeded.

This API gets the requested property from the Object passed in.

napi_has_property#

Added in: v8.0.0 N-API version: 1 
napi_status napi_has_property(napi_env env,
                              napi_value object,
                              napi_value key,
                              bool* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object to query.
  • [in] key: The name of the property whose existence to check.
  • [out] result: Whether the property exists on the object or not.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in has the named property.

napi_delete_property#

Added in: v8.2.0 N-API version: 1 
napi_status napi_delete_property(napi_env env,
                                 napi_value object,
                                 napi_value key,
                                 bool* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object to query.
  • [in] key: The name of the property to delete.
  • [out] result: Whether the property deletion succeeded or not. result can optionally be ignored by passing NULL.

Returns napi_ok if the API succeeded.

This API attempts to delete the key own property from object.

napi_has_own_property#

Added in: v8.2.0 N-API version: 1 
napi_status napi_has_own_property(napi_env env,
                                  napi_value object,
                                  napi_value key,
                                  bool* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object to query.
  • [in] key: The name of the own property whose existence to check.
  • [out] result: Whether the own property exists on the object or not.

Returns napi_ok if the API succeeded.

This API checks if the Object passed in has the named own property. key must be a string or a Symbol, or an error will be thrown. N-API will not perform any conversion between data types.

napi_set_named_property#

Added in: v8.0.0 N-API version: 1 
napi_status napi_set_named_property(napi_env env,
                                    napi_value object,
                                    const char* utf8Name,
                                    napi_value value);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object on which to set the property.
  • [in] utf8Name: The name of the property to set.
  • [in] value: The property value.

Returns napi_ok if the API succeeded.

This method is equivalent to calling napi_set_property with a napi_value created from the string passed in as utf8Name.

napi_get_named_property#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_named_property(napi_env env,
                                    napi_value object,
                                    const char* utf8Name,
                                    napi_value* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object from which to retrieve the property.
  • [in] utf8Name: The name of the property to get.
  • [out] result: The value of the property.

Returns napi_ok if the API succeeded.

This method is equivalent to calling napi_get_property with a napi_value created from the string passed in as utf8Name.

napi_has_named_property#

Added in: v8.0.0 N-API version: 1 
napi_status napi_has_named_property(napi_env env,
                                    napi_value object,
                                    const char* utf8Name,
                                    bool* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object to query.
  • [in] utf8Name: The name of the property whose existence to check.
  • [out] result: Whether the property exists on the object or not.

Returns napi_ok if the API succeeded.

This method is equivalent to calling napi_has_property with a napi_value created from the string passed in as utf8Name.

napi_set_element#

Added in: v8.0.0 N-API version: 1 
napi_status napi_set_element(napi_env env,
                             napi_value object,
                             uint32_t index,
                             napi_value value);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object from which to set the properties.
  • [in] index: The index of the property to set.
  • [in] value: The property value.

Returns napi_ok if the API succeeded.

This API sets and element on the Object passed in.

napi_get_element#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_element(napi_env env,
                             napi_value object,
                             uint32_t index,
                             napi_value* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object from which to retrieve the property.
  • [in] index: The index of the property to get.
  • [out] result: The value of the property.

Returns napi_ok if the API succeeded.

This API gets the element at the requested index.

napi_has_element#

Added in: v8.0.0 N-API version: 1 
napi_status napi_has_element(napi_env env,
                             napi_value object,
                             uint32_t index,
                             bool* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object to query.
  • [in] index: The index of the property whose existence to check.
  • [out] result: Whether the property exists on the object or not.

Returns napi_ok if the API succeeded.

This API returns if the Object passed in has an element at the requested index.

napi_delete_element#

Added in: v8.2.0 N-API version: 1 
napi_status napi_delete_element(napi_env env,
                                napi_value object,
                                uint32_t index,
                                bool* result);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object to query.
  • [in] index: The index of the property to delete.
  • [out] result: Whether the element deletion succeeded or not. result can optionally be ignored by passing NULL.

Returns napi_ok if the API succeeded.

This API attempts to delete the specified index from object.

napi_define_properties#

Added in: v8.0.0 N-API version: 1 
napi_status napi_define_properties(napi_env env,
                                   napi_value object,
                                   size_t property_count,
                                   const napi_property_descriptor* properties);
  • [in] env: The environment that the N-API call is invoked under.
  • [in] object: The object from which to retrieve the properties.
  • [in] property_count: The number of elements in the properties array.
  • [in] properties: The array of property descriptors.

Returns napi_ok if the API succeeded.

This method allows the efficient definition of multiple properties on a given object. The properties are defined using property descriptors (see napi_property_descriptor). Given an array of such property descriptors, this API will set the properties on the object one at a time, as defined by DefineOwnProperty() (described in Section 9.1.6 of the ECMA-262 specification).

Working with JavaScript Functions#

N-API provides a set of APIs that allow JavaScript code to call back into native code. N-API APIs that support calling back into native code take in a callback functions represented by the napi_callback type. When the JavaScript VM calls back to native code, the napi_callback function provided is invoked. The APIs documented in this section allow the callback function to do the following:

  • Get information about the context in which the callback was invoked.
  • Get the arguments passed into the callback.
  • Return a napi_value back from the callback.

Additionally, N-API provides a set of functions which allow calling JavaScript functions from native code. One can either call a function like a regular JavaScript function call, or as a constructor function.

Any non-NULL data which is passed to this API via the data field of the napi_property_descriptor items can be associated with object and freed whenever object is garbage-collected by passing both object and the data to napi_add_finalizer.

napi_call_function#

Added in: v8.0.0 N-API version: 1 
napi_status napi_call_function(napi_env env,
                               napi_value recv,
                               napi_value func,
                               int argc,
                               const napi_value* argv,
                               napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] recv: The this object passed to the called function.
  • [in] func: napi_value representing the JavaScript function to be invoked.
  • [in] argc: The count of elements in the argv array.
  • [in] argv: Array of napi_values representing JavaScript values passed in as arguments to the function.
  • [out] result: napi_value representing the JavaScript object returned.

Returns napi_ok if the API succeeded.

This method allows a JavaScript function object to be called from a native add-on. This is the primary mechanism of calling back from the add-on's native code into JavaScript. For the special case of calling into JavaScript after an async operation, see napi_make_callback.

A sample use case might look as follows. Consider the following JavaScript snippet:

function AddTwo(num) {
  return num + 2;
}

Then, the above function can be invoked from a native add-on using the following code:

// Get the function named "AddTwo" on the global object
napi_value global, add_two, arg;
napi_status status = napi_get_global(env, &global);
if (status != napi_ok) return;

status = napi_get_named_property(env, global, "AddTwo", &add_two);
if (status != napi_ok) return;

// const arg = 1337
status = napi_create_int32(env, 1337, &arg);
if (status != napi_ok) return;

napi_value* argv = &arg;
size_t argc = 1;

// AddTwo(arg);
napi_value return_val;
status = napi_call_function(env, global, add_two, argc, argv, &return_val);
if (status != napi_ok) return;

// Convert the result back to a native type
int32_t result;
status = napi_get_value_int32(env, return_val, &result);
if (status != napi_ok) return;

napi_create_function#

Added in: v8.0.0 N-API version: 1 
napi_status napi_create_function(napi_env env,
                                 const char* utf8name,
                                 size_t length,
                                 napi_callback cb,
                                 void* data,
                                 napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] utf8Name: The name of the function encoded as UTF8. This is visible within JavaScript as the new function object's name property.
  • [in] length: The length of the utf8name in bytes, or NAPI_AUTO_LENGTH if it is null-terminated.
  • [in] cb: The native function which should be called when this function object is invoked.
  • [in] data: User-provided data context. This will be passed back into the function when invoked later.
  • [out] result: napi_value representing the JavaScript function object for the newly created function.

Returns napi_ok if the API succeeded.

This API allows an add-on author to create a function object in native code. This is the primary mechanism to allow calling into the add-on's native code from JavaScript.

The newly created function is not automatically visible from script after this call. Instead, a property must be explicitly set on any object that is visible to JavaScript, in order for the function to be accessible from script.

In order to expose a function as part of the add-on's module exports, set the newly created function on the exports object. A sample module might look as follows:

napi_value SayHello(napi_env env, napi_callback_info info) {
  printf("Hello\n");
  return NULL;
}

napi_value Init(napi_env env, napi_value exports) {
  napi_status status;

  napi_value fn;
  status = napi_create_function(env, NULL, 0, SayHello, NULL, &fn);
  if (status != napi_ok) return NULL;

  status = napi_set_named_property(env, exports, "sayHello", fn);
  if (status != napi_ok) return NULL;

  return exports;
}

NAPI_MODULE(NODE_GYP_MODULE_NAME, Init)

Given the above code, the add-on can be used from JavaScript as follows:

const myaddon = require('./addon');
myaddon.sayHello();

The string passed to require() is the name of the target in binding.gyp responsible for creating the .node file.

Any non-NULL data which is passed to this API via the data parameter can be associated with the resulting JavaScript function (which is returned in the result parameter) and freed whenever the function is garbage-collected by passing both the JavaScript function and the data to napi_add_finalizer.

JavaScript Functions are described in Section 19.2 of the ECMAScript Language Specification.

napi_get_cb_info#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_cb_info(napi_env env,
                             napi_callback_info cbinfo,
                             size_t* argc,
                             napi_value* argv,
                             napi_value* thisArg,
                             void** data)
  • [in] env: The environment that the API is invoked under.
  • [in] cbinfo: The callback info passed into the callback function.
  • [in-out] argc: Specifies the size of the provided argv array and receives the actual count of arguments.
  • [out] argv: Buffer to which the napi_value representing the arguments are copied. If there are more arguments than the provided count, only the requested number of arguments are copied. If there are fewer arguments provided than claimed, the rest of argv is filled with napi_value values that represent undefined.
  • [out] this: Receives the JavaScript this argument for the call.
  • [out] data: Receives the data pointer for the callback.

Returns napi_ok if the API succeeded.

This method is used within a callback function to retrieve details about the call like the arguments and the this pointer from a given callback info.

napi_get_new_target#

Added in: v8.6.0 N-API version: 1 
napi_status napi_get_new_target(napi_env env,
                                napi_callback_info cbinfo,
                                napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] cbinfo: The callback info passed into the callback function.
  • [out] result: The new.target of the constructor call.

Returns napi_ok if the API succeeded.

This API returns the new.target of the constructor call. If the current callback is not a constructor call, the result is NULL.

napi_new_instance#

Added in: v8.0.0 N-API version: 1 
napi_status napi_new_instance(napi_env env,
                              napi_value cons,
                              size_t argc,
                              napi_value* argv,
                              napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] cons: napi_value representing the JavaScript function to be invoked as a constructor.
  • [in] argc: The count of elements in the argv array.
  • [in] argv: Array of JavaScript values as napi_value representing the arguments to the constructor.
  • [out] result: napi_value representing the JavaScript object returned, which in this case is the constructed object.

This method is used to instantiate a new JavaScript value using a given napi_value that represents the constructor for the object. For example, consider the following snippet:

function MyObject(param) {
  this.param = param;
}

const arg = 'hello';
const value = new MyObject(arg);

The following can be approximated in N-API using the following snippet:

// Get the constructor function MyObject
napi_value global, constructor, arg, value;
napi_status status = napi_get_global(env, &global);
if (status != napi_ok) return;

status = napi_get_named_property(env, global, "MyObject", &constructor);
if (status != napi_ok) return;

// const arg = "hello"
status = napi_create_string_utf8(env, "hello", NAPI_AUTO_LENGTH, &arg);
if (status != napi_ok) return;

napi_value* argv = &arg;
size_t argc = 1;

// const value = new MyObject(arg)
status = napi_new_instance(env, constructor, argc, argv, &value);

Returns napi_ok if the API succeeded.

Object Wrap#

N-API offers a way to "wrap" C++ classes and instances so that the class constructor and methods can be called from JavaScript.

  1. The napi_define_class API defines a JavaScript class with constructor, static properties and methods, and instance properties and methods that correspond to the C++ class.
  2. When JavaScript code invokes the constructor, the constructor callback uses napi_wrap to wrap a new C++ instance in a JavaScript object, then returns the wrapper object.
  3. When JavaScript code invokes a method or property accessor on the class, the corresponding napi_callback C++ function is invoked. For an instance callback, napi_unwrap obtains the C++ instance that is the target of the call.

For wrapped objects it may be difficult to distinguish between a function called on a class prototype and a function called on an instance of a class. A common pattern used to address this problem is to save a persistent reference to the class constructor for later instanceof checks.

napi_value MyClass_constructor = NULL;
status = napi_get_reference_value(env, MyClass::es_constructor, &MyClass_constructor);
assert(napi_ok == status);
bool is_instance = false;
status = napi_instanceof(env, es_this, MyClass_constructor, &is_instance);
assert(napi_ok == status);
if (is_instance) {
  // napi_unwrap() ...
} else {
  // otherwise...
}

The reference must be freed once it is no longer needed.

napi_define_class#

Added in: v8.0.0 N-API version: 1 
napi_status napi_define_class(napi_env env,
                              const char* utf8name,
                              size_t length,
                              napi_callback constructor,
                              void* data,
                              size_t property_count,
                              const napi_property_descriptor* properties,
                              napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] utf8name: Name of the JavaScript constructor function; this is not required to be the same as the C++ class name, though it is recommended for clarity.
  • [in] length: The length of the utf8name in bytes, or NAPI_AUTO_LENGTH if it is null-terminated.
  • [in] constructor: Callback function that handles constructing instances of the class. (This should be a static method on the class, not an actual C++ constructor function.)
  • [in] data: Optional data to be passed to the constructor callback as the data property of the callback info.
  • [in] property_count: Number of items in the properties array argument.
  • [in] properties: Array of property descriptors describing static and instance data properties, accessors, and methods on the class See napi_property_descriptor.
  • [out] result: A napi_value representing the constructor function for the class.

Returns napi_ok if the API succeeded.

Defines a JavaScript class that corresponds to a C++ class, including:

  • A JavaScript constructor function that has the class name and invokes the provided C++ constructor callback.
  • Properties on the constructor function corresponding to static data properties, accessors, and methods of the C++ class (defined by property descriptors with the napi_static attribute).
  • Properties on the constructor function's prototype object corresponding to non-static data properties, accessors, and methods of the C++ class (defined by property descriptors without the napi_static attribute).

The C++ constructor callback should be a static method on the class that calls the actual class constructor, then wraps the new C++ instance in a JavaScript object, and returns the wrapper object. See napi_wrap() for details.

The JavaScript constructor function returned from napi_define_class is often saved and used later, to construct new instances of the class from native code, and/or check whether provided values are instances of the class. In that case, to prevent the function value from being garbage-collected, create a persistent reference to it using napi_create_reference and ensure the reference count is kept >= 1.

Any non-NULL data which is passed to this API via the data parameter or via the data field of the napi_property_descriptor array items can be associated with the resulting JavaScript constructor (which is returned in the result parameter) and freed whenever the class is garbage-collected by passing both the JavaScript function and the data to napi_add_finalizer.

napi_wrap#

Added in: v8.0.0 N-API version: 1 
napi_status napi_wrap(napi_env env,
                      napi_value js_object,
                      void* native_object,
                      napi_finalize finalize_cb,
                      void* finalize_hint,
                      napi_ref* result);
  • [in] env: The environment that the API is invoked under.
  • [in] js_object: The JavaScript object that will be the wrapper for the native object.
  • [in] native_object: The native instance that will be wrapped in the JavaScript object.
  • [in] finalize_cb: Optional native callback that can be used to free the native instance when the JavaScript object is ready for garbage-collection.
  • [in] finalize_hint: Optional contextual hint that is passed to the finalize callback.
  • [out] result: Optional reference to the wrapped object.

Returns napi_ok if the API succeeded.

Wraps a native instance in a JavaScript object. The native instance can be retrieved later using napi_unwrap().

When JavaScript code invokes a constructor for a class that was defined using napi_define_class(), the napi_callback for the constructor is invoked. After constructing an instance of the native class, the callback must then call napi_wrap() to wrap the newly constructed instance in the already-created JavaScript object that is the this argument to the constructor callback. (That this object was created from the constructor function's prototype, so it already has definitions of all the instance properties and methods.)

Typically when wrapping a class instance, a finalize callback should be provided that simply deletes the native instance that is received as the data argument to the finalize callback.

The optional returned reference is initially a weak reference, meaning it has a reference count of 0. Typically this reference count would be incremented temporarily during async operations that require the instance to remain valid.

Caution: The optional returned reference (if obtained) should be deleted via napi_delete_reference ONLY in response to the finalize callback invocation. If it is deleted before then, then the finalize callback may never be invoked. Therefore, when obtaining a reference a finalize callback is also required in order to enable correct disposal of the reference.

Calling napi_wrap() a second time on an object will return an error. To associate another native instance with the object, use napi_remove_wrap() first.

napi_unwrap#

Added in: v8.0.0 N-API version: 1 
napi_status napi_unwrap(napi_env env,
                        napi_value js_object,
                        void** result);
  • [in] env: The environment that the API is invoked under.
  • [in] js_object: The object associated with the native instance.
  • [out] result: Pointer to the wrapped native instance.

Returns napi_ok if the API succeeded.

Retrieves a native instance that was previously wrapped in a JavaScript object using napi_wrap().

When JavaScript code invokes a method or property accessor on the class, the corresponding napi_callback is invoked. If the callback is for an instance method or accessor, then the this argument to the callback is the wrapper object; the wrapped C++ instance that is the target of the call can be obtained then by calling napi_unwrap() on the wrapper object.

napi_remove_wrap#

Added in: v8.5.0 N-API version: 1 
napi_status napi_remove_wrap(napi_env env,
                             napi_value js_object,
                             void** result);
  • [in] env: The environment that the API is invoked under.
  • [in] js_object: The object associated with the native instance.
  • [out] result: Pointer to the wrapped native instance.

Returns napi_ok if the API succeeded.

Retrieves a native instance that was previously wrapped in the JavaScript object js_object using napi_wrap() and removes the wrapping. If a finalize callback was associated with the wrapping, it will no longer be called when the JavaScript object becomes garbage-collected.

napi_add_finalizer#

Added in: v8.0.0 
napi_status napi_add_finalizer(napi_env env,
                               napi_value js_object,
                               void* native_object,
                               napi_finalize finalize_cb,
                               void* finalize_hint,
                               napi_ref* result);
  • [in] env: The environment that the API is invoked under.
  • [in] js_object: The JavaScript object to which the native data will be attached.
  • [in] native_object: The native data that will be attached to the JavaScript object.
  • [in] finalize_cb: Native callback that will be used to free the native data when the JavaScript object is ready for garbage-collection.
  • [in] finalize_hint: Optional contextual hint that is passed to the finalize callback.
  • [out] result: Optional reference to the JavaScript object.

Returns napi_ok if the API succeeded.

Adds a napi_finalize callback which will be called when the JavaScript object in js_object is ready for garbage collection. This API is similar to napi_wrap() except that:

  • the native data cannot be retrieved later using napi_unwrap(),
  • nor can it be removed later using napi_remove_wrap(), and
  • the API can be called multiple times with different data items in order to attach each of them to the JavaScript object, and
  • the object manipulated by the API can be used with napi_wrap().

Caution: The optional returned reference (if obtained) should be deleted via napi_delete_reference ONLY in response to the finalize callback invocation. If it is deleted before then, then the finalize callback may never be invoked. Therefore, when obtaining a reference a finalize callback is also required in order to enable correct disposal of the reference.

Simple Asynchronous Operations#

Addon modules often need to leverage async helpers from libuv as part of their implementation. This allows them to schedule work to be executed asynchronously so that their methods can return in advance of the work being completed. This allows them to avoid blocking overall execution of the Node.js application.

N-API provides an ABI-stable interface for these supporting functions which covers the most common asynchronous use cases.

N-API defines the napi_work structure which is used to manage asynchronous workers. Instances are created/deleted with napi_create_async_work and napi_delete_async_work.

The execute and complete callbacks are functions that will be invoked when the executor is ready to execute and when it completes its task respectively.

The execute function should avoid making any N-API calls that could result in the execution of JavaScript or interaction with JavaScript objects. Most often, any code that needs to make N-API calls should be made in complete callback instead. Avoid using the napi_env parameter in the execute callback as it will likely execute JavaScript.

These functions implement the following interfaces:

typedef void (*napi_async_execute_callback)(napi_env env,
                                            void* data);
typedef void (*napi_async_complete_callback)(napi_env env,
                                             napi_status status,
                                             void* data);

When these methods are invoked, the data parameter passed will be the addon-provided void* data that was passed into the napi_create_async_work call.

Once created the async worker can be queued for execution using the napi_queue_async_work function:

napi_status napi_queue_async_work(napi_env env,
                                  napi_async_work work);

napi_cancel_async_work can be used if the work needs to be cancelled before the work has started execution.

After calling napi_cancel_async_work, the complete callback will be invoked with a status value of napi_cancelled. The work should not be deleted before the complete callback invocation, even when it was cancelled.

napi_create_async_work#

History
VersionChanges
v8.6.0

Added async_resource and async_resource_name parameters.

v8.0.0

Added in: v8.0.0

N-API version: 1 
napi_status napi_create_async_work(napi_env env,
                                   napi_value async_resource,
                                   napi_value async_resource_name,
                                   napi_async_execute_callback execute,
                                   napi_async_complete_callback complete,
                                   void* data,
                                   napi_async_work* result);
  • [in] env: The environment that the API is invoked under.
  • [in] async_resource: An optional object associated with the async work that will be passed to possible async_hooks init hooks.
  • [in] async_resource_name: Identifier for the kind of resource that is being provided for diagnostic information exposed by the async_hooks API.
  • [in] execute: The native function which should be called to execute the logic asynchronously. The given function is called from a worker pool thread and can execute in parallel with the main event loop thread.
  • [in] complete: The native function which will be called when the asynchronous logic is completed or is cancelled. The given function is called from the main event loop thread.
  • [in] data: User-provided data context. This will be passed back into the execute and complete functions.
  • [out] result: napi_async_work* which is the handle to the newly created async work.

Returns napi_ok if the API succeeded.

This API allocates a work object that is used to execute logic asynchronously. It should be freed using napi_delete_async_work once the work is no longer required.

async_resource_name should be a null-terminated, UTF-8-encoded string.

The async_resource_name identifier is provided by the user and should be representative of the type of async work being performed. It is also recommended to apply namespacing to the identifier, e.g. by including the module name. See the async_hooks documentation for more information.

napi_delete_async_work#

Added in: v8.0.0 N-API version: 1 
napi_status napi_delete_async_work(napi_env env,
                                   napi_async_work work);
  • [in] env: The environment that the API is invoked under.
  • [in] work: The handle returned by the call to napi_create_async_work.

Returns napi_ok if the API succeeded.

This API frees a previously allocated work object.

This API can be called even if there is a pending JavaScript exception.

napi_queue_async_work#

Added in: v8.0.0 N-API version: 1 
napi_status napi_queue_async_work(napi_env env,
                                  napi_async_work work);
  • [in] env: The environment that the API is invoked under.
  • [in] work: The handle returned by the call to napi_create_async_work.

Returns napi_ok if the API succeeded.

This API requests that the previously allocated work be scheduled for execution. Once it returns successfully, this API must not be called again with the same napi_async_work item or the result will be undefined.

napi_cancel_async_work#

Added in: v8.0.0 N-API version: 1 
napi_status napi_cancel_async_work(napi_env env,
                                   napi_async_work work);
  • [in] env: The environment that the API is invoked under.
  • [in] work: The handle returned by the call to napi_create_async_work.

Returns napi_ok if the API succeeded.

This API cancels queued work if it has not yet been started. If it has already started executing, it cannot be cancelled and napi_generic_failure will be returned. If successful, the complete callback will be invoked with a status value of napi_cancelled. The work should not be deleted before the complete callback invocation, even if it has been successfully cancelled.

This API can be called even if there is a pending JavaScript exception.

Custom Asynchronous Operations#

The simple asynchronous work APIs above may not be appropriate for every scenario. When using any other asynchronous mechanism, the following APIs are necessary to ensure an asynchronous operation is properly tracked by the runtime.

napi_async_init#

Added in: v8.6.0 N-API version: 1 
napi_status napi_async_init(napi_env env,
                            napi_value async_resource,
                            napi_value async_resource_name,
                            napi_async_context* result)
  • [in] env: The environment that the API is invoked under.
  • [in] async_resource: An optional object associated with the async work that will be passed to possible async_hooks init hooks.
  • [in] async_resource_name: Identifier for the kind of resource that is being provided for diagnostic information exposed by the async_hooks API.
  • [out] result: The initialized async context.

Returns napi_ok if the API succeeded.

napi_async_destroy#

Added in: v8.6.0 N-API version: 1 
napi_status napi_async_destroy(napi_env env,
                               napi_async_context async_context);
  • [in] env: The environment that the API is invoked under.
  • [in] async_context: The async context to be destroyed.

Returns napi_ok if the API succeeded.

This API can be called even if there is a pending JavaScript exception.

napi_make_callback#

History
VersionChanges
v8.6.0

Added async_context parameter.

v8.0.0

Added in: v8.0.0

N-API version: 1 
napi_status napi_make_callback(napi_env env,
                               napi_async_context async_context,
                               napi_value recv,
                               napi_value func,
                               int argc,
                               const napi_value* argv,
                               napi_value* result)
  • [in] env: The environment that the API is invoked under.
  • [in] async_context: Context for the async operation that is invoking the callback. This should normally be a value previously obtained from napi_async_init. However NULL is also allowed, which indicates the current async context (if any) is to be used for the callback.
  • [in] recv: The this object passed to the called function.
  • [in] func: napi_value representing the JavaScript function to be invoked.
  • [in] argc: The count of elements in the argv array.
  • [in] argv: Array of JavaScript values as napi_value representing the arguments to the function.
  • [out] result: napi_value representing the JavaScript object returned.

Returns napi_ok if the API succeeded.

This method allows a JavaScript function object to be called from a native add-on. This API is similar to napi_call_function. However, it is used to call from native code back into JavaScript after returning from an async operation (when there is no other script on the stack). It is a fairly simple wrapper around node::MakeCallback.

Note it is not necessary to use napi_make_callback from within a napi_async_complete_callback; in that situation the callback's async context has already been set up, so a direct call to napi_call_function is sufficient and appropriate. Use of the napi_make_callback function may be required when implementing custom async behavior that does not use napi_create_async_work.

napi_open_callback_scope#

Added in: v9.6.0 N-API version: 3 
NAPI_EXTERN napi_status napi_open_callback_scope(napi_env env,
                                                 napi_value resource_object,
                                                 napi_async_context context,
                                                 napi_callback_scope* result)
  • [in] env: The environment that the API is invoked under.
  • [in] resource_object: An object associated with the async work that will be passed to possible async_hooks init hooks.
  • [in] context: Context for the async operation that is invoking the callback. This should be a value previously obtained from napi_async_init.
  • [out] result: The newly created scope.

There are cases (for example, resolving promises) where it is necessary to have the equivalent of the scope associated with a callback in place when making certain N-API calls. If there is no other script on the stack the napi_open_callback_scope and napi_close_callback_scope functions can be used to open/close the required scope.

napi_close_callback_scope#

Added in: v9.6.0 N-API version: 3 
NAPI_EXTERN napi_status napi_close_callback_scope(napi_env env,
                                                  napi_callback_scope scope)
  • [in] env: The environment that the API is invoked under.
  • [in] scope: The scope to be closed.

This API can be called even if there is a pending JavaScript exception.

Version Management#

napi_get_node_version#

Added in: v8.4.0 N-API version: 1 
typedef struct {
  uint32_t major;
  uint32_t minor;
  uint32_t patch;
  const char* release;
} napi_node_version;

napi_status napi_get_node_version(napi_env env,
                                  const napi_node_version** version);
  • [in] env: The environment that the API is invoked under.
  • [out] version: A pointer to version information for Node.js itself.

Returns napi_ok if the API succeeded.

This function fills the version struct with the major, minor, and patch version of Node.js that is currently running, and the release field with the value of process.release.name.

The returned buffer is statically allocated and does not need to be freed.

napi_get_version#

Added in: v8.0.0 N-API version: 1 
napi_status napi_get_version(napi_env env,
                             uint32_t* result);
  • [in] env: The environment that the API is invoked under.
  • [out] result: The highest version of N-API supported.

Returns napi_ok if the API succeeded.

This API returns the highest N-API version supported by the Node.js runtime. N-API is planned to be additive such that newer releases of Node.js may support additional API functions. In order to allow an addon to use a newer function when running with versions of Node.js that support it, while providing fallback behavior when running with Node.js versions that don't support it:

  • Call napi_get_version() to determine if the API is available.
  • If available, dynamically load a pointer to the function using uv_dlsym().
  • Use the dynamically loaded pointer to invoke the function.
  • If the function is not available, provide an alternate implementation that does not use the function.

Memory Management#

napi_adjust_external_memory#

Added in: v8.5.0 N-API version: 1 
NAPI_EXTERN napi_status napi_adjust_external_memory(napi_env env,
                                                    int64_t change_in_bytes,
                                                    int64_t* result);
  • [in] env: The environment that the API is invoked under.
  • [in] change_in_bytes: The change in externally allocated memory that is kept alive by JavaScript objects.
  • [out] result: The adjusted value

Returns napi_ok if the API succeeded.

This function gives V8 an indication of the amount of externally allocated memory that is kept alive by JavaScript objects (i.e. a JavaScript object that points to its own memory allocated by a native module). Registering externally allocated memory will trigger global garbage collections more often than it would otherwise.

Promises#

N-API provides facilities for creating Promise objects as described in Section 25.4 of the ECMA specification. It implements promises as a pair of objects. When a promise is created by napi_create_promise(), a "deferred" object is created and returned alongside the Promise. The deferred object is bound to the created Promise and is the only means to resolve or reject the Promise using napi_resolve_deferred() or napi_reject_deferred(). The deferred object that is created by napi_create_promise() is freed by napi_resolve_deferred() or napi_reject_deferred(). The Promise object may be returned to JavaScript where it can be used in the usual fashion.

For example, to create a promise and pass it to an asynchronous worker:

napi_deferred deferred;
napi_value promise;
napi_status status;

// Create the promise.
status = napi_create_promise(env, &deferred, &promise);
if (status != napi_ok) return NULL;

// Pass the deferred to a function that performs an asynchronous action.
do_something_asynchronous(deferred);

// Return the promise to JS
return promise;

The above function do_something_asynchronous() would perform its asynchronous action and then it would resolve or reject the deferred, thereby concluding the promise and freeing the deferred:

napi_deferred deferred;
napi_value undefined;
napi_status status;

// Create a value with which to conclude the deferred.
status = napi_get_undefined(env, &undefined);
if (status != napi_ok) return NULL;

// Resolve or reject the promise associated with the deferred depending on
// whether the asynchronous action succeeded.
if (asynchronous_action_succeeded) {
  status = napi_resolve_deferred(env, deferred, undefined);
} else {
  status = napi_reject_deferred(env, deferred, undefined);
}
if (status != napi_ok) return NULL;

// At this point the deferred has been freed, so we should assign NULL to it.
deferred = NULL;

napi_create_promise#

Added in: v8.5.0 N-API version: 1 
napi_status napi_create_promise(napi_env env,
                                napi_deferred* deferred,
                                napi_value* promise);
  • [in] env: The environment that the API is invoked under.
  • [out] deferred: A newly created deferred object which can later be passed to napi_resolve_deferred() or napi_reject_deferred() to resolve resp. reject the associated promise.
  • [out] promise: The JavaScript promise associated with the deferred object.

Returns napi_ok if the API succeeded.

This API creates a deferred object and a JavaScript promise.

napi_resolve_deferred#

Added in: v8.5.0 N-API version: 1 
napi_status napi_resolve_deferred(napi_env env,
                                  napi_deferred deferred,
                                  napi_value resolution);
  • [in] env: The environment that the API is invoked under.
  • [in] deferred: The deferred object whose associated promise to resolve.
  • [in] resolution: The value with which to resolve the promise.

This API resolves a JavaScript promise by way of the deferred object with which it is associated. Thus, it can only be used to resolve JavaScript promises for which the corresponding deferred object is available. This effectively means that the promise must have been created using napi_create_promise() and the deferred object returned from that call must have been retained in order to be passed to this API.

The deferred object is freed upon successful completion.

napi_reject_deferred#

Added in: v8.5.0 N-API version: 1 
napi_status napi_reject_deferred(napi_env env,
                                 napi_deferred deferred,
                                 napi_value rejection);
  • [in] env: The environment that the API is invoked under.
  • [in] deferred: The deferred object whose associated promise to resolve.
  • [in] rejection: The value with which to reject the promise.

This API rejects a JavaScript promise by way of the deferred object with which it is associated. Thus, it can only be used to reject JavaScript promises for which the corresponding deferred object is available. This effectively means that the promise must have been created using napi_create_promise() and the deferred object returned from that call must have been retained in order to be passed to this API.

The deferred object is freed upon successful completion.

napi_is_promise#

Added in: v8.5.0 N-API version: 1 
napi_status napi_is_promise(napi_env env,
                            napi_value promise,
                            bool* is_promise);
  • [in] env: The environment that the API is invoked under.
  • [in] promise: The promise to examine
  • [out] is_promise: Flag indicating whether promise is a native promise object (that is, a promise object created by the underlying engine).

Script execution#

N-API provides an API for executing a string containing JavaScript using the underlying JavaScript engine.

napi_run_script#

Added in: v8.5.0 N-API version: 1 
NAPI_EXTERN napi_status napi_run_script(napi_env env,
                                        napi_value script,
                                        napi_value* result);
  • [in] env: The environment that the API is invoked under.
  • [in] script: A JavaScript string containing the script to execute.
  • [out] result: The value resulting from having executed the script.

libuv event loop#

N-API provides a function for getting the current event loop associated with a specific napi_env.

napi_get_uv_event_loop#

Added in: v8.10.0, v9.3.0 N-API version: 2 
NAPI_EXTERN napi_status napi_get_uv_event_loop(napi_env env,
                                               uv_loop_t** loop);
  • [in] env: The environment that the API is invoked under.
  • [out] loop: The current libuv loop instance.

Asynchronous Thread-safe Function Calls#

JavaScript functions can normally only be called from a native addon's main thread. If an addon creates additional threads, then N-API functions that require a napi_env, napi_value, or napi_ref must not be called from those threads.

When an addon has additional threads and JavaScript functions need to be invoked based on the processing completed by those threads, those threads must communicate with the addon's main thread so that the main thread can invoke the JavaScript function on their behalf. The thread-safe function APIs provide an easy way to do this.

These APIs provide the type napi_threadsafe_function as well as APIs to create, destroy, and call objects of this type. napi_create_threadsafe_function() creates a persistent reference to a napi_value that holds a JavaScript function which can be called from multiple threads. The calls happen asynchronously. This means that values with which the JavaScript callback is to be called will be placed in a queue, and, for each value in the queue, a call will eventually be made to the JavaScript function.

Upon creation of a napi_threadsafe_function a napi_finalize callback can be provided. This callback will be invoked on the main thread when the thread-safe function is about to be destroyed. It receives the context and the finalize data given during construction, and provides an opportunity for cleaning up after the threads e.g. by calling uv_thread_join(). Aside from the main loop thread, no threads should be using the thread-safe function after the finalize callback completes.

The context given during the call to napi_create_threadsafe_function() can be retrieved from any thread with a call to napi_get_threadsafe_function_context().

napi_call_threadsafe_function() can then be used for initiating a call into JavaScript. napi_call_threadsafe_function() accepts a parameter which controls whether the API behaves blockingly. If set to napi_tsfn_nonblocking, the API behaves non-blockingly, returning napi_queue_full if the queue was full, preventing data from being successfully added to the queue. If set to napi_tsfn_blocking, the API blocks until space becomes available in the queue. napi_call_threadsafe_function() never blocks if the thread-safe function was created with a maximum queue size of 0.

The actual call into JavaScript is controlled by the callback given via the call_js_cb parameter. call_js_cb is invoked on the main thread once for each value that was placed into the queue by a successful call to napi_call_threadsafe_function(). If such a callback is not given, a default callback will be used, and the resulting JavaScript call will have no arguments. The call_js_cb callback receives the JavaScript function to call as a napi_value in its parameters, as well as the void* context pointer used when creating the napi_threadsafe_function, and the next data pointer that was created by one of the secondary threads. The callback can then use an API such as napi_call_function() to call into JavaScript.

The callback may also be invoked with env and call_js_cb both set to NULL to indicate that calls into JavaScript are no longer possible, while items remain in the queue that may need to be freed. This normally occurs when the Node.js process exits while there is a thread-safe function still active.

It is not necessary to call into JavaScript via napi_make_callback() because N-API runs call_js_cb in a context appropriate for callbacks.

Threads can be added to and removed from a napi_threadsafe_function object during its existence. Thus, in addition to specifying an initial number of threads upon creation, napi_acquire_threadsafe_function can be called to indicate that a new thread will start making use of the thread-safe function. Similarly, napi_release_threadsafe_function can be called to indicate that an existing thread will stop making use of the thread-safe function.

napi_threadsafe_function objects are destroyed when every thread which uses the object has called napi_release_threadsafe_function() or has received a return status of napi_closing in response to a call to napi_call_threadsafe_function. The queue is emptied before the napi_threadsafe_function is destroyed. napi_release_threadsafe_function() should be the last API call made in conjunction with a given napi_threadsafe_function, because after the call completes, there is no guarantee that the napi_threadsafe_function is still allocated. For the same reason, do not make use of a thread-safe function after receiving a return value of napi_closing in response to a call to napi_call_threadsafe_function. Data associated with the napi_threadsafe_function can be freed in its napi_finalize callback which was passed to napi_create_threadsafe_function().

Once the number of threads making use of a napi_threadsafe_function reaches zero, no further threads can start making use of it by calling napi_acquire_threadsafe_function(). In fact, all subsequent API calls associated with it, except napi_release_threadsafe_function(), will return an error value of napi_closing.

The thread-safe function can be "aborted" by giving a value of napi_tsfn_abort to napi_release_threadsafe_function(). This will cause all subsequent APIs associated with the thread-safe function except napi_release_threadsafe_function() to return napi_closing even before its reference count reaches zero. In particular, napi_call_threadsafe_function() will return napi_closing, thus informing the threads that it is no longer possible to make asynchronous calls to the thread-safe function. This can be used as a criterion for terminating the thread. Upon receiving a return value of napi_closing from napi_call_threadsafe_function() a thread must make no further use of the thread-safe function because it is no longer guaranteed to be allocated.

Similarly to libuv handles, thread-safe functions can be "referenced" and "unreferenced". A "referenced" thread-safe function will cause the event loop on the thread on which it is created to remain alive until the thread-safe function is destroyed. In contrast, an "unreferenced" thread-safe function will not prevent the event loop from exiting. The APIs napi_ref_threadsafe_function and napi_unref_threadsafe_function exist for this purpose.

napi_create_threadsafe_function#

History
VersionChanges
v12.6.0

Made func parameter optional with custom call_js_cb.

v10.6.0

Added in: v10.6.0

N-API version: 4 
NAPI_EXTERN napi_status
napi_create_threadsafe_function(napi_env env,
                                napi_value func,
                                napi_value async_resource,
                                napi_value async_resource_name,
                                size_t max_queue_size,
                                size_t initial_thread_count,
                                void* thread_finalize_data,
                                napi_finalize thread_finalize_cb,
                                void* context,
                                napi_threadsafe_function_call_js call_js_cb,
                                napi_threadsafe_function* result);
  • [in] env: The environment that the API is invoked under.
  • [in] func: An optional JavaScript function to call from another thread. It must be provided if NULL is passed to call_js_cb.
  • [in] async_resource: An optional object associated with the async work that will be passed to possible async_hooks init hooks.
  • [in] async_resource_name: A JavaScript string to provide an identifier for the kind of resource that is being provided for diagnostic information exposed by the async_hooks API.
  • [in] max_queue_size: Maximum size of the queue. 0 for no limit.
  • [in] initial_thread_count: The initial number of threads, including the main thread, which will be making use of this function.
  • [in] thread_finalize_data: Optional data to be passed to thread_finalize_cb.
  • [in] thread_finalize_cb: Optional function to call when the napi_threadsafe_function is being destroyed.
  • [in] context: Optional data to attach to the resulting napi_threadsafe_function.
  • [in] call_js_cb: Optional callback which calls the JavaScript function in response to a call on a different thread. This callback will be called on the main thread. If not given, the JavaScript function will be called with no parameters and with undefined as its this value.
  • [out] result: The asynchronous thread-safe JavaScript function.

napi_get_threadsafe_function_context#

Added in: v10.6.0 N-API version: 4 
NAPI_EXTERN napi_status
napi_get_threadsafe_function_context(napi_threadsafe_function func,
                                     void** result);
  • [in] func: The thread-safe function for which to retrieve the context.
  • [out] result: The location where to store the context.

This API may be called from any thread which makes use of func.

napi_call_threadsafe_function#

Added in: v10.6.0 N-API version: 4 
NAPI_EXTERN napi_status
napi_call_threadsafe_function(napi_threadsafe_function func,
                              void* data,
                              napi_threadsafe_function_call_mode is_blocking);
  • [in] func: The asynchronous thread-safe JavaScript function to invoke.
  • [in] data: Data to send into JavaScript via the callback call_js_cb provided during the creation of the thread-safe JavaScript function.
  • [in] is_blocking: Flag whose value can be either napi_tsfn_blocking to indicate that the call should block if the queue is full or napi_tsfn_nonblocking to indicate that the call should return immediately with a status of napi_queue_full whenever the queue is full.

This API will return napi_closing if napi_release_threadsafe_function() was called with abort set to napi_tsfn_abort from any thread. The value is only added to the queue if the API returns napi_ok.

This API may be called from any thread which makes use of func.

napi_acquire_threadsafe_function#

Added in: v10.6.0 N-API version: 4 
NAPI_EXTERN napi_status
napi_acquire_threadsafe_function(napi_threadsafe_function func);
  • [in] func: The asynchronous thread-safe JavaScript function to start making use of.

A thread should call this API before passing func to any other thread-safe function APIs to indicate that it will be making use of func. This prevents func from being destroyed when all other threads have stopped making use of it.

This API may be called from any thread which will start making use of func.

napi_release_threadsafe_function#

Added in: v10.6.0 N-API version: 4 
NAPI_EXTERN napi_status
napi_release_threadsafe_function(napi_threadsafe_function func,
                                 napi_threadsafe_function_release_mode mode);
  • [in] func: The asynchronous thread-safe JavaScript function whose reference count to decrement.
  • [in] mode: Flag whose value can be either napi_tsfn_release to indicate that the current thread will make no further calls to the thread-safe function, or napi_tsfn_abort to indicate that in addition to the current thread, no other thread should make any further calls to the thread-safe function. If set to napi_tsfn_abort, further calls to napi_call_threadsafe_function() will return napi_closing, and no further values will be placed in the queue.

A thread should call this API when it stops making use of func. Passing func to any thread-safe APIs after having called this API has undefined results, as func may have been destroyed.

This API may be called from any thread which will stop making use of func.

napi_ref_threadsafe_function#

Added in: v10.6.0 N-API version: 4 
NAPI_EXTERN napi_status
napi_ref_threadsafe_function(napi_env env, napi_threadsafe_function func);
  • [in] env: The environment that the API is invoked under.
  • [in] func: The thread-safe function to reference.

This API is used to indicate that the event loop running on the main thread should not exit until func has been destroyed. Similar to uv_ref it is also idempotent.

This API may only be called from the main thread.

napi_unref_threadsafe_function#

Added in: v10.6.0 N-API version: 4 
NAPI_EXTERN napi_status
napi_unref_threadsafe_function(napi_env env, napi_threadsafe_function func);
  • [in] env: The environment that the API is invoked under.
  • [in] func: The thread-safe function to unreference.

This API is used to indicate that the event loop running on the main thread may exit before func is destroyed. Similar to uv_unref it is also idempotent.

This API may only be called from the main thread.

Child Process#

Stability: 2 - Stable

The child_process module provides the ability to spawn child processes in a manner that is similar, but not identical, to popen(3). This capability is primarily provided by the child_process.spawn() function:

const { spawn } = require('child_process');
const ls = spawn('ls', ['-lh', '/usr']);

ls.stdout.on('data', (data) => {
  console.log(`stdout: ${data}`);
});

ls.stderr.on('data', (data) => {
  console.error(`stderr: ${data}`);
});

ls.on('close', (code) => {
  console.log(`child process exited with code ${code}`);
});

By default, pipes for stdin, stdout, and stderr are established between the parent Node.js process and the spawned child. These pipes have limited (and platform-specific) capacity. If the child process writes to stdout in excess of that limit without the output being captured, the child process will block waiting for the pipe buffer to accept more data. This is identical to the behavior of pipes in the shell. Use the { stdio: 'ignore' } option if the output will not be consumed.

The child_process.spawn() method spawns the child process asynchronously, without blocking the Node.js event loop. The child_process.spawnSync() function provides equivalent functionality in a synchronous manner that blocks the event loop until the spawned process either exits or is terminated.

For convenience, the child_process module provides a handful of synchronous and asynchronous alternatives to child_process.spawn() and child_process.spawnSync(). Each of these alternatives are implemented on top of child_process.spawn() or child_process.spawnSync().

For certain use cases, such as automating shell scripts, the synchronous counterparts may be more convenient. In many cases, however, the synchronous methods can have significant impact on performance due to stalling the event loop while spawned processes complete.

Asynchronous Process Creation#

The child_process.spawn(), child_process.fork(), child_process.exec(), and child_process.execFile() methods all follow the idiomatic asynchronous programming pattern typical of other Node.js APIs.

Each of the methods returns a ChildProcess instance. These objects implement the Node.js EventEmitter API, allowing the parent process to register listener functions that are called when certain events occur during the life cycle of the child process.

The child_process.exec() and child_process.execFile() methods additionally allow for an optional callback function to be specified that is invoked when the child process terminates.

Spawning .bat and .cmd files on Windows#

The importance of the distinction between child_process.exec() and child_process.execFile() can vary based on platform. On Unix-type operating systems (Unix, Linux, macOS) child_process.execFile() can be more efficient because it does not spawn a shell by default. On Windows, however, .bat and .cmd files are not executable on their own without a terminal, and therefore cannot be launched using child_process.execFile(). When running on Windows, .bat and .cmd files can be invoked using child_process.spawn() with the shell option set, with child_process.exec(), or by spawning cmd.exe and passing the .bat or .cmd file as an argument (which is what the shell option and child_process.exec() do). In any case, if the script filename contains spaces it needs to be quoted.

// On Windows Only...
const { spawn } = require('child_process');
const bat = spawn('cmd.exe', ['/c', 'my.bat']);

bat.stdout.on('data', (data) => {
  console.log(data.toString());
});

bat.stderr.on('data', (data) => {
  console.error(data.toString());
});

bat.on('exit', (code) => {
  console.log(`Child exited with code ${code}`);
});

// OR...
const { exec, spawn } = require('child_process');
exec('my.bat', (err, stdout, stderr) => {
  if (err) {
    console.error(err);
    return;
  }
  console.log(stdout);
});

// Script with spaces in the filename:
const bat = spawn('"my script.cmd"', ['a', 'b'], { shell: true });
// or:
exec('"my script.cmd" a b', (err, stdout, stderr) => {
  // ...
});

child_process.exec(command[, options][, callback])[src]#

History
VersionChanges
v8.8.0

The windowsHide option is supported now.

v0.1.90

Added in: v0.1.90

Spawns a shell then executes the command within that shell, buffering any generated output. The command string passed to the exec function is processed directly by the shell and special characters (vary based on shell) need to be dealt with accordingly:

exec('"/path/to/test file/test.sh" arg1 arg2');
// Double quotes are used so that the space in the path is not interpreted as
// a delimiter of multiple arguments.

exec('echo "The \\$HOME variable is $HOME"');
// The $HOME variable is escaped in the first instance, but not in the second.

Never pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.

If a callback function is provided, it is called with the arguments (error, stdout, stderr). On success, error will be null. On error, error will be an instance of Error. The error.code property will be the exit code of the child process while error.signal will be set to the signal that terminated the process. Any exit code other than 0 is considered to be an error.

The stdout and stderr arguments passed to the callback will contain the stdout and stderr output of the child process. By default, Node.js will decode the output as UTF-8 and pass strings to the callback. The encoding option can be used to specify the character encoding used to decode the stdout and stderr output. If encoding is 'buffer', or an unrecognized character encoding, Buffer objects will be passed to the callback instead.

const { exec } = require('child_process');
exec('cat *.js missing_file | wc -l', (error, stdout, stderr) => {
  if (error) {
    console.error(`exec error: ${error}`);
    return;
  }
  console.log(`stdout: ${stdout}`);
  console.error(`stderr: ${stderr}`);
});

If timeout is greater than 0, the parent will send the signal identified by the killSignal property (the default is 'SIGTERM') if the child runs longer than timeout milliseconds.

Unlike the exec(3) POSIX system call, child_process.exec() does not replace the existing process and uses a shell to execute the command.

If this method is invoked as its util.promisify()ed version, it returns a Promise for an Object with stdout and stderr properties. The returned ChildProcess instance is attached to the Promise as a child property. In case of an error (including any error resulting in an exit code other than 0), a rejected promise is returned, with the same error object given in the callback, but with two additional properties stdout and stderr.

const util = require('util');
const exec = util.promisify(require('child_process').exec);

async function lsExample() {
  const { stdout, stderr } = await exec('ls');
  console.log('stdout:', stdout);
  console.error('stderr:', stderr);
}
lsExample();

child_process.execFile(file[, args][, options][, callback])[src]#

History
VersionChanges
v8.8.0

The windowsHide option is supported now.

v0.1.91

Added in: v0.1.91

The child_process.execFile() function is similar to child_process.exec() except that it does not spawn a shell by default. Rather, the specified executable file is spawned directly as a new process making it slightly more efficient than child_process.exec().

The same options as child_process.exec() are supported. Since a shell is not spawned, behaviors such as I/O redirection and file globbing are not supported.

const { execFile } = require('child_process');
const child = execFile('node', ['--version'], (error, stdout, stderr) => {
  if (error) {
    throw error;
  }
  console.log(stdout);
});

The stdout and stderr arguments passed to the callback will contain the stdout and stderr output of the child process. By default, Node.js will decode the output as UTF-8 and pass strings to the callback. The encoding option can be used to specify the character encoding used to decode the stdout and stderr output. If encoding is 'buffer', or an unrecognized character encoding, Buffer objects will be passed to the callback instead.

If this method is invoked as its util.promisify()ed version, it returns a Promise for an Object with stdout and stderr properties. The returned ChildProcess instance is attached to the Promise as a child property. In case of an error (including any error resulting in an exit code other than 0), a rejected promise is returned, with the same error object given in the callback, but with two additional properties stdout and stderr.

const util = require('util');
const execFile = util.promisify(require('child_process').execFile);
async function getVersion() {
  const { stdout } = await execFile('node', ['--version']);
  console.log(stdout);
}
getVersion();

If the shell option is enabled, do not pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.

child_process.fork(modulePath[, args][, options])[src]#

History
VersionChanges
v8.0.0

The stdio option can now be a string.

v6.4.0

The stdio option is supported now.

v0.5.0

Added in: v0.5.0

  • modulePath <string> The module to run in the child.
  • args <string[]> List of string arguments.

  • options <Object>

    • cwd <string> Current working directory of the child process.
    • detached <boolean> Prepare child to run independently of its parent process. Specific behavior depends on the platform, see options.detached).
    • env <Object> Environment key-value pairs. Default: process.env.
    • execPath <string> Executable used to create the child process.
    • execArgv <string[]> List of string arguments passed to the executable. Default: process.execArgv.
    • silent <boolean> If true, stdin, stdout, and stderr of the child will be piped to the parent, otherwise they will be inherited from the parent, see the 'pipe' and 'inherit' options for child_process.spawn()'s stdio for more details. Default: false.
    • stdio <Array> | <string> See child_process.spawn()'s stdio. When this option is provided, it overrides silent. If the array variant is used, it must contain exactly one item with value 'ipc' or an error will be thrown. For instance [0, 1, 2, 'ipc'].
    • windowsVerbatimArguments <boolean> No quoting or escaping of arguments is done on Windows. Ignored on Unix. Default: false.
    • uid <number> Sets the user identity of the process (see setuid(2)).
    • gid <number> Sets the group identity of the process (see setgid(2)).
  • Returns: <ChildProcess>

The child_process.fork() method is a special case of child_process.spawn() used specifically to spawn new Node.js processes. Like child_process.spawn(), a ChildProcess object is returned. The returned ChildProcess will have an additional communication channel built-in that allows messages to be passed back and forth between the parent and child. See subprocess.send() for details.

Keep in mind that spawned Node.js child processes are independent of the parent with exception of the IPC communication channel that is established between the two. Each process has its own memory, with their own V8 instances. Because of the additional resource allocations required, spawning a large number of child Node.js processes is not recommended.

By default, child_process.fork() will spawn new Node.js instances using the process.execPath of the parent process. The execPath property in the options object allows for an alternative execution path to be used.

Node.js processes launched with a custom execPath will communicate with the parent process using the file descriptor (fd) identified using the environment variable NODE_CHANNEL_FD on the child process.

Unlike the fork(2) POSIX system call, child_process.fork() does not clone the current process.

The shell option available in child_process.spawn() is not supported by child_process.fork() and will be ignored if set.

child_process.spawn(command[, args][, options])[src]#

History
VersionChanges
v8.8.0

The windowsHide option is supported now.

v6.4.0

The argv0 option is supported now.

v5.7.0

The shell option is supported now.

v0.1.90

Added in: v0.1.90

  • command <string> The command to run.
  • args <string[]> List of string arguments.

  • options <Object>

    • cwd <string> Current working directory of the child process.
    • env <Object> Environment key-value pairs. Default: process.env.
    • argv0 <string> Explicitly set the value of argv[0] sent to the child process. This will be set to command if not specified.
    • stdio <Array> | <string> Child's stdio configuration (see options.stdio).
    • detached <boolean> Prepare child to run independently of its parent process. Specific behavior depends on the platform, see options.detached).
    • uid <number> Sets the user identity of the process (see setuid(2)).
    • gid <number> Sets the group identity of the process (see setgid(2)).
    • shell <boolean> | <string> If true, runs command inside of a shell. Uses '/bin/sh' on Unix, and process.env.ComSpec on Windows. A different shell can be specified as a string. See Shell Requirements and Default Windows Shell. Default: false (no shell).
    • windowsVerbatimArguments <boolean> No quoting or escaping of arguments is done on Windows. Ignored on Unix. This is set to true automatically when shell is specified and is CMD. Default: false.
    • windowsHide <boolean> Hide the subprocess console window that would normally be created on Windows systems. Default: false.
  • Returns: <ChildProcess>

The child_process.spawn() method spawns a new process using the given command, with command line arguments in args. If omitted, args defaults to an empty array.

If the shell option is enabled, do not pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.

A third argument may be used to specify additional options, with these defaults:

const defaults = {
  cwd: undefined,
  env: process.env
};

Use cwd to specify the working directory from which the process is spawned. If not given, the default is to inherit the current working directory.

Use env to specify environment variables that will be visible to the new process, the default is process.env.

undefined values in env will be ignored.

Example of running ls -lh /usr, capturing stdout, stderr, and the exit code:

const { spawn } = require('child_process');
const ls = spawn('ls', ['-lh', '/usr']);

ls.stdout.on('data', (data) => {
  console.log(`stdout: ${data}`);
});

ls.stderr.on('data', (data) => {
  console.error(`stderr: ${data}`);
});

ls.on('close', (code) => {
  console.log(`child process exited with code ${code}`);
});

Example: A very elaborate way to run ps ax | grep ssh

const { spawn } = require('child_process');
const ps = spawn('ps', ['ax']);
const grep = spawn('grep', ['ssh']);

ps.stdout.on('data', (data) => {
  grep.stdin.write(data);
});

ps.stderr.on('data', (data) => {
  console.error(`ps stderr: ${data}`);
});

ps.on('close', (code) => {
  if (code !== 0) {
    console.log(`ps process exited with code ${code}`);
  }
  grep.stdin.end();
});

grep.stdout.on('data', (data) => {
  console.log(data.toString());
});

grep.stderr.on('data', (data) => {
  console.error(`grep stderr: ${data}`);
});

grep.on('close', (code) => {
  if (code !== 0) {
    console.log(`grep process exited with code ${code}`);
  }
});

Example of checking for failed spawn:

const { spawn } = require('child_process');
const subprocess = spawn('bad_command');

subprocess.on('error', (err) => {
  console.error('Failed to start subprocess.');
});

Certain platforms (macOS, Linux) will use the value of argv[0] for the process title while others (Windows, SunOS) will use command.

Node.js currently overwrites argv[0] with process.execPath on startup, so process.argv[0] in a Node.js child process will not match the argv0 parameter passed to spawn from the parent, retrieve it with the process.argv0 property instead.

options.detached#

Added in: v0.7.10

On Windows, setting options.detached to true makes it possible for the child process to continue running after the parent exits. The child will have its own console window. Once enabled for a child process, it cannot be disabled.

On non-Windows platforms, if options.detached is set to true, the child process will be made the leader of a new process group and session. Child processes may continue running after the parent exits regardless of whether they are detached or not. See setsid(2) for more information.

By default, the parent will wait for the detached child to exit. To prevent the parent from waiting for a given subprocess to exit, use the subprocess.unref() method. Doing so will cause the parent's event loop to not include the child in its reference count, allowing the parent to exit independently of the child, unless there is an established IPC channel between the child and the parent.

When using the detached option to start a long-running process, the process will not stay running in the background after the parent exits unless it is provided with a stdio configuration that is not connected to the parent. If the parent's stdio is inherited, the child will remain attached to the controlling terminal.

Example of a long-running process, by detaching and also ignoring its parent stdio file descriptors, in order to ignore the parent's termination:

const { spawn } = require('child_process');

const subprocess = spawn(process.argv[0], ['child_program.js'], {
  detached: true,
  stdio: 'ignore'
});

subprocess.unref();

Alternatively one can redirect the child process' output into files:

const fs = require('fs');
const { spawn } = require('child_process');
const out = fs.openSync('./out.log', 'a');
const err = fs.openSync('./out.log', 'a');

const subprocess = spawn('prg', [], {
  detached: true,
  stdio: [ 'ignore', out, err ]
});

subprocess.unref();

options.stdio#

History
VersionChanges
v3.3.1

The value 0 is now accepted as a file descriptor.

v0.7.10

Added in: v0.7.10

The options.stdio option is used to configure the pipes that are established between the parent and child process. By default, the child's stdin, stdout, and stderr are redirected to corresponding subprocess.stdin, subprocess.stdout, and subprocess.stderr streams on the ChildProcess object. This is equivalent to setting the options.stdio equal to ['pipe', 'pipe', 'pipe'].

For convenience, options.stdio may be one of the following strings:

  • 'pipe': equivalent to ['pipe', 'pipe', 'pipe'] (the default)
  • 'ignore': equivalent to ['ignore', 'ignore', 'ignore']
  • 'inherit': equivalent to ['inherit', 'inherit', 'inherit'] or [0, 1, 2]

Otherwise, the value of options.stdio is an array where each index corresponds to an fd in the child. The fds 0, 1, and 2 correspond to stdin, stdout, and stderr, respectively. Additional fds can be specified to create additional pipes between the parent and child. The value is one of the following:

  1. 'pipe': Create a pipe between the child process and the parent process. The parent end of the pipe is exposed to the parent as a property on the child_process object as subprocess.stdio[fd]. Pipes created for fds 0, 1, and 2 are also available as subprocess.stdin, subprocess.stdout and subprocess.stderr, respectively.

  2. 'ipc': Create an IPC channel for passing messages/file descriptors between parent and child. A ChildProcess may have at most one IPC stdio file descriptor. Setting this option enables the subprocess.send() method. If the child is a Node.js process, the presence of an IPC channel will enable process.send() and process.disconnect() methods, as well as 'disconnect' and 'message' events within the child.

    Accessing the IPC channel fd in any way other than process.send() or using the IPC channel with a child process that is not a Node.js instance is not supported.

  3. 'ignore': Instructs Node.js to ignore the fd in the child. While Node.js will always open fds 0, 1, and 2 for the processes it spawns, setting the fd to 'ignore' will cause Node.js to open /dev/null and attach it to the child's fd.

  4. 'inherit': Pass through the corresponding stdio stream to/from the parent process. In the first three positions, this is equivalent to process.stdin, process.stdout, and process.stderr, respectively. In any other position, equivalent to 'ignore'.

  5. <Stream> object: Share a readable or writable stream that refers to a tty, file, socket, or a pipe with the child process. The stream's underlying file descriptor is duplicated in the child process to the fd that corresponds to the index in the stdio array. The stream must have an underlying descriptor (file streams do not until the 'open' event has occurred).

  6. Positive integer: The integer value is interpreted as a file descriptor that is currently open in the parent process. It is shared with the child process, similar to how <Stream> objects can be shared. Passing sockets is not supported on Windows.

  7. null, undefined: Use default value. For stdio fds 0, 1, and 2 (in other words, stdin, stdout, and stderr) a pipe is created. For fd 3 and up, the default is 'ignore'.

const { spawn } = require('child_process');

// Child will use parent's stdios.
spawn('prg', [], { stdio: 'inherit' });

// Spawn child sharing only stderr.
spawn('prg', [], { stdio: ['pipe', 'pipe', process.stderr] });

// Open an extra fd=4, to interact with programs presenting a
// startd-style interface.
spawn('prg', [], { stdio: ['pipe', null, null, null, 'pipe'] });

It is worth noting that when an IPC channel is established between the parent and child processes, and the child is a Node.js process, the child is launched with the IPC channel unreferenced (using unref()) until the child registers an event handler for the 'disconnect' event or the 'message' event. This allows the child to exit normally without the process being held open by the open IPC channel.

On Unix-like operating systems, the child_process.spawn() method performs memory operations synchronously before decoupling the event loop from the child. Applications with a large memory footprint may find frequent child_process.spawn() calls to be a bottleneck. For more information, see V8 issue 7381.

See also: child_process.exec() and child_process.fork().

Synchronous Process Creation#

The child_process.spawnSync(), child_process.execSync(), and child_process.execFileSync() methods are synchronous and will block the Node.js event loop, pausing execution of any additional code until the spawned process exits.

Blocking calls like these are mostly useful for simplifying general-purpose scripting tasks and for simplifying the loading/processing of application configuration at startup.

child_process.execFileSync(file[, args][, options])[src]#

History
VersionChanges
v10.10.0

The input option can now be any TypedArray or a DataView.

v8.8.0

The windowsHide option is supported now.

v8.0.0

The input option can now be a Uint8Array.

v6.2.1, v4.5.0

The encoding option can now explicitly be set to buffer.

v0.11.12

Added in: v0.11.12

  • file <string> The name or path of the executable file to run.
  • args <string[]> List of string arguments.

  • options <Object>

    • cwd <string> Current working directory of the child process.
    • input <string> | <Buffer> | <TypedArray> | <DataView> The value which will be passed as stdin to the spawned process. Supplying this value will override stdio[0].
    • stdio <string> | <Array> Child's stdio configuration. stderr by default will be output to the parent process' stderr unless stdio is specified. Default: 'pipe'.
    • env <Object> Environment key-value pairs. Default: process.env.
    • uid <number> Sets the user identity of the process (see setuid(2)).
    • gid <number> Sets the group identity of the process (see setgid(2)).
    • timeout <number> In milliseconds the maximum amount of time the process is allowed to run. Default: undefined.
    • killSignal <string> | <integer> The signal value to be used when the spawned process will be killed. Default: 'SIGTERM'.
    • maxBuffer <number> Largest amount of data in bytes allowed on stdout or stderr. If exceeded, the child process is terminated. See caveat at maxBuffer and Unicode. Default: 1024 * 1024.
    • encoding <string> The encoding used for all stdio inputs and outputs. Default: 'buffer'.
    • windowsHide <boolean> Hide the subprocess console window that would normally be created on Windows systems. Default: false.
    • shell <boolean> | <string> If true, runs command inside of a shell. Uses '/bin/sh' on Unix, and process.env.ComSpec on Windows. A different shell can be specified as a string. See Shell Requirements and Default Windows Shell. Default: false (no shell).
  • Returns: <Buffer> | <string> The stdout from the command.

The child_process.execFileSync() method is generally identical to child_process.execFile() with the exception that the method will not return until the child process has fully closed. When a timeout has been encountered and killSignal is sent, the method won't return until the process has completely exited.

If the child process intercepts and handles the SIGTERM signal and does not exit, the parent process will still wait until the child process has exited.

If the process times out or has a non-zero exit code, this method will throw an Error that will include the full result of the underlying child_process.spawnSync().

If the shell option is enabled, do not pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.

child_process.execSync(command[, options])[src]#

History
VersionChanges
v10.10.0

The input option can now be any TypedArray or a DataView.

v8.8.0

The windowsHide option is supported now.

v8.0.0

The input option can now be a Uint8Array.

v0.11.12

Added in: v0.11.12

  • command <string> The command to run.

  • options <Object>

    • cwd <string> Current working directory of the child process.
    • input <string> | <Buffer> | <TypedArray> | <DataView> The value which will be passed as stdin to the spawned process. Supplying this value will override stdio[0].
    • stdio <string> | <Array> Child's stdio configuration. stderr by default will be output to the parent process' stderr unless stdio is specified. Default: 'pipe'.
    • env <Object> Environment key-value pairs. Default: process.env.
    • shell <string> Shell to execute the command with. See Shell Requirements and Default Windows Shell. Default: '/bin/sh' on Unix, process.env.ComSpec on Windows.
    • uid <number> Sets the user identity of the process. (See setuid(2)).
    • gid <number> Sets the group identity of the process. (See setgid(2)).
    • timeout <number> In milliseconds the maximum amount of time the process is allowed to run. Default: undefined.
    • killSignal <string> | <integer> The signal value to be used when the spawned process will be killed. Default: 'SIGTERM'.
    • maxBuffer <number> Largest amount of data in bytes allowed on stdout or stderr. If exceeded, the child process is terminated and any output is truncated. See caveat at maxBuffer and Unicode. Default: 1024 * 1024.
    • encoding <string> The encoding used for all stdio inputs and outputs. Default: 'buffer'.
    • windowsHide <boolean> Hide the subprocess console window that would normally be created on Windows systems. Default: false.
  • Returns: <Buffer> | <string> The stdout from the command.

The child_process.execSync() method is generally identical to child_process.exec() with the exception that the method will not return until the child process has fully closed. When a timeout has been encountered and killSignal is sent, the method won't return until the process has completely exited. If the child process intercepts and handles the SIGTERM signal and doesn't exit, the parent process will wait until the child process has exited.

If the process times out or has a non-zero exit code, this method will throw. The Error object will contain the entire result from child_process.spawnSync().

Never pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.

child_process.spawnSync(command[, args][, options])[src]#

History
VersionChanges
v10.10.0

The input option can now be any TypedArray or a DataView.

v8.8.0

The windowsHide option is supported now.

v8.0.0

The input option can now be a Uint8Array.

v6.2.1, v4.5.0

The encoding option can now explicitly be set to buffer.

v5.7.0

The shell option is supported now.

v0.11.12

Added in: v0.11.12

  • command <string> The command to run.
  • args <string[]> List of string arguments.

  • options <Object>

    • cwd <string> Current working directory of the child process.
    • input <string> | <Buffer> | <TypedArray> | <DataView> The value which will be passed as stdin to the spawned process. Supplying this value will override stdio[0].
    • argv0 <string> Explicitly set the value of argv[0] sent to the child process. This will be set to command if not specified.
    • stdio <string> | <Array> Child's stdio configuration.
    • env <Object> Environment key-value pairs. Default: process.env.
    • uid <number> Sets the user identity of the process (see setuid(2)).
    • gid <number> Sets the group identity of the process (see setgid(2)).
    • timeout <number> In milliseconds the maximum amount of time the process is allowed to run. Default: undefined.
    • killSignal <string> | <integer> The signal value to be used when the spawned process will be killed. Default: 'SIGTERM'.
    • maxBuffer <number> Largest amount of data in bytes allowed on stdout or stderr. If exceeded, the child process is terminated and any output is truncated. See caveat at maxBuffer and Unicode. Default: 1024 * 1024.
    • encoding <string> The encoding used for all stdio inputs and outputs. Default: 'buffer'.
    • shell <boolean> | <string> If true, runs command inside of a shell. Uses '/bin/sh' on Unix, and process.env.ComSpec on Windows. A different shell can be specified as a string. See Shell Requirements and Default Windows Shell. Default: false (no shell).
    • windowsVerbatimArguments <boolean> No quoting or escaping of arguments is done on Windows. Ignored on Unix. This is set to true automatically when shell is specified and is CMD. Default: false.
    • windowsHide <boolean> Hide the subprocess console window that would normally be created on Windows systems. Default: false.

  • Returns: <Object>

    • pid <number> Pid of the child process.
    • output <Array> Array of results from stdio output.
    • stdout <Buffer> | <string> The contents of output[1].
    • stderr <Buffer> | <string> The contents of output[2].
    • status <number> | <null> The exit code of the subprocess, or null if the subprocess terminated due to a signal.
    • signal <string> | <null> The signal used to kill the subprocess, or null if the subprocess did not terminate due to a signal.
    • error <Error> The error object if the child process failed or timed out.

The child_process.spawnSync() method is generally identical to child_process.spawn() with the exception that the function will not return until the child process has fully closed. When a timeout has been encountered and killSignal is sent, the method won't return until the process has completely exited. If the process intercepts and handles the SIGTERM signal and doesn't exit, the parent process will wait until the child process has exited.

If the shell option is enabled, do not pass unsanitized user input to this function. Any input containing shell metacharacters may be used to trigger arbitrary command execution.

Class: ChildProcess#

Added in: v2.2.0

Instances of the ChildProcess represent spawned child processes.

Instances of ChildProcess are not intended to be created directly. Rather, use the child_process.spawn(), child_process.exec(), child_process.execFile(), or child_process.fork() methods to create instances of ChildProcess.

Event: 'close'#

Added in: v0.7.7
  • code <number> The exit code if the child exited on its own.
  • signal <string> The signal by which the child process was terminated.

The 'close' event is emitted when the stdio streams of a child process have been closed. This is distinct from the 'exit' event, since multiple processes might share the same stdio streams.

const { spawn } = require('child_process');
const ls = spawn('ls', ['-lh', '/usr']);

ls.stdout.on('data', (data) => {
  console.log(`stdout: ${data}`);
});

ls.on('close', (code) => {
  console.log(`child process close all stdio with code ${code}`);
});

ls.on('exit', (code) => {
  console.log(`child process exited with code ${code}`);
});

Event: 'disconnect'#

Added in: v0.7.2

The 'disconnect' event is emitted after calling the subprocess.disconnect() method in parent process or process.disconnect() in child process. After disconnecting it is no longer possible to send or receive messages, and the subprocess.connected property is false.

Event: 'error'#

The 'error' event is emitted whenever:

  1. The process could not be spawned, or
  2. The process could not be killed, or
  3. Sending a message to the child process failed.

The 'exit' event may or may not fire after an error has occurred. When listening to both the 'exit' and 'error' events, guard against accidentally invoking handler functions multiple times.

See also subprocess.kill() and subprocess.send().

Event: 'exit'#

Added in: v0.1.90
  • code <number> The exit code if the child exited on its own.
  • signal <string> The signal by which the child process was terminated.

The 'exit' event is emitted after the child process ends. If the process exited, code is the final exit code of the process, otherwise null. If the process terminated due to receipt of a signal, signal is the string name of the signal, otherwise null. One of the two will always be non-null.

When the 'exit' event is triggered, child process stdio streams might still be open.

Node.js establishes signal handlers for SIGINT and SIGTERM and Node.js processes will not terminate immediately due to receipt of those signals. Rather, Node.js will perform a sequence of cleanup actions and then will re-raise the handled signal.

See waitpid(2).

Event: 'message'#

Added in: v0.5.9

The 'message' event is triggered when a child process uses process.send() to send messages.

The message goes through serialization and parsing. The resulting message might not be the same as what is originally sent.

subprocess.channel#

Added in: v7.1.0
  • <Object> A pipe representing the IPC channel to the child process.

The subprocess.channel property is a reference to the child's IPC channel. If no IPC channel currently exists, this property is undefined.

subprocess.connected#

Added in: v0.7.2
  • <boolean> Set to false after subprocess.disconnect() is called.

The subprocess.connected property indicates whether it is still possible to send and receive messages from a child process. When subprocess.connected is false, it is no longer possible to send or receive messages.

subprocess.disconnect()#

Added in: v0.7.2

Closes the IPC channel between parent and child, allowing the child to exit gracefully once there are no other connections keeping it alive. After calling this method the subprocess.connected and process.connected properties in both the parent and child (respectively) will be set to false, and it will be no longer possible to pass messages between the processes.

The 'disconnect' event will be emitted when there are no messages in the process of being received. This will most often be triggered immediately after calling subprocess.disconnect().

When the child process is a Node.js instance (e.g. spawned using child_process.fork()), the process.disconnect() method can be invoked within the child process to close the IPC channel as well.

subprocess.kill([signal])#

Added in: v0.1.90

The subprocess.kill() method sends a signal to the child process. If no argument is given, the process will be sent the 'SIGTERM' signal. See signal(7) for a list of available signals.

const { spawn } = require('child_process');
const grep = spawn('grep', ['ssh']);

grep.on('close', (code, signal) => {
  console.log(
    `child process terminated due to receipt of signal ${signal}`);
});

// Send SIGHUP to process.
grep.kill('SIGHUP');

The ChildProcess object may emit an 'error' event if the signal cannot be delivered. Sending a signal to a child process that has already exited is not an error but may have unforeseen consequences. Specifically, if the process identifier (PID) has been reassigned to another process, the signal will be delivered to that process instead which can have unexpected results.

While the function is called kill, the signal delivered to the child process may not actually terminate the process.

See kill(2) for reference.

On Linux, child processes of child processes will not be terminated when attempting to kill their parent. This is likely to happen when running a new process in a shell or with the use of the shell option of ChildProcess:

'use strict';
const { spawn } = require('child_process');

const subprocess = spawn(
  'sh',
  [
    '-c',
    `node -e "setInterval(() => {
      console.log(process.pid, 'is alive')
    }, 500);"`
  ], {
    stdio: ['inherit', 'inherit', 'inherit']
  }
);

setTimeout(() => {
  subprocess.kill(); // Does not terminate the Node.js process in the shell.
}, 2000);

subprocess.killed#

Added in: v0.5.10
  • <boolean> Set to true after subprocess.kill() is used to successfully send a signal to the child process.

The subprocess.killed property indicates whether the child process successfully received a signal from subprocess.kill(). The killed property does not indicate that the child process has been terminated.

subprocess.pid#

Added in: v0.1.90

Returns the process identifier (PID) of the child process.

const { spawn } = require('child_process');
const grep = spawn('grep', ['ssh']);

console.log(`Spawned child pid: ${grep.pid}`);
grep.stdin.end();

subprocess.ref()#

Added in: v0.7.10

Calling subprocess.ref() after making a call to subprocess.unref() will restore the removed reference count for the child process, forcing the parent to wait for the child to exit before exiting itself.

const { spawn } = require('child_process');

const subprocess = spawn(process.argv[0], ['child_program.js'], {
  detached: true,
  stdio: 'ignore'
});

subprocess.unref();
subprocess.ref();

subprocess.send(message[, sendHandle[, options]][, callback])#

History
VersionChanges
v5.8.0

The options parameter, and the keepOpen option in particular, is supported now.

v5.0.0

This method returns a boolean for flow control now.

v4.0.0

The callback parameter is supported now.

v0.5.9

Added in: v0.5.9

  • message <Object>
  • sendHandle <Handle>

  • options <Object> The options argument, if present, is an object used to parameterize the sending of certain types of handles. options supports the following properties:

    • keepOpen <boolean> A value that can be used when passing instances of net.Socket. When true, the socket is kept open in the sending process. Default: false.
  • callback <Function>
  • Returns: <boolean>

When an IPC channel has been established between the parent and child ( i.e. when using child_process.fork()), the subprocess.send() method can be used to send messages to the child process. When the child process is a Node.js instance, these messages can be received via the 'message' event.

The message goes through serialization and parsing. The resulting message might not be the same as what is originally sent.

For example, in the parent script:

const cp = require('child_process');
const n = cp.fork(`${__dirname}/sub.js`);

n.on('message', (m) => {
  console.log('PARENT got message:', m);
});

// Causes the child to print: CHILD got message: { hello: 'world' }
n.send({ hello: 'world' });

And then the child script, 'sub.js' might look like this:

process.on('message', (m) => {
  console.log('CHILD got message:', m);
});

// Causes the parent to print: PARENT got message: { foo: 'bar', baz: null }
process.send({ foo: 'bar', baz: NaN });

Child Node.js processes will have a process.send() method of their own that allows the child to send messages back to the parent.

There is a special case when sending a {cmd: 'NODE_foo'} message. Messages containing a NODE_ prefix in the cmd property are reserved for use within Node.js core and will not be emitted in the child's 'message' event. Rather, such messages are emitted using the 'internalMessage' event and are consumed internally by Node.js. Applications should avoid using such messages or listening for 'internalMessage' events as it is subject to change without notice.

The optional sendHandle argument that may be passed to subprocess.send() is for passing a TCP server or socket object to the child process. The child will receive the object as the second argument passed to the callback function registered on the 'message' event. Any data that is received and buffered in the socket will not be sent to the child.

The optional callback is a function that is invoked after the message is sent but before the child may have received it. The function is called with a single argument: null on success, or an Error object on failure.

If no callback function is provided and the message cannot be sent, an 'error' event will be emitted by the ChildProcess object. This can happen, for instance, when the child process has already exited.

subprocess.send() will return false if the channel has closed or when the backlog of unsent messages exceeds a threshold that makes it unwise to send more. Otherwise, the method returns true. The callback function can be used to implement flow control.

Example: sending a server object#

The sendHandle argument can be used, for instance, to pass the handle of a TCP server object to the child process as illustrated in the example below:

const subprocess = require('child_process').fork('subprocess.js');

// Open up the server object and send the handle.
const server = require('net').createServer();
server.on('connection', (socket) => {
  socket.end('handled by parent');
});
server.listen(1337, () => {
  subprocess.send('server', server);
});

The child would then receive the server object as:

process.on('message', (m, server) => {
  if (m === 'server') {
    server.on('connection', (socket) => {
      socket.end('handled by child');
    });
  }
});

Once the server is now shared between the parent and child, some connections can be handled by the parent and some by the child.

While the example above uses a server created using the net module, dgram module servers use exactly the same workflow with the exceptions of listening on a 'message' event instead of 'connection' and using server.bind() instead of server.listen(). This is, however, currently only supported on Unix platforms.

Example: sending a socket object#

Similarly, the sendHandler argument can be used to pass the handle of a socket to the child process. The example below spawns two children that each handle connections with "normal" or "special" priority:

const { fork } = require('child_process');
const normal = fork('subprocess.js', ['normal']);
const special = fork('subprocess.js', ['special']);

// Open up the server and send sockets to child. Use pauseOnConnect to prevent
// the sockets from being read before they are sent to the child process.
const server = require('net').createServer({ pauseOnConnect: true });
server.on('connection', (socket) => {

  // If this is special priority...
  if (socket.remoteAddress === '74.125.127.100') {
    special.send('socket', socket);
    return;
  }
  // This is normal priority.
  normal.send('socket', socket);
});
server.listen(1337);

The subprocess.js would receive the socket handle as the second argument passed to the event callback function:

process.on('message', (m, socket) => {
  if (m === 'socket') {
    if (socket) {
      // Check that the client socket exists.
      // It is possible for the socket to be closed between the time it is
      // sent and the time it is received in the child process.
      socket.end(`Request handled with ${process.argv[2]} priority`);
    }
  }
});

Once a socket has been passed to a child, the parent is no longer capable of tracking when the socket is destroyed. To indicate this, the .connections property becomes null. It is recommended not to use .maxConnections when this occurs.

It is also recommended that any 'message' handlers in the child process verify that socket exists, as the connection may have been closed during the time it takes to send the connection to the child.

subprocess.stderr#

Added in: v0.1.90

A Readable Stream that represents the child process's stderr.

If the child was spawned with stdio[2] set to anything other than 'pipe', then this will be null.

subprocess.stderr is an alias for subprocess.stdio[2]. Both properties will refer to the same value.

subprocess.stdin#

Added in: v0.1.90

A Writable Stream that represents the child process's stdin.

If a child process waits to read all of its input, the child will not continue until this stream has been closed via end().

If the child was spawned with stdio[0] set to anything other than 'pipe', then this will be null.

subprocess.stdin is an alias for subprocess.stdio[0]. Both properties will refer to the same value.

subprocess.stdio#

Added in: v0.7.10

A sparse array of pipes to the child process, corresponding with positions in the stdio option passed to child_process.spawn() that have been set to the value 'pipe'. subprocess.stdio[0], subprocess.stdio[1], and subprocess.stdio[2] are also available as subprocess.stdin, subprocess.stdout, and subprocess.stderr, respectively.

In the following example, only the child's fd 1 (stdout) is configured as a pipe, so only the parent's subprocess.stdio[1] is a stream, all other values in the array are null.

const assert = require('assert');
const fs = require('fs');
const child_process = require('child_process');

const subprocess = child_process.spawn('ls', {
  stdio: [
    0, // Use parent's stdin for child.
    'pipe', // Pipe child's stdout to parent.
    fs.openSync('err.out', 'w') // Direct child's stderr to a file.
  ]
});

assert.strictEqual(subprocess.stdio[0], null);
assert.strictEqual(subprocess.stdio[0], subprocess.stdin);

assert(subprocess.stdout);
assert.strictEqual(subprocess.stdio[1], subprocess.stdout);

assert.strictEqual(subprocess.stdio[2], null);
assert.strictEqual(subprocess.stdio[2], subprocess.stderr);

subprocess.stdout#

Added in: v0.1.90

A Readable Stream that represents the child process's stdout.

If the child was spawned with stdio[1] set to anything other than 'pipe', then this will be null.

subprocess.stdout is an alias for subprocess.stdio[1]. Both properties will refer to the same value.

const { spawn } = require('child_process');

const subprocess = spawn('ls');

subprocess.stdout.on('data', (data) => {
  console.log(`Received chunk ${data}`);
});

subprocess.unref()#

Added in: v0.7.10

By default, the parent will wait for the detached child to exit. To prevent the parent from waiting for a given subprocess to exit, use the subprocess.unref() method. Doing so will cause the parent's event loop to not include the child in its reference count, allowing the parent to exit independently of the child, unless there is an established IPC channel between the child and the parent.

const { spawn } = require('child_process');

const subprocess = spawn(process.argv[0], ['child_program.js'], {
  detached: true,
  stdio: 'ignore'
});

subprocess.unref();

maxBuffer and Unicode#

The maxBuffer option specifies the largest number of bytes allowed on stdout or stderr. If this value is exceeded, then the child process is terminated. This impacts output that includes multibyte character encodings such as UTF-8 or UTF-16. For instance, console.log('中文测试') will send 13 UTF-8 encoded bytes to stdout although there are only 4 characters.

Shell Requirements#

The shell should understand the -c switch. If the shell is 'cmd.exe', it should understand the /d /s /c switches and command line parsing should be compatible.

Default Windows Shell#

Although Microsoft specifies %COMSPEC% must contain the path to 'cmd.exe' in the root environment, child processes are not always subject to the same requirement. Thus, in child_process functions where a shell can be spawned, 'cmd.exe' is used as a fallback if process.env.ComSpec is unavailable.

Cluster#

Stability: 2 - Stable

A single instance of Node.js runs in a single thread. To take advantage of multi-core systems, the user will sometimes want to launch a cluster of Node.js processes to handle the load.

The cluster module allows easy creation of child processes that all share server ports.

const cluster = require('cluster');
const http = require('http');
const numCPUs = require('os').cpus().length;

if (cluster.isMaster) {
  console.log(`Master ${process.pid} is running`);

  // Fork workers.
  for (let i = 0; i < numCPUs; i++) {
    cluster.fork();
  }

  cluster.on('exit', (worker, code, signal) => {
    console.log(`worker ${worker.process.pid} died`);
  });
} else {
  // Workers can share any TCP connection
  // In this case it is an HTTP server
  http.createServer((req, res) => {
    res.writeHead(200);
    res.end('hello world\n');
  }).listen(8000);

  console.log(`Worker ${process.pid} started`);
}

Running Node.js will now share port 8000 between the workers:

$ node server.js
Master 3596 is running
Worker 4324 started
Worker 4520 started
Worker 6056 started
Worker 5644 started

On Windows, it is not yet possible to set up a named pipe server in a worker.

How It Works#

The worker processes are spawned using the child_process.fork() method, so that they can communicate with the parent via IPC and pass server handles back and forth.

The cluster module supports two methods of distributing incoming connections.

The first one (and the default one on all platforms except Windows), is the round-robin approach, where the master process listens on a port, accepts new connections and distributes them across the workers in a round-robin fashion, with some built-in smarts to avoid overloading a worker process.

The second approach is where the master process creates the listen socket and sends it to interested workers. The workers then accept incoming connections directly.

The second approach should, in theory, give the best performance. In practice however, distribution tends to be very unbalanced due to operating system scheduler vagaries. Loads have been observed where over 70% of all connections ended up in just two processes, out of a total of eight.

Because server.listen() hands off most of the work to the master process, there are three cases where the behavior between a normal Node.js process and a cluster worker differs:

  1. server.listen({fd: 7}) Because the message is passed to the master, file descriptor 7 in the parent will be listened on, and the handle passed to the worker, rather than listening to the worker's idea of what the number 7 file descriptor references.
  2. server.listen(handle) Listening on handles explicitly will cause the worker to use the supplied handle, rather than talk to the master process.
  3. server.listen(0) Normally, this will cause servers to listen on a random port. However, in a cluster, each worker will receive the same "random" port each time they do listen(0). In essence, the port is random the first time, but predictable thereafter. To listen on a unique port, generate a port number based on the cluster worker ID.

Node.js does not provide routing logic. It is, therefore important to design an application such that it does not rely too heavily on in-memory data objects for things like sessions and login.

Because workers are all separate processes, they can be killed or re-spawned depending on a program's needs, without affecting other workers. As long as there are some workers still alive, the server will continue to accept connections. If no workers are alive, existing connections will be dropped and new connections will be refused. Node.js does not automatically manage the number of workers, however. It is the application's responsibility to manage the worker pool based on its own needs.

Although a primary use case for the cluster module is networking, it can also be used for other use cases requiring worker processes.

Class: Worker#

Added in: v0.7.0

A Worker object contains all public information and method about a worker. In the master it can be obtained using cluster.workers. In a worker it can be obtained using cluster.worker.

Event: 'disconnect'#

Added in: v0.7.7

Similar to the cluster.on('disconnect') event, but specific to this worker.

cluster.fork().on('disconnect', () => {
  // Worker has disconnected
});

Event: 'error'#

Added in: v0.7.3

This event is the same as the one provided by child_process.fork().

Within a worker, process.on('error') may also be used.

Event: 'exit'#

Added in: v0.11.2
  • code <number> The exit code, if it exited normally.
  • signal <string> The name of the signal (e.g. 'SIGHUP') that caused the process to be killed.

Similar to the cluster.on('exit') event, but specific to this worker.

const worker = cluster.fork();
worker.on('exit', (code, signal) => {
  if (signal) {
    console.log(`worker was killed by signal: ${signal}`);
  } else if (code !== 0) {
    console.log(`worker exited with error code: ${code}`);
  } else {
    console.log('worker success!');
  }
});

Event: 'listening'#

Added in: v0.7.0

Similar to the cluster.on('listening') event, but specific to this worker.

cluster.fork().on('listening', (address) => {
  // Worker is listening
});

It is not emitted in the worker.

Event: 'message'#

Added in: v0.7.0

Similar to the 'message' event of cluster, but specific to this worker.

Within a worker, process.on('message') may also be used.

See process event: 'message'.

Here is an example using the message system. It keeps a count in the master process of the number of HTTP requests received by the workers:

const cluster = require('cluster');
const http = require('http');

if (cluster.isMaster) {

  // Keep track of http requests
  let numReqs = 0;
  setInterval(() => {
    console.log(`numReqs = ${numReqs}`);
  }, 1000);

  // Count requests
  function messageHandler(msg) {
    if (msg.cmd && msg.cmd === 'notifyRequest') {
      numReqs += 1;
    }
  }

  // Start workers and listen for messages containing notifyRequest
  const numCPUs = require('os').cpus().length;
  for (let i = 0; i < numCPUs; i++) {
    cluster.fork();
  }

  for (const id in cluster.workers) {
    cluster.workers[id].on('message', messageHandler);
  }

} else {

  // Worker processes have a http server.
  http.Server((req, res) => {
    res.writeHead(200);
    res.end('hello world\n');

    // Notify master about the request
    process.send({ cmd: 'notifyRequest' });
  }).listen(8000);
}

Event: 'online'#

Added in: v0.7.0

Similar to the cluster.on('online') event, but specific to this worker.

cluster.fork().on('online', () => {
  // Worker is online
});

It is not emitted in the worker.

worker.disconnect()#

History
VersionChanges
v7.3.0

This method now returns a reference to worker.

v0.7.7

Added in: v0.7.7

In a worker, this function will close all servers, wait for the 'close' event on those servers, and then disconnect the IPC channel.

In the master, an internal message is sent to the worker causing it to call .disconnect() on itself.

Causes .exitedAfterDisconnect to be set.

After a server is closed, it will no longer accept new connections, but connections may be accepted by any other listening worker. Existing connections will be allowed to close as usual. When no more connections exist, see server.close(), the IPC channel to the worker will close allowing it to die gracefully.

The above applies only to server connections, client connections are not automatically closed by workers, and disconnect does not wait for them to close before exiting.

In a worker, process.disconnect exists, but it is not this function; it is disconnect().

Because long living server connections may block workers from disconnecting, it may be useful to send a message, so application specific actions may be taken to close them. It also may be useful to implement a timeout, killing a worker if the 'disconnect' event has not been emitted after some time.

if (cluster.isMaster) {
  const worker = cluster.fork();
  let timeout;

  worker.on('listening', (address) => {
    worker.send('shutdown');
    worker.disconnect();
    timeout = setTimeout(() => {
      worker.kill();
    }, 2000);
  });

  worker.on('disconnect', () => {
    clearTimeout(timeout);
  });

} else if (cluster.isWorker) {
  const net = require('net');
  const server = net.createServer((socket) => {
    // Connections never end
  });

  server.listen(8000);

  process.on('message', (msg) => {
    if (msg === 'shutdown') {
      // Initiate graceful close of any connections to server
    }
  });
}

worker.exitedAfterDisconnect#

Added in: v6.0.0

This property is true if the worker exited due to .kill() or .disconnect(). If the worker exited any other way, it is false. If the worker has not exited, it is undefined.

The boolean worker.exitedAfterDisconnect allows distinguishing between voluntary and accidental exit, the master may choose not to respawn a worker based on this value.

cluster.on('exit', (worker, code, signal) => {
  if (worker.exitedAfterDisconnect === true) {
    console.log('Oh, it was just voluntary – no need to worry');
  }
});

// kill worker
worker.kill();

worker.id#

Added in: v0.8.0

Each new worker is given its own unique id, this id is stored in the id.

While a worker is alive, this is the key that indexes it in cluster.workers.

worker.isConnected()#

Added in: v0.11.14

This function returns true if the worker is connected to its master via its IPC channel, false otherwise. A worker is connected to its master after it has been created. It is disconnected after the 'disconnect' event is emitted.

worker.isDead()#

Added in: v0.11.14

This function returns true if the worker's process has terminated (either because of exiting or being signaled). Otherwise, it returns false.

const cluster = require('cluster');
const http = require('http');
const numCPUs = require('os').cpus().length;

if (cluster.isMaster) {
  console.log(`Master ${process.pid} is running`);

  // Fork workers.
  for (let i = 0; i < numCPUs; i++) {
    cluster.fork();
  }

  cluster.on('fork', (worker) => {
    console.log('worker is dead:', worker.isDead());
  });

  cluster.on('exit', (worker, code, signal) => {
    console.log('worker is dead:', worker.isDead());
  });
} else {
  // Workers can share any TCP connection. In this case, it is an HTTP server.
  http.createServer((req, res) => {
    res.writeHead(200);
    res.end(`Current process\n ${process.pid}`);
    process.kill(process.pid);
  }).listen(8000);
}

worker.kill([signal='SIGTERM'])#

Added in: v0.9.12
  • signal <string> Name of the kill signal to send to the worker process.

This function will kill the worker. In the master, it does this by disconnecting the worker.process, and once disconnected, killing with signal. In the worker, it does it by disconnecting the channel, and then exiting with code 0.

Because kill() attempts to gracefully disconnect the worker process, it is susceptible to waiting indefinitely for the disconnect to complete. For example, if the worker enters an infinite loop, a graceful disconnect will never occur. If the graceful disconnect behavior is not needed, use worker.process.kill().

Causes .exitedAfterDisconnect to be set.

This method is aliased as worker.destroy() for backwards compatibility.

In a worker, process.kill() exists, but it is not this function; it is kill().

worker.process#

Added in: v0.7.0

All workers are created using child_process.fork(), the returned object from this function is stored as .process. In a worker, the global process is stored.

See: Child Process module.

Workers will call process.exit(0) if the 'disconnect' event occurs on process and .exitedAfterDisconnect is not true. This protects against accidental disconnection.

worker.send(message[, sendHandle[, options]][, callback])#

History
VersionChanges
v4.0.0

The callback parameter is supported now.

v0.7.0

Added in: v0.7.0

  • message <Object>
  • sendHandle <Handle>

  • options <Object> The options argument, if present, is an object used to parameterize the sending of certain types of handles. options supports the following properties:

    • keepOpen <boolean> A value that can be used when passing instances of net.Socket. When true, the socket is kept open in the sending process. Default: false.
  • callback <Function>
  • Returns: <boolean>

Send a message to a worker or master, optionally with a handle.

In the master this sends a message to a specific worker. It is identical to ChildProcess.send().

In a worker this sends a message to the master. It is identical to process.send().

This example will echo back all messages from the master:

if (cluster.isMaster) {
  const worker = cluster.fork();
  worker.send('hi there');

} else if (cluster.isWorker) {
  process.on('message', (msg) => {
    process.send(msg);
  });
}

Event: 'disconnect'#

Added in: v0.7.9

Emitted after the worker IPC channel has disconnected. This can occur when a worker exits gracefully, is killed, or is disconnected manually (such as with worker.disconnect()).

There may be a delay between the 'disconnect' and 'exit' events. These events can be used to detect if the process is stuck in a cleanup or if there are long-living connections.

cluster.on('disconnect', (worker) => {
  console.log(`The worker #${worker.id} has disconnected`);
});

Event: 'exit'#

Added in: v0.7.9
  • worker <cluster.Worker>
  • code <number> The exit code, if it exited normally.
  • signal <string> The name of the signal (e.g. 'SIGHUP') that caused the process to be killed.

When any of the workers die the cluster module will emit the 'exit' event.

This can be used to restart the worker by calling .fork() again.

cluster.on('exit', (worker, code, signal) => {
  console.log('worker %d died (%s). restarting...',
              worker.process.pid, signal || code);
  cluster.fork();
});

See child_process event: 'exit'.

Event: 'fork'#

Added in: v0.7.0

When a new worker is forked the cluster module will emit a 'fork' event. This can be used to log worker activity, and create a custom timeout.

const timeouts = [];
function errorMsg() {
  console.error('Something must be wrong with the connection ...');
}

cluster.on('fork', (worker) => {
  timeouts[worker.id] = setTimeout(errorMsg, 2000);
});
cluster.on('listening', (worker, address) => {
  clearTimeout(timeouts[worker.id]);
});
cluster.on('exit', (worker, code, signal) => {
  clearTimeout(timeouts[worker.id]);
  errorMsg();
});

Event: 'listening'#

Added in: v0.7.0

After calling listen() from a worker, when the 'listening' event is emitted on the server a 'listening' event will also be emitted on cluster in the master.

The event handler is executed with two arguments, the worker contains the worker object and the address object contains the following connection properties: address, port and addressType. This is very useful if the worker is listening on more than one address.

cluster.on('listening', (worker, address) => {
  console.log(
    `A worker is now connected to ${address.address}:${address.port}`);
});

The addressType is one of:

  • 4 (TCPv4)
  • 6 (TCPv6)
  • -1 (Unix domain socket)
  • 'udp4' or 'udp6' (UDP v4 or v6)

Event: 'message'#

History
VersionChanges
v6.0.0

The worker parameter is passed now; see below for details.

v2.5.0

Added in: v2.5.0

Emitted when the cluster master receives a message from any worker.

See child_process event: 'message'.

Event: 'online'#

Added in: v0.7.0

After forking a new worker, the worker should respond with an online message. When the master receives an online message it will emit this event. The difference between 'fork' and 'online' is that fork is emitted when the master forks a worker, and 'online' is emitted when the worker is running.

cluster.on('online', (worker) => {
  console.log('Yay, the worker responded after it was forked');
});

Event: 'setup'#

Added in: v0.7.1

Emitted every time .setupMaster() is called.

The settings object is the cluster.settings object at the time .setupMaster() was called and is advisory only, since multiple calls to .setupMaster() can be made in a single tick.

If accuracy is important, use cluster.settings.

cluster.disconnect([callback])#

Added in: v0.7.7
  • callback <Function> Called when all workers are disconnected and handles are closed.

Calls .disconnect() on each worker in cluster.workers.

When they are disconnected all internal handles will be closed, allowing the master process to die gracefully if no other event is waiting.

The method takes an optional callback argument which will be called when finished.

This can only be called from the master process.

cluster.fork([env])#

Added in: v0.6.0

Spawn a new worker process.

This can only be called from the master process.

cluster.isMaster#

Added in: v0.8.1

True if the process is a master. This is determined by the process.env.NODE_UNIQUE_ID. If process.env.NODE_UNIQUE_ID is undefined, then isMaster is true.

cluster.isWorker#

Added in: v0.6.0

True if the process is not a master (it is the negation of cluster.isMaster).

cluster.schedulingPolicy#

Added in: v0.11.2

The scheduling policy, either cluster.SCHED_RR for round-robin or cluster.SCHED_NONE to leave it to the operating system. This is a global setting and effectively frozen once either the first worker is spawned, or .setupMaster() is called, whichever comes first.

SCHED_RR is the default on all operating systems except Windows. Windows will change to SCHED_RR once libuv is able to effectively distribute IOCP handles without incurring a large performance hit.

cluster.schedulingPolicy can also be set through the NODE_CLUSTER_SCHED_POLICY environment variable. Valid values are 'rr' and 'none'.

cluster.settings#

History
VersionChanges
v9.5.0

The cwd option is supported now.

v9.4.0

The windowsHide option is supported now.

v8.2.0

The inspectPort option is supported now.

v6.4.0

The stdio option is supported now.

v0.7.1

Added in: v0.7.1

  • <Object>

    • execArgv <string[]> List of string arguments passed to the Node.js executable. Default: process.execArgv.
    • exec <string> File path to worker file. Default: process.argv[1].
    • args <string[]> String arguments passed to worker. Default: process.argv.slice(2).
    • cwd <string> Current working directory of the worker process. Default: undefined (inherits from parent process).
    • silent <boolean> Whether or not to send output to parent's stdio. Default: false.
    • stdio <Array> Configures the stdio of forked processes. Because the cluster module relies on IPC to function, this configuration must contain an 'ipc' entry. When this option is provided, it overrides silent.
    • uid <number> Sets the user identity of the process. (See setuid(2).)
    • gid <number> Sets the group identity of the process. (See setgid(2).)
    • inspectPort <number> | <Function> Sets inspector port of worker. This can be a number, or a function that takes no arguments and returns a number. By default each worker gets its own port, incremented from the master's process.debugPort.
    • windowsHide <boolean> Hide the forked processes console window that would normally be created on Windows systems. Default: false.

After calling .setupMaster() (or .fork()) this settings object will contain the settings, including the default values.

This object is not intended to be changed or set manually.

cluster.setupMaster([settings])#

History
VersionChanges
v6.4.0

The stdio option is supported now.

v0.7.1

Added in: v0.7.1

setupMaster is used to change the default 'fork' behavior. Once called, the settings will be present in cluster.settings.

Any settings changes only affect future calls to .fork() and have no effect on workers that are already running.

The only attribute of a worker that cannot be set via .setupMaster() is the env passed to .fork().

The defaults above apply to the first call only; the defaults for later calls are the current values at the time of cluster.setupMaster() is called.

const cluster = require('cluster');
cluster.setupMaster({
  exec: 'worker.js',
  args: ['--use', 'https'],
  silent: true
});
cluster.fork(); // https worker
cluster.setupMaster({
  exec: 'worker.js',
  args: ['--use', 'http']
});
cluster.fork(); // http worker

This can only be called from the master process.

cluster.worker#

Added in: v0.7.0

A reference to the current worker object. Not available in the master process.

const cluster = require('cluster');

if (cluster.isMaster) {
  console.log('I am master');
  cluster.fork();
  cluster.fork();
} else if (cluster.isWorker) {
  console.log(`I am worker #${cluster.worker.id}`);
}

cluster.workers#

Added in: v0.7.0

A hash that stores the active worker objects, keyed by id field. Makes it easy to loop through all the workers. It is only available in the master process.

A worker is removed from cluster.workers after the worker has disconnected and exited. The order between these two events cannot be determined in advance. However, it is guaranteed that the removal from the cluster.workers list happens before last 'disconnect' or 'exit' event is emitted.

// Go through all workers
function eachWorker(callback) {
  for (const id in cluster.workers) {
    callback(cluster.workers[id]);
  }
}
eachWorker((worker) => {
  worker.send('big announcement to all workers');
});

Using the worker's unique id is the easiest way to locate the worker.

socket.on('data', (id) => {
  const worker = cluster.workers[id];
});

Command Line Options#

Node.js comes with a variety of CLI options. These options expose built-in debugging, multiple ways to execute scripts, and other helpful runtime options.

To view this documentation as a manual page in a terminal, run man node.

Synopsis#

node [options] [V8 options] [script.js | -e "script" | -] [--] [arguments]

node inspect [script.js | -e "script" | <host>:<port>] …

node --v8-options

Execute without arguments to start the REPL.

For more info about node inspect, please see the debugger documentation.

Options#

History
VersionChanges
v10.12.0

Underscores instead of dashes are now allowed for Node.js options as well, in addition to V8 options.

All options, including V8 options, allow words to be separated by both dashes (-) or underscores (_).

For example, --pending-deprecation is equivalent to --pending_deprecation.

-#

Added in: v8.0.0

Alias for stdin. Analogous to the use of - in other command line utilities, meaning that the script will be read from stdin, and the rest of the options are passed to that script.

--#

Added in: v6.11.0

Indicate the end of node options. Pass the rest of the arguments to the script. If no script filename or eval/print script is supplied prior to this, then the next argument will be used as a script filename.

--abort-on-uncaught-exception#

Added in: v0.10

Aborting instead of exiting causes a core file to be generated for post-mortem analysis using a debugger (such as lldb, gdb, and mdb).

If this flag is passed, the behavior can still be set to not abort through process.setUncaughtExceptionCaptureCallback() (and through usage of the domain module that uses it).

--completion-bash#

Added in: v10.12.0

Print source-able bash completion script for Node.js.

$ node --completion-bash > node_bash_completion
$ source node_bash_completion

--cpu-prof#

Added in: v12.0.0

Stability: 1 - Experimental

Starts the V8 CPU profiler on start up, and writes the CPU profile to disk before exit.

If --cpu-prof-dir is not specified, the generated profile will be placed in the current working directory.

If --cpu-prof-name is not specified, the generated profile will be named CPU.${yyyymmdd}.${hhmmss}.${pid}.${tid}.${seq}.cpuprofile.

$ node --cpu-prof index.js
$ ls *.cpuprofile
CPU.20190409.202950.15293.0.0.cpuprofile

--cpu-prof-dir#

Added in: v12.0.0

Stability: 1 - Experimental

Specify the directory where the CPU profiles generated by --cpu-prof will be placed.

--cpu-prof-interval#

Added in: v12.2.0

Stability: 1 - Experimental

Specify the sampling interval in microseconds for the CPU profiles generated by --cpu-prof. The default is 1000 microseconds.

--cpu-prof-name#

Added in: v12.0.0

Stability: 1 - Experimental

Specify the file name of the CPU profile generated by --cpu-prof.

--disallow-code-generation-from-strings#

Added in: v9.8.0

Make built-in language features like eval and new Function that generate code from strings throw an exception instead. This does not affect the Node.js vm module.

--enable-fips#

Added in: v6.0.0

Enable FIPS-compliant crypto at startup. (Requires Node.js to be built with ./configure --openssl-fips.)

--enable-source-maps#

Added in: v12.12.0

Stability: 1 - Experimental

Enable experimental Source Map V3 support for stack traces.

Currently, overriding Error.prepareStackTrace is ignored when the --enable-source-maps flag is set.

--es-module-specifier-resolution=mode#

Added in: v12.0.0

To be used in conjunction with --experimental-modules. Sets the resolution algorithm for resolving specifiers. Valid options are explicit and node.

The default is explicit, which requires providing the full path to a module. The node mode will enable support for optional file extensions and the ability to import a directory that has an index file.

Please see customizing esm specifier resolution for example usage.

--experimental-json-modules#

Added in: v12.9.0

Enable experimental JSON support for the ES Module loader.

--experimental-modules#

Added in: v8.5.0

Enable experimental ES module support and caching modules.

--experimental-policy#

Added in: v11.8.0

Use the specified file as a security policy.

--experimental-repl-await#

Added in: v10.0.0

Enable experimental top-level await keyword support in REPL.

--experimental-report#

Added in: v11.8.0

Enable experimental diagnostic report feature.

--experimental-resolve-self#

Added in: v13.1.0

Enable experimental support for a package using require or import to load itself.

--experimental-vm-modules#

Added in: v9.6.0

Enable experimental ES Module support in the vm module.

--experimental-wasm-modules#

Added in: v12.3.0

Enable experimental WebAssembly module support.

--force-fips#

Added in: v6.0.0

Force FIPS-compliant crypto on startup. (Cannot be disabled from script code.) (Same requirements as --enable-fips.)

--frozen-intrinsics#

Added in: v11.12.0

Stability: 1 - Experimental

Enable experimental frozen intrinsics like Array and Object.

Support is currently only provided for the root context and no guarantees are currently provided that global.Array is indeed the default intrinsic reference. Code may break under this flag.

--require runs prior to freezing intrinsics in order to allow polyfills to be added.

--heapsnapshot-signal=signal#

Added in: v12.0.0

Enables a signal handler that causes the Node.js process to write a heap dump when the specified signal is received. signal must be a valid signal name. Disabled by default.

$ node --heapsnapshot-signal=SIGUSR2 index.js &
$ ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
node         1  5.5  6.1 787252 247004 ?       Ssl  16:43   0:02 node --heapsnapshot-signal=SIGUSR2 index.js
$ kill -USR2 1
$ ls
Heap.20190718.133405.15554.0.001.heapsnapshot

--heap-prof#

Added in: v12.4.0

Stability: 1 - Experimental

Starts the V8 heap profiler on start up, and writes the heap profile to disk before exit.

If --heap-prof-dir is not specified, the generated profile will be placed in the current working directory.

If --heap-prof-name is not specified, the generated profile will be named Heap.${yyyymmdd}.${hhmmss}.${pid}.${tid}.${seq}.heapprofile.

$ node --heap-prof index.js
$ ls *.heapprofile
Heap.20190409.202950.15293.0.001.heapprofile

--heap-prof-dir#

Added in: v12.4.0

Stability: 1 - Experimental

Specify the directory where the heap profiles generated by --heap-prof will be placed.

--heap-prof-interval#

Added in: v12.4.0

Stability: 1 - Experimental

Specify the average sampling interval in bytes for the heap profiles generated by --heap-prof. The default is 512 * 1024 bytes.

--heap-prof-name#

Added in: v12.4.0

Stability: 1 - Experimental

Specify the file name of the heap profile generated by --heap-prof.

--icu-data-dir=file#

Added in: v0.11.15

Specify ICU data load path. (Overrides NODE_ICU_DATA.)

--input-type=type#

Added in: v12.0.0

Used with --experimental-modules, this configures Node.js to interpret string input as CommonJS or as an ES module. String input is input via --eval, --print, or STDIN.

Valid values are "commonjs" and "module". The default is "commonjs".

--inspect-brk[=[host:]port]#

Added in: v7.6.0

Activate inspector on host:port and break at start of user script. Default host:port is 127.0.0.1:9229.

--inspect-port=[host:]port#

Added in: v7.6.0

Set the host:port to be used when the inspector is activated. Useful when activating the inspector by sending the SIGUSR1 signal.

Default host is 127.0.0.1.

See the security warning below regarding the host parameter usage.

--inspect[=[host:]port]#

Added in: v6.3.0

Activate inspector on host:port. Default is 127.0.0.1:9229.

V8 inspector integration allows tools such as Chrome DevTools and IDEs to debug and profile Node.js instances. The tools attach to Node.js instances via a tcp port and communicate using the Chrome DevTools Protocol.

Warning: binding inspector to a public IP:port combination is insecure#

Binding the inspector to a public IP (including 0.0.0.0) with an open port is insecure, as it allows external hosts to connect to the inspector and perform a remote code execution attack.

If specifying a host, make sure that either:

  • The host is not accessible from public networks.
  • A firewall disallows unwanted connections on the port.

More specifically, --inspect=0.0.0.0 is insecure if the port (9229 by default) is not firewall-protected.

See the debugging security implications section for more information.

--inspect-publish-uid=stderr,http#

Specify ways of the inspector web socket url exposure.

By default inspector websocket url is available in stderr and under /json/list endpoint on http://host:port/json/list.

--experimental-loader=module#

Added in: v9.0.0

Specify the module of a custom experimental ECMAScript Module loader. module may be either a path to a file, or an ECMAScript Module name.

--max-http-header-size=size#

Added in: v11.6.0

Specify the maximum size, in bytes, of HTTP headers. Defaults to 8KB.

--napi-modules#

Added in: v7.10.0

This option is a no-op. It is kept for compatibility.

--no-deprecation#

Added in: v0.8.0

Silence deprecation warnings.

--no-force-async-hooks-checks#

Added in: v9.0.0

Disables runtime checks for async_hooks. These will still be enabled dynamically when async_hooks is enabled.

--no-warnings#

Added in: v6.0.0

Silence all process warnings (including deprecations).

--force-context-aware#

Added in: v12.12.0

Disable loading native addons that are not context-aware.

--openssl-config=file#

Added in: v6.9.0

Load an OpenSSL configuration file on startup. Among other uses, this can be used to enable FIPS-compliant crypto if Node.js is built with ./configure --openssl-fips.

--pending-deprecation#

Added in: v8.0.0

Emit pending deprecation warnings.

Pending deprecations are generally identical to a runtime deprecation with the notable exception that they are turned off by default and will not be emitted unless either the --pending-deprecation command line flag, or the NODE_PENDING_DEPRECATION=1 environment variable, is set. Pending deprecations are used to provide a kind of selective "early warning" mechanism that developers may leverage to detect deprecated API usage.

--policy-integrity=sri#

Added in: v12.7.0

Stability: 1 - Experimental

Instructs Node.js to error prior to running any code if the policy does not have the specified integrity. It expects a Subresource Integrity string as a parameter.

--preserve-symlinks#

Added in: v6.3.0

Instructs the module loader to preserve symbolic links when resolving and caching modules.

By default, when Node.js loads a module from a path that is symbolically linked to a different on-disk location, Node.js will dereference the link and use the actual on-disk "real path" of the module as both an identifier and as a root path to locate other dependency modules. In most cases, this default behavior is acceptable. However, when using symbolically linked peer dependencies, as illustrated in the example below, the default behavior causes an exception to be thrown if moduleA attempts to require moduleB as a peer dependency:

{appDir}
 ├── app
 │   ├── index.js
 │   └── node_modules
 │       ├── moduleA -> {appDir}/moduleA
 │       └── moduleB
 │           ├── index.js
 │           └── package.json
 └── moduleA
     ├── index.js
     └── package.json

The --preserve-symlinks command line flag instructs Node.js to use the symlink path for modules as opposed to the real path, allowing symbolically linked peer dependencies to be found.

Note, however, that using --preserve-symlinks can have other side effects. Specifically, symbolically linked native modules can fail to load if those are linked from more than one location in the dependency tree (Node.js would see those as two separate modules and would attempt to load the module multiple times, causing an exception to be thrown).

The --preserve-symlinks flag does not apply to the main module, which allows node --preserve-symlinks node_module/.bin/<foo> to work. To apply the same behavior for the main module, also use --preserve-symlinks-main.

--preserve-symlinks-main#

Added in: v10.2.0

Instructs the module loader to preserve symbolic links when resolving and caching the main module (require.main).

This flag exists so that the main module can be opted-in to the same behavior that --preserve-symlinks gives to all other imports; they are separate flags, however, for backward compatibility with older Node.js versions.

--preserve-symlinks-main does not imply --preserve-symlinks; it is expected that --preserve-symlinks-main will be used in addition to --preserve-symlinks when it is not desirable to follow symlinks before resolving relative paths.

See --preserve-symlinks for more information.

--prof#

Added in: v2.0.0

Generate V8 profiler output.

--prof-process#

Added in: v5.2.0

Process V8 profiler output generated using the V8 option --prof.

--redirect-warnings=file#

Added in: v8.0.0

Write process warnings to the given file instead of printing to stderr. The file will be created if it does not exist, and will be appended to if it does. If an error occurs while attempting to write the warning to the file, the warning will be written to stderr instead.

--report-directory=directory#

History
VersionChanges
v12.0.0

Changed from --diagnostic-report-directory to --report-directory

v11.8.0

Added in: v11.8.0

Location at which the report will be generated.

--report-filename=filename#

History
VersionChanges
v12.0.0

changed from --diagnostic-report-filename to --report-filename

v11.8.0

Added in: v11.8.0

Name of the file to which the report will be written.

--report-on-fatalerror#

History
VersionChanges
v12.0.0

changed from --diagnostic-report-on-fatalerror to --report-on-fatalerror

v11.8.0

Added in: v11.8.0

Enables the report to be triggered on fatal errors (internal errors within the Node.js runtime such as out of memory) that lead to termination of the application, if --experimental-report is enabled. Useful to inspect various diagnostic data elements such as heap, stack, event loop state, resource consumption etc. to reason about the fatal error.

--report-on-signal#

History
VersionChanges
v12.0.0

changed from --diagnostic-report-on-signal to --report-on-signal

v11.8.0

Added in: v11.8.0

Enables report to be generated upon receiving the specified (or predefined) signal to the running Node.js process, if --experimental-report is enabled. The signal to trigger the report is specified through --report-signal.

--report-signal=signal#

History
VersionChanges
v12.0.0

changed from --diagnostic-report-signal to --report-signal

v11.8.0

Added in: v11.8.0

Sets or resets the signal for report generation (not supported on Windows). Default signal is SIGUSR2.

--report-uncaught-exception#

History
VersionChanges
v12.0.0

changed from --diagnostic-report-uncaught-exception to --report-uncaught-exception

v11.8.0

Added in: v11.8.0

Enables report to be generated on un-caught exceptions, if --experimental-report is enabled. Useful when inspecting JavaScript stack in conjunction with native stack and other runtime environment data.

--throw-deprecation#

Added in: v0.11.14

Throw errors for deprecations.

--title=title#

Added in: v10.7.0

Set process.title on startup.

--tls-cipher-list=list#

Added in: v4.0.0

Specify an alternative default TLS cipher list. Requires Node.js to be built with crypto support (default).

--tls-max-v1.2#

Added in: v12.0.0

Set tls.DEFAULT_MAX_VERSION to 'TLSv1.2'. Use to disable support for TLSv1.3.

--tls-max-v1.3#

Added in: v12.0.0

Set default tls.DEFAULT_MAX_VERSION to 'TLSv1.3'. Use to enable support for TLSv1.3.

--tls-min-v1.0#

Added in: v12.0.0

Set default tls.DEFAULT_MIN_VERSION to 'TLSv1'. Use for compatibility with old TLS clients or servers.

--tls-min-v1.1#

Added in: v12.0.0

Set default tls.DEFAULT_MIN_VERSION to 'TLSv1.1'. Use for compatibility with old TLS clients or servers.

--tls-min-v1.2#

Added in: v12.2.0

Set default tls.DEFAULT_MIN_VERSION to 'TLSv1.2'. This is the default for 12.x and later, but the option is supported for compatibility with older Node.js versions.

--tls-min-v1.3#

Added in: v12.0.0

Set default tls.DEFAULT_MIN_VERSION to 'TLSv1.3'. Use to disable support for TLSv1.2, which is not as secure as TLSv1.3.

--trace-deprecation#

Added in: v0.8.0

Print stack traces for deprecations.

--trace-event-categories#

Added in: v7.7.0

A comma separated list of categories that should be traced when trace event tracing is enabled using --trace-events-enabled.

--trace-event-file-pattern#

Added in: v9.8.0

Template string specifying the filepath for the trace event data, it supports ${rotation} and ${pid}.

--trace-events-enabled#

Added in: v7.7.0

Enables the collection of trace event tracing information.

--trace-sync-io#

Added in: v2.1.0

Prints a stack trace whenever synchronous I/O is detected after the first turn of the event loop.

--trace-tls#

Added in: v12.2.0

Prints TLS packet trace information to stderr. This can be used to debug TLS connection problems.

--trace-uncaught#

Added in: v13.1.0

Print stack traces for uncaught exceptions; usually, the stack trace associated with the creation of an Error is printed, whereas this makes Node.js also print the stack trace associated with throwing the value (which does not need to be an Error instance).

Enabling this option may affect garbage collection behavior negatively.

--trace-warnings#

Added in: v6.0.0

Print stack traces for process warnings (including deprecations).

--track-heap-objects#

Added in: v2.4.0

Track heap object allocations for heap snapshots.

--unhandled-rejections=mode#

Added in: v12.0.0

By default all unhandled rejections trigger a warning plus a deprecation warning for the very first unhandled rejection in case no unhandledRejection hook is used.

Using this flag allows to change what should happen when an unhandled rejection occurs. One of three modes can be chosen:

  • strict: Raise the unhandled rejection as an uncaught exception.
  • warn: Always trigger a warning, no matter if the unhandledRejection hook is set or not but do not print the deprecation warning.
  • none: Silence all warnings.

--use-bundled-ca, --use-openssl-ca#

Added in: v6.11.0

Use bundled Mozilla CA store as supplied by current Node.js version or use OpenSSL's default CA store. The default store is selectable at build-time.

The bundled CA store, as supplied by Node.js, is a snapshot of Mozilla CA store that is fixed at release time. It is identical on all supported platforms.

Using OpenSSL store allows for external modifications of the store. For most Linux and BSD distributions, this store is maintained by the distribution maintainers and system administrators. OpenSSL CA store location is dependent on configuration of the OpenSSL library but this can be altered at runtime using environment variables.

See SSL_CERT_DIR and SSL_CERT_FILE.

--v8-options#

Added in: v0.1.3

Print V8 command line options.

--v8-pool-size=num#

Added in: v5.10.0

Set V8's thread pool size which will be used to allocate background jobs.

If set to 0 then V8 will choose an appropriate size of the thread pool based on the number of online processors.

If the value provided is larger than V8's maximum, then the largest value will be chosen.

--zero-fill-buffers#

Added in: v6.0.0

Automatically zero-fills all newly allocated Buffer and SlowBuffer instances.

-c, --check#

History
VersionChanges
v10.0.0

The --require option is now supported when checking a file.

v5.0.0, v4.2.0

Added in: v5.0.0, v4.2.0

Syntax check the script without executing.

-e, --eval "script"#

History
VersionChanges
v5.11.0

Built-in libraries are now available as predefined variables.

v0.5.2

Added in: v0.5.2

Evaluate the following argument as JavaScript. The modules which are predefined in the REPL can also be used in script.

On Windows, using cmd.exe a single quote will not work correctly because it only recognizes double " for quoting. In Powershell or Git bash, both ' and " are usable.

-h, --help#

Added in: v0.1.3

Print node command line options. The output of this option is less detailed than this document.

-i, --interactive#

Added in: v0.7.7

Opens the REPL even if stdin does not appear to be a terminal.

-p, --print "script"#

History
VersionChanges
v5.11.0

Built-in libraries are now available as predefined variables.

v0.6.4

Added in: v0.6.4

Identical to -e but prints the result.

-r, --require module#

Added in: v1.6.0

Preload the specified module at startup.

Follows require()'s module resolution rules. module may be either a path to a file, or a node module name.

-v, --version#

Added in: v0.1.3

Print node's version.

Environment Variables#

NODE_DEBUG=module[,…]#

Added in: v0.1.32

','-separated list of core modules that should print debug information.

NODE_DEBUG_NATIVE=module[,…]#

','-separated list of core C++ modules that should print debug information.

NODE_DISABLE_COLORS=1#

Added in: v0.3.0

When set, colors will not be used in the REPL.

NODE_EXTRA_CA_CERTS=file#

Added in: v7.3.0

When set, the well known "root" CAs (like VeriSign) will be extended with the extra certificates in file. The file should consist of one or more trusted certificates in PEM format. A message will be emitted (once) with process.emitWarning() if the file is missing or malformed, but any errors are otherwise ignored.

Neither the well known nor extra certificates are used when the ca options property is explicitly specified for a TLS or HTTPS client or server.

This environment variable is ignored when node runs as setuid root or has Linux file capabilities set.

NODE_ICU_DATA=file#

Added in: v0.11.15

Data path for ICU (Intl object) data. Will extend linked-in data when compiled with small-icu support.

NODE_NO_WARNINGS=1#

Added in: v6.11.0

When set to 1, process warnings are silenced.

NODE_OPTIONS=options...#

Added in: v8.0.0

A space-separated list of command line options. options... are interpreted before command line options, so command line options will override or compound after anything in options.... Node.js will exit with an error if an option that is not allowed in the environment is used, such as -p or a script file.

In case an option value happens to contain a space (for example a path listed in --require), it must be escaped using double quotes. For example:

NODE_OPTIONS='--require "./my path/file.js"'

A singleton flag passed as a command line option will override the same flag passed into NODE_OPTIONS:

# The inspector will be available on port 5555
NODE_OPTIONS='--inspect=localhost:4444' node --inspect=localhost:5555

A flag that can be passed multiple times will be treated as if its NODE_OPTIONS instances were passed first, and then its command line instances afterwards:

NODE_OPTIONS='--require "./a.js"' node --require "./b.js"
# is equivalent to:
node --require "./a.js" --require "./b.js"

Node.js options that are allowed are:

  • --enable-fips
  • --enable-source-maps
  • --es-module-specifier-resolution
  • --experimental-json-modules
  • --experimental-loader
  • --experimental-modules
  • --experimental-policy
  • --experimental-repl-await
  • --experimental-report
  • --experimental-resolve-self
  • --experimental-vm-modules
  • --experimental-wasm-modules
  • --force-context-aware
  • --force-fips
  • --frozen-intrinsics
  • --heapsnapshot-signal
  • --http-parser
  • --icu-data-dir
  • --input-type
  • --inspect-brk
  • --inspect-port, --debug-port
  • --inspect-publish-uid
  • --inspect
  • --max-http-header-size
  • --napi-modules
  • --no-deprecation
  • --no-force-async-hooks-checks
  • --no-warnings
  • --openssl-config
  • --pending-deprecation
  • --policy-integrity
  • --preserve-symlinks-main
  • --preserve-symlinks
  • --prof-process
  • --redirect-warnings
  • --report-directory
  • --report-filename
  • --report-on-fatalerror
  • --report-on-signal
  • --report-signal
  • --report-uncaught-exception
  • --require, -r
  • --throw-deprecation
  • --title
  • --tls-cipher-list
  • --tls-max-v1.2
  • --tls-max-v1.3
  • --tls-min-v1.0
  • --tls-min-v1.1
  • --tls-min-v1.2
  • --tls-min-v1.3
  • --trace-deprecation
  • --trace-event-categories
  • --trace-event-file-pattern
  • --trace-events-enabled
  • --trace-sync-io
  • --trace-tls
  • --trace-uncaught
  • --trace-warnings
  • --track-heap-objects
  • --unhandled-rejections
  • --use-bundled-ca
  • --use-openssl-ca
  • --v8-pool-size

  • --zero-fill-buffers

V8 options that are allowed are:

  • --abort-on-uncaught-exception
  • --disallow-code-generation-from-strings
  • --interpreted-frames-native-stack
  • --max-old-space-size
  • --perf-basic-prof-only-functions
  • --perf-basic-prof
  • --perf-prof-unwinding-info
  • --perf-prof

  • --stack-trace-limit

NODE_PATH=path[:…]#

Added in: v0.1.32

':'-separated list of directories prefixed to the module search path.

On Windows, this is a ';'-separated list instead.

NODE_PENDING_DEPRECATION=1#

Added in: v8.0.0

When set to 1, emit pending deprecation warnings.

Pending deprecations are generally identical to a runtime deprecation with the notable exception that they are turned off by default and will not be emitted unless either the --pending-deprecation command line flag, or the NODE_PENDING_DEPRECATION=1 environment variable, is set. Pending deprecations are used to provide a kind of selective "early warning" mechanism that developers may leverage to detect deprecated API usage.

NODE_PENDING_PIPE_INSTANCES=instances#

Set the number of pending pipe instance handles when the pipe server is waiting for connections. This setting applies to Windows only.

NODE_PRESERVE_SYMLINKS=1#

Added in: v7.1.0

When set to 1, instructs the module loader to preserve symbolic links when resolving and caching modules.

NODE_REDIRECT_WARNINGS=file#

Added in: v8.0.0

When set, process warnings will be emitted to the given file instead of printing to stderr. The file will be created if it does not exist, and will be appended to if it does. If an error occurs while attempting to write the warning to the file, the warning will be written to stderr instead. This is equivalent to using the --redirect-warnings=file command-line flag.

NODE_REPL_HISTORY=file#

Added in: v3.0.0

Path to the file used to store the persistent REPL history. The default path is ~/.node_repl_history, which is overridden by this variable. Setting the value to an empty string ('' or ' ') disables persistent REPL history.

NODE_REPL_EXTERNAL_MODULE=file#

Added in: v13.0.0

Path to a Node.js module which will be loaded in place of the built-in REPL. Overriding this value to an empty string ('') will use the built-in REPL.

NODE_TLS_REJECT_UNAUTHORIZED=value#

If value equals '0', certificate validation is disabled for TLS connections. This makes TLS, and HTTPS by extension, insecure. The use of this environment variable is strongly discouraged.

NODE_V8_COVERAGE=dir#

When set, Node.js will begin outputting V8 JavaScript code coverage and Source Map data to the directory provided as an argument (coverage information is written as JSON to files with a coverage prefix).

NODE_V8_COVERAGE will automatically propagate to subprocesses, making it easier to instrument applications that call the child_process.spawn() family of functions. NODE_V8_COVERAGE can be set to an empty string, to prevent propagation.

Coverage Output#

Coverage is output as an array of ScriptCoverage objects on the top-level key result:

{
  "result": [
    {
      "scriptId": "67",
      "url": "internal/tty.js",
      "functions": []
    }
  ]
}

Source Map Cache#

Stability: 1 - Experimental

If found, Source Map data is appended to the top-level key source-map-cache on the JSON coverage object.

source-map-cache is an object with keys representing the files source maps were extracted from, and values which include the raw source-map URL (in the key url), the parsed Source Map V3 information (in the key data), and the line lengths of the source file (in the key lineLengths).

{
  "result": [
    {
      "scriptId": "68",
      "url": "file:///absolute/path/to/source.js",
      "functions": []
    }
  ],
  "source-map-cache": {
    "file:///absolute/path/to/source.js": {
      "url": "./path-to-map.json",
      "data": {
        "version": 3,
        "sources": [
          "file:///absolute/path/to/original.js"
        ],
        "names": [
          "Foo",
          "console",
          "info"
        ],
        "mappings": "MAAMA,IACJC,YAAaC",
        "sourceRoot": "./"
      },
      "lineLengths": [
        13,
        62,
        38,
        27
      ]
    }
  }
}

OPENSSL_CONF=file#

Added in: v6.11.0

Load an OpenSSL configuration file on startup. Among other uses, this can be used to enable FIPS-compliant crypto if Node.js is built with ./configure --openssl-fips.

If the --openssl-config command line option is used, the environment variable is ignored.

SSL_CERT_DIR=dir#

Added in: v7.7.0

If --use-openssl-ca is enabled, this overrides and sets OpenSSL's directory containing trusted certificates.

Be aware that unless the child environment is explicitly set, this environment variable will be inherited by any child processes, and if they use OpenSSL, it may cause them to trust the same CAs as node.

SSL_CERT_FILE=file#

Added in: v7.7.0

If --use-openssl-ca is enabled, this overrides and sets OpenSSL's file containing trusted certificates.

Be aware that unless the child environment is explicitly set, this environment variable will be inherited by any child processes, and if they use OpenSSL, it may cause them to trust the same CAs as node.

UV_THREADPOOL_SIZE=size#

Set the number of threads used in libuv's threadpool to size threads.

Asynchronous system APIs are used by Node.js whenever possible, but where they do not exist, libuv's threadpool is used to create asynchronous node APIs based on synchronous system APIs. Node.js APIs that use the threadpool are:

  • all fs APIs, other than the file watcher APIs and those that are explicitly synchronous
  • asynchronous crypto APIs such as crypto.pbkdf2(), crypto.scrypt(), crypto.randomBytes(), crypto.randomFill(), crypto.generateKeyPair()
  • dns.lookup()
  • all zlib APIs, other than those that are explicitly synchronous

Because libuv's threadpool has a fixed size, it means that if for whatever reason any of these APIs takes a long time, other (seemingly unrelated) APIs that run in libuv's threadpool will experience degraded performance. In order to mitigate this issue, one potential solution is to increase the size of libuv's threadpool by setting the 'UV_THREADPOOL_SIZE' environment variable to a value greater than 4 (its current default value). For more information, see the libuv threadpool documentation.

Console#

Stability: 2 - Stable

The console module provides a simple debugging console that is similar to the JavaScript console mechanism provided by web browsers.

The module exports two specific components:

  • A Console class with methods such as console.log(), console.error() and console.warn() that can be used to write to any Node.js stream.
  • A global console instance configured to write to process.stdout and process.stderr. The global console can be used without calling require('console').

Warning: The global console object's methods are neither consistently synchronous like the browser APIs they resemble, nor are they consistently asynchronous like all other Node.js streams. See the note on process I/O for more information.

Example using the global console:

console.log('hello world');
// Prints: hello world, to stdout
console.log('hello %s', 'world');
// Prints: hello world, to stdout
console.error(new Error('Whoops, something bad happened'));
// Prints: [Error: Whoops, something bad happened], to stderr

const name = 'Will Robinson';
console.warn(`Danger ${name}! Danger!`);
// Prints: Danger Will Robinson! Danger!, to stderr

Example using the Console class:

const out = getStreamSomehow();
const err = getStreamSomehow();
const myConsole = new console.Console(out, err);

myConsole.log('hello world');
// Prints: hello world, to out
myConsole.log('hello %s', 'world');
// Prints: hello world, to out
myConsole.error(new Error('Whoops, something bad happened'));
// Prints: [Error: Whoops, something bad happened], to err

const name = 'Will Robinson';
myConsole.warn(`Danger ${name}! Danger!`);
// Prints: Danger Will Robinson! Danger!, to err

Class: Console#

History
VersionChanges
v8.0.0

Errors that occur while writing to the underlying streams will now be ignored by default.

The Console class can be used to create a simple logger with configurable output streams and can be accessed using either require('console').Console or console.Console (or their destructured counterparts):

const { Console } = require('console');

const { Console } = console;

new Console(stdout[, stderr][, ignoreErrors])#

new Console(options)#

History
VersionChanges
v11.7.0

The inspectOptions option is introduced.

v10.0.0

The Console constructor now supports an options argument, and the colorMode option was introduced.

v8.0.0

The ignoreErrors option was introduced.

  • options <Object>

    • stdout <stream.Writable>
    • stderr <stream.Writable>
    • ignoreErrors <boolean> Ignore errors when writing to the underlying streams. Default: true.
    • colorMode <boolean> | <string> Set color support for this Console instance. Setting to true enables coloring while inspecting values, setting to 'auto' will make color support depend on the value of the isTTY property and the value returned by getColorDepth() on the respective stream. This option can not be used, if inspectOptions.colors is set as well. Default: 'auto'.
    • inspectOptions <Object> Specifies options that are passed along to util.inspect().

Creates a new Console with one or two writable stream instances. stdout is a writable stream to print log or info output. stderr is used for warning or error output. If stderr is not provided, stdout is used for stderr.

const output = fs.createWriteStream('./stdout.log');
const errorOutput = fs.createWriteStream('./stderr.log');
// Custom simple logger
const logger = new Console({ stdout: output, stderr: errorOutput });
// use it like console
const count = 5;
logger.log('count: %d', count);
// In stdout.log: count 5

The global console is a special Console whose output is sent to process.stdout and process.stderr. It is equivalent to calling:

new Console({ stdout: process.stdout, stderr: process.stderr });

console.assert(value[, ...message])#

History
VersionChanges
v10.0.0

The implementation is now spec compliant and does not throw anymore.

v0.1.101

Added in: v0.1.101

  • value <any> The value tested for being truthy.
  • ...message <any> All arguments besides value are used as error message.

A simple assertion test that verifies whether value is truthy. If it is not, Assertion failed is logged. If provided, the error message is formatted using util.format() by passing along all message arguments. The output is used as the error message.

console.assert(true, 'does nothing');
// OK
console.assert(false, 'Whoops %s work', 'didn\'t');
// Assertion failed: Whoops didn't work

Calling console.assert() with a falsy assertion will only cause the message to be printed to the console without interrupting execution of subsequent code.

console.clear()#

Added in: v8.3.0

When stdout is a TTY, calling console.clear() will attempt to clear the TTY. When stdout is not a TTY, this method does nothing.

The specific operation of console.clear() can vary across operating systems and terminal types. For most Linux operating systems, console.clear() operates similarly to the clear shell command. On Windows, console.clear() will clear only the output in the current terminal viewport for the Node.js binary.

console.count([label])#

Added in: v8.3.0
  • label <string> The display label for the counter. Default: 'default'.

Maintains an internal counter specific to label and outputs to stdout the number of times console.count() has been called with the given label.

> console.count()
default: 1
undefined
> console.count('default')
default: 2
undefined
> console.count('abc')
abc: 1
undefined
> console.count('xyz')
xyz: 1
undefined
> console.count('abc')
abc: 2
undefined
> console.count()
default: 3
undefined
>

console.countReset([label])#

Added in: v8.3.0
  • label <string> The display label for the counter. Default: 'default'.

Resets the internal counter specific to label.

> console.count('abc');
abc: 1
undefined
> console.countReset('abc');
undefined
> console.count('abc');
abc: 1
undefined
>

console.debug(data[, ...args])#

History
VersionChanges
v8.10.0

console.debug is now an alias for console.log.

v8.0.0

Added in: v8.0.0

The console.debug() function is an alias for console.log().

console.dir(obj[, options])#

Added in: v0.1.101
  • obj <any>

  • options <Object>

    • showHidden <boolean> If true then the object's non-enumerable and symbol properties will be shown too. Default: false.
    • depth <number> Tells util.inspect() how many times to recurse while formatting the object. This is useful for inspecting large complicated objects. To make it recurse indefinitely, pass null. Default: 2.
    • colors <boolean> If true, then the output will be styled with ANSI color codes. Colors are customizable; see customizing util.inspect() colors. Default: false.

Uses util.inspect() on obj and prints the resulting string to stdout. This function bypasses any custom inspect() function defined on obj.

console.dirxml(...data)#

History
VersionChanges
v9.3.0

console.dirxml now calls console.log for its arguments.

v8.0.0

Added in: v8.0.0

This method calls console.log() passing it the arguments received. This method does not produce any XML formatting.

console.error([data][, ...args])#

Added in: v0.1.100

Prints to stderr with newline. Multiple arguments can be passed, with the first used as the primary message and all additional used as substitution values similar to printf(3) (the arguments are all passed to util.format()).

const code = 5;
console.error('error #%d', code);
// Prints: error #5, to stderr
console.error('error', code);
// Prints: error 5, to stderr

If formatting elements (e.g. %d) are not found in the first string then util.inspect() is called on each argument and the resulting string values are concatenated. See util.format() for more information.

console.group([...label])#

Added in: v8.5.0

Increases indentation of subsequent lines by two spaces.

If one or more labels are provided, those are printed first without the additional indentation.

console.groupCollapsed()#

Added in: v8.5.0

An alias for console.group().

console.groupEnd()#

Added in: v8.5.0

Decreases indentation of subsequent lines by two spaces.

console.info([data][, ...args])#

Added in: v0.1.100

The console.info() function is an alias for console.log().

console.log([data][, ...args])#

Added in: v0.1.100

Prints to stdout with newline. Multiple arguments can be passed, with the first used as the primary message and all additional used as substitution values similar to printf(3) (the arguments are all passed to util.format()).

const count = 5;
console.log('count: %d', count);
// Prints: count: 5, to stdout
console.log('count:', count);
// Prints: count: 5, to stdout

See util.format() for more information.

console.table(tabularData[, properties])#

Added in: v10.0.0
  • tabularData <any>
  • properties <string[]> Alternate properties for constructing the table.

Try to construct a table with the columns of the properties of tabularData (or use properties) and rows of tabularData and log it. Falls back to just logging the argument if it can’t be parsed as tabular.

// These can't be parsed as tabular data
console.table(Symbol());
// Symbol()

console.table(undefined);
// undefined

console.table([{ a: 1, b: 'Y' }, { a: 'Z', b: 2 }]);
// ┌─────────┬─────┬─────┐
// │ (index) │  a  │  b  │
// ├─────────┼─────┼─────┤
// │    0    │  1  │ 'Y' │
// │    1    │ 'Z' │  2  │
// └─────────┴─────┴─────┘

console.table([{ a: 1, b: 'Y' }, { a: 'Z', b: 2 }], ['a']);
// ┌─────────┬─────┐
// │ (index) │  a  │
// ├─────────┼─────┤
// │    0    │  1  │
// │    1    │ 'Z' │
// └─────────┴─────┘

console.time([label])#

Added in: v0.1.104

Starts a timer that can be used to compute the duration of an operation. Timers are identified by a unique label. Use the same label when calling console.timeEnd() to stop the timer and output the elapsed time in milliseconds to stdout. Timer durations are accurate to the sub-millisecond.

console.timeEnd([label])#

History
VersionChanges
v6.0.0

This method no longer supports multiple calls that don’t map to individual console.time() calls; see below for details.

v0.1.104

Added in: v0.1.104

Stops a timer that was previously started by calling console.time() and prints the result to stdout:

console.time('100-elements');
for (let i = 0; i < 100; i++) {}
console.timeEnd('100-elements');
// prints 100-elements: 225.438ms

console.timeLog([label][, ...data])#

Added in: v10.7.0

For a timer that was previously started by calling console.time(), prints the elapsed time and other data arguments to stdout:

console.time('process');
const value = expensiveProcess1(); // Returns 42
console.timeLog('process', value);
// Prints "process: 365.227ms 42".
doExpensiveProcess2(value);
console.timeEnd('process');

console.trace([message][, ...args])#

Added in: v0.1.104

Prints to stderr the string 'Trace: ', followed by the util.format() formatted message and stack trace to the current position in the code.

console.trace('Show me');
// Prints: (stack trace will vary based on where trace is called)
//  Trace: Show me
//    at repl:2:9
//    at REPLServer.defaultEval (repl.js:248:27)
//    at bound (domain.js:287:14)
//    at REPLServer.runBound [as eval] (domain.js:300:12)
//    at REPLServer.<anonymous> (repl.js:412:12)
//    at emitOne (events.js:82:20)
//    at REPLServer.emit (events.js:169:7)
//    at REPLServer.Interface._onLine (readline.js:210:10)
//    at REPLServer.Interface._line (readline.js:549:8)
//    at REPLServer.Interface._ttyWrite (readline.js:826:14)

console.warn([data][, ...args])#

Added in: v0.1.100

The console.warn() function is an alias for console.error().

Inspector only methods#

The following methods are exposed by the V8 engine in the general API but do not display anything unless used in conjunction with the inspector (--inspect flag).

console.markTimeline([label])#

Added in: v8.0.0

This method does not display anything unless used in the inspector. The console.markTimeline() method is the deprecated form of console.timeStamp().

console.profile([label])#

Added in: v8.0.0

This method does not display anything unless used in the inspector. The console.profile() method starts a JavaScript CPU profile with an optional label until console.profileEnd() is called. The profile is then added to the Profile panel of the inspector.

console.profile('MyLabel');
// Some code
console.profileEnd('MyLabel');
// Adds the profile 'MyLabel' to the Profiles panel of the inspector.

console.profileEnd([label])#

Added in: v8.0.0

This method does not display anything unless used in the inspector. Stops the current JavaScript CPU profiling session if one has been started and prints the report to the Profiles panel of the inspector. See console.profile() for an example.

If this method is called without a label, the most recently started profile is stopped.

console.timeStamp([label])#

Added in: v8.0.0

This method does not display anything unless used in the inspector. The console.timeStamp() method adds an event with the label 'label' to the Timeline panel of the inspector.

console.timeline([label])#

Added in: v8.0.0

This method does not display anything unless used in the inspector. The console.timeline() method is the deprecated form of console.time().

console.timelineEnd([label])#

Added in: v8.0.0

This method does not display anything unless used in the inspector. The console.timelineEnd() method is the deprecated form of console.timeEnd().

Crypto#

Stability: 2 - Stable

The crypto module provides cryptographic functionality that includes a set of wrappers for OpenSSL's hash, HMAC, cipher, decipher, sign, and verify functions.

Use require('crypto') to access this module.

const crypto = require('crypto');

const secret = 'abcdefg';
const hash = crypto.createHmac('sha256', secret)
                   .update('I love cupcakes')
                   .digest('hex');
console.log(hash);
// Prints:
//   c0fa1bc00531bd78ef38c628449c5102aeabd49b5dc3a2a516ea6ea959d6658e

Determining if crypto support is unavailable#

It is possible for Node.js to be built without including support for the crypto module. In such cases, calling require('crypto') will result in an error being thrown.

let crypto;
try {
  crypto = require('crypto');
} catch (err) {
  console.log('crypto support is disabled!');
}

Class: Certificate#

Added in: v0.11.8

SPKAC is a Certificate Signing Request mechanism originally implemented by Netscape and was specified formally as part of HTML5's keygen element.

<keygen> is deprecated since HTML 5.2 and new projects should not use this element anymore.

The crypto module provides the Certificate class for working with SPKAC data. The most common usage is handling output generated by the HTML5 <keygen> element. Node.js uses OpenSSL's SPKAC implementation internally.

Certificate.exportChallenge(spkac)#

Added in: v9.0.0 
const { Certificate } = require('crypto');
const spkac = getSpkacSomehow();
const challenge = Certificate.exportChallenge(spkac);
console.log(challenge.toString('utf8'));
// Prints: the challenge as a UTF8 string

Certificate.exportPublicKey(spkac[, encoding])#

Added in: v9.0.0 
const { Certificate } = require('crypto');
const spkac = getSpkacSomehow();
const publicKey = Certificate.exportPublicKey(spkac);
console.log(publicKey);
// Prints: the public key as <Buffer ...>

Certificate.verifySpkac(spkac)#

Added in: v9.0.0 
const { Certificate } = require('crypto');
const spkac = getSpkacSomehow();
console.log(Certificate.verifySpkac(Buffer.from(spkac)));
// Prints: true or false

Legacy API#

As a still supported legacy interface, it is possible (but not recommended) to create new instances of the crypto.Certificate class as illustrated in the examples below.

new crypto.Certificate()#

Instances of the Certificate class can be created using the new keyword or by calling crypto.Certificate() as a function:

const crypto = require('crypto');

const cert1 = new crypto.Certificate();
const cert2 = crypto.Certificate();

certificate.exportChallenge(spkac)#

Added in: v0.11.8 
const cert = require('crypto').Certificate();
const spkac = getSpkacSomehow();
const challenge = cert.exportChallenge(spkac);
console.log(challenge.toString('utf8'));
// Prints: the challenge as a UTF8 string

certificate.exportPublicKey(spkac)#

Added in: v0.11.8 
const cert = require('crypto').Certificate();
const spkac = getSpkacSomehow();
const publicKey = cert.exportPublicKey(spkac);
console.log(publicKey);
// Prints: the public key as <Buffer ...>

certificate.verifySpkac(spkac)#

Added in: v0.11.8 
const cert = require('crypto').Certificate();
const spkac = getSpkacSomehow();
console.log(cert.verifySpkac(Buffer.from(spkac)));
// Prints: true or false

Class: Cipher#

Added in: v0.1.94

Instances of the Cipher class are used to encrypt data. The class can be used in one of two ways:

  • As a stream that is both readable and writable, where plain unencrypted data is written to produce encrypted data on the readable side, or
  • Using the cipher.update() and cipher.final() methods to produce the encrypted data.

The crypto.createCipher() or crypto.createCipheriv() methods are used to create Cipher instances. Cipher objects are not to be created directly using the new keyword.

Example: Using Cipher objects as streams:

const crypto = require('crypto');

const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';
// Key length is dependent on the algorithm. In this case for aes192, it is
// 24 bytes (192 bits).
// Use async `crypto.scrypt()` instead.
const key = crypto.scryptSync(password, 'salt', 24);
// Use `crypto.randomBytes()` to generate a random iv instead of the static iv
// shown here.
const iv = Buffer.alloc(16, 0); // Initialization vector.

const cipher = crypto.createCipheriv(algorithm, key, iv);

let encrypted = '';
cipher.on('readable', () => {
  let chunk;
  while (null !== (chunk = cipher.read())) {
    encrypted += chunk.toString('hex');
  }
});
cipher.on('end', () => {
  console.log(encrypted);
  // Prints: e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa
});

cipher.write('some clear text data');
cipher.end();

Example: Using Cipher and piped streams:

const crypto = require('crypto');
const fs = require('fs');

const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';
// Use the async `crypto.scrypt()` instead.
const key = crypto.scryptSync(password, 'salt', 24);
// Use `crypto.randomBytes()` to generate a random iv instead of the static iv
// shown here.
const iv = Buffer.alloc(16, 0); // Initialization vector.

const cipher = crypto.createCipheriv(algorithm, key, iv);

const input = fs.createReadStream('test.js');
const output = fs.createWriteStream('test.enc');

input.pipe(cipher).pipe(output);

Example: Using the cipher.update() and cipher.final() methods:

const crypto = require('crypto');

const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';
// Use the async `crypto.scrypt()` instead.
const key = crypto.scryptSync(password, 'salt', 24);
// Use `crypto.randomBytes` to generate a random iv instead of the static iv
// shown here.
const iv = Buffer.alloc(16, 0); // Initialization vector.

const cipher = crypto.createCipheriv(algorithm, key, iv);

let encrypted = cipher.update('some clear text data', 'utf8', 'hex');
encrypted += cipher.final('hex');
console.log(encrypted);
// Prints: e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa

cipher.final([outputEncoding])#

Added in: v0.1.94
  • outputEncoding <string> The encoding of the return value.
  • Returns: <Buffer> | <string> Any remaining enciphered contents. If outputEncoding is specified, a string is returned. If an outputEncoding is not provided, a Buffer is returned.

Once the cipher.final() method has been called, the Cipher object can no longer be used to encrypt data. Attempts to call cipher.final() more than once will result in an error being thrown.

cipher.setAAD(buffer[, options])#

Added in: v1.0.0

When using an authenticated encryption mode (GCM, CCM and OCB are currently supported), the cipher.setAAD() method sets the value used for the additional authenticated data (AAD) input parameter.

The options argument is optional for GCM and OCB. When using CCM, the plaintextLength option must be specified and its value must match the length of the plaintext in bytes. See CCM mode.

The cipher.setAAD() method must be called before cipher.update().

cipher.getAuthTag()#

Added in: v1.0.0
  • Returns: <Buffer> When using an authenticated encryption mode (GCM, CCM and OCB are currently supported), the cipher.getAuthTag() method returns a Buffer containing the authentication tag that has been computed from the given data.

The cipher.getAuthTag() method should only be called after encryption has been completed using the cipher.final() method.

cipher.setAutoPadding([autoPadding])#

Added in: v0.7.1

When using block encryption algorithms, the Cipher class will automatically add padding to the input data to the appropriate block size. To disable the default padding call cipher.setAutoPadding(false).

When autoPadding is false, the length of the entire input data must be a multiple of the cipher's block size or cipher.final() will throw an error. Disabling automatic padding is useful for non-standard padding, for instance using 0x0 instead of PKCS padding.

The cipher.setAutoPadding() method must be called before cipher.final().

cipher.update(data[, inputEncoding][, outputEncoding])#

History
VersionChanges
v6.0.0

The default inputEncoding changed from binary to utf8.

v0.1.94

Added in: v0.1.94

Updates the cipher with data. If the inputEncoding argument is given, the data argument is a string using the specified encoding. If the inputEncoding argument is not given, data must be a Buffer, TypedArray, or DataView. If data is a Buffer, TypedArray, or DataView, then inputEncoding is ignored.

The outputEncoding specifies the output format of the enciphered data. If the outputEncoding is specified, a string using the specified encoding is returned. If no outputEncoding is provided, a Buffer is returned.

The cipher.update() method can be called multiple times with new data until cipher.final() is called. Calling cipher.update() after cipher.final() will result in an error being thrown.

Class: Decipher#

Added in: v0.1.94

Instances of the Decipher class are used to decrypt data. The class can be used in one of two ways:

  • As a stream that is both readable and writable, where plain encrypted data is written to produce unencrypted data on the readable side, or
  • Using the decipher.update() and decipher.final() methods to produce the unencrypted data.

The crypto.createDecipher() or crypto.createDecipheriv() methods are used to create Decipher instances. Decipher objects are not to be created directly using the new keyword.

Example: Using Decipher objects as streams:

const crypto = require('crypto');

const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';
// Key length is dependent on the algorithm. In this case for aes192, it is
// 24 bytes (192 bits).
// Use the async `crypto.scrypt()` instead.
const key = crypto.scryptSync(password, 'salt', 24);
// The IV is usually passed along with the ciphertext.
const iv = Buffer.alloc(16, 0); // Initialization vector.

const decipher = crypto.createDecipheriv(algorithm, key, iv);

let decrypted = '';
decipher.on('readable', () => {
  while (null !== (chunk = decipher.read())) {
    decrypted += chunk.toString('utf8');
  }
});
decipher.on('end', () => {
  console.log(decrypted);
  // Prints: some clear text data
});

// Encrypted with same algorithm, key and iv.
const encrypted =
  'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
decipher.write(encrypted, 'hex');
decipher.end();

Example: Using Decipher and piped streams:

const crypto = require('crypto');
const fs = require('fs');

const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';
// Use the async `crypto.scrypt()` instead.
const key = crypto.scryptSync(password, 'salt', 24);
// The IV is usually passed along with the ciphertext.
const iv = Buffer.alloc(16, 0); // Initialization vector.

const decipher = crypto.createDecipheriv(algorithm, key, iv);

const input = fs.createReadStream('test.enc');
const output = fs.createWriteStream('test.js');

input.pipe(decipher).pipe(output);

Example: Using the decipher.update() and decipher.final() methods:

const crypto = require('crypto');

const algorithm = 'aes-192-cbc';
const password = 'Password used to generate key';
// Use the async `crypto.scrypt()` instead.
const key = crypto.scryptSync(password, 'salt', 24);
// The IV is usually passed along with the ciphertext.
const iv = Buffer.alloc(16, 0); // Initialization vector.

const decipher = crypto.createDecipheriv(algorithm, key, iv);

// Encrypted using same algorithm, key and iv.
const encrypted =
  'e5f79c5915c02171eec6b212d5520d44480993d7d622a7c4c2da32f6efda0ffa';
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
console.log(decrypted);
// Prints: some clear text data

decipher.final([outputEncoding])#

Added in: v0.1.94
  • outputEncoding <string> The encoding of the return value.
  • Returns: <Buffer> | <string> Any remaining deciphered contents. If outputEncoding is specified, a string is returned. If an outputEncoding is not provided, a Buffer is returned.

Once the decipher.final() method has been called, the Decipher object can no longer be used to decrypt data. Attempts to call decipher.final() more than once will result in an error being thrown.

decipher.setAAD(buffer[, options])#

History
VersionChanges
v7.2.0

This method now returns a reference to decipher.

v1.0.0

Added in: v1.0.0

When using an authenticated encryption mode (GCM, CCM and OCB are currently supported), the decipher.setAAD() method sets the value used for the additional authenticated data (AAD) input parameter.

The options argument is optional for GCM. When using CCM, the plaintextLength option must be specified and its value must match the length of the plaintext in bytes. See CCM mode.

The decipher.setAAD() method must be called before decipher.update().

decipher.setAuthTag(buffer)#

History
VersionChanges
v11.0.0

This method now throws if the GCM tag length is invalid.

v7.2.0

This method now returns a reference to decipher.

v1.0.0

Added in: v1.0.0

When using an authenticated encryption mode (GCM, CCM and OCB are currently supported), the decipher.setAuthTag() method is used to pass in the received authentication tag. If no tag is provided, or if the cipher text has been tampered with, decipher.final() will throw, indicating that the cipher text should be discarded due to failed authentication. If the tag length is invalid according to NIST SP 800-38D or does not match the value of the authTagLength option, decipher.setAuthTag() will throw an error.

The decipher.setAuthTag() method must be called before decipher.final() and can only be called once.

decipher.setAutoPadding([autoPadding])#

Added in: v0.7.1

When data has been encrypted without standard block padding, calling decipher.setAutoPadding(false) will disable automatic padding to prevent decipher.final() from checking for and removing padding.

Turning auto padding off will only work if the input data's length is a multiple of the ciphers block size.

The decipher.setAutoPadding() method must be called before decipher.final().

decipher.update(data[, inputEncoding][, outputEncoding])#

History
VersionChanges
v6.0.0

The default inputEncoding changed from binary to utf8.

v0.1.94

Added in: v0.1.94

Updates the decipher with data. If the inputEncoding argument is given, the data argument is a string using the specified encoding. If the inputEncoding argument is not given, data must be a Buffer. If data is a Buffer then inputEncoding is ignored.

The outputEncoding specifies the output format of the enciphered data. If the outputEncoding is specified, a string using the specified encoding is returned. If no outputEncoding is provided, a Buffer is returned.

The decipher.update() method can be called multiple times with new data until decipher.final() is called. Calling decipher.update() after decipher.final() will result in an error being thrown.

Class: DiffieHellman#

Added in: v0.5.0

The DiffieHellman class is a utility for creating Diffie-Hellman key exchanges.

Instances of the DiffieHellman class can be created using the crypto.createDiffieHellman() function.

const crypto = require('crypto');
const assert = require('assert');

// Generate Alice's keys...
const alice = crypto.createDiffieHellman(2048);
const aliceKey = alice.generateKeys();

// Generate Bob's keys...
const bob = crypto.createDiffieHellman(alice.getPrime(), alice.getGenerator());
const bobKey = bob.generateKeys();

// Exchange and generate the secret...
const aliceSecret = alice.computeSecret(bobKey);
const bobSecret = bob.computeSecret(aliceKey);

// OK
assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));

diffieHellman.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])#

Added in: v0.5.0

Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using the specified inputEncoding, and secret is encoded using specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.

If outputEncoding is given a string is returned; otherwise, a Buffer is returned.

diffieHellman.generateKeys([encoding])#

Added in: v0.5.0

Generates private and public Diffie-Hellman key values, and returns the public key in the specified encoding. This key should be transferred to the other party. If encoding is provided a string is returned; otherwise a Buffer is returned.

diffieHellman.getGenerator([encoding])#

Added in: v0.5.0

Returns the Diffie-Hellman generator in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

diffieHellman.getPrime([encoding])#

Added in: v0.5.0

Returns the Diffie-Hellman prime in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

diffieHellman.getPrivateKey([encoding])#

Added in: v0.5.0

Returns the Diffie-Hellman private key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

diffieHellman.getPublicKey([encoding])#

Added in: v0.5.0

Returns the Diffie-Hellman public key in the specified encoding. If encoding is provided a string is returned; otherwise a Buffer is returned.

diffieHellman.setPrivateKey(privateKey[, encoding])#

Added in: v0.5.0

Sets the Diffie-Hellman private key. If the encoding argument is provided, privateKey is expected to be a string. If no encoding is provided, privateKey is expected to be a Buffer, TypedArray, or DataView.

diffieHellman.setPublicKey(publicKey[, encoding])#

Added in: v0.5.0

Sets the Diffie-Hellman public key. If the encoding argument is provided, publicKey is expected to be a string. If no encoding is provided, publicKey is expected to be a Buffer, TypedArray, or DataView.

diffieHellman.verifyError#

Added in: v0.11.12

A bit field containing any warnings and/or errors resulting from a check performed during initialization of the DiffieHellman object.

The following values are valid for this property (as defined in constants module):

  • DH_CHECK_P_NOT_SAFE_PRIME
  • DH_CHECK_P_NOT_PRIME
  • DH_UNABLE_TO_CHECK_GENERATOR
  • DH_NOT_SUITABLE_GENERATOR

Class: DiffieHellmanGroup#

Added in: v0.7.5

The DiffieHellmanGroup class takes a well-known modp group as its argument but otherwise works the same as DiffieHellman.

const name = 'modp1';
const dh = crypto.createDiffieHellmanGroup(name);

name is taken from RFC 2412 (modp1 and 2) and RFC 3526:

$ perl -ne 'print "$1\n" if /"(modp\d+)"/' src/node_crypto_groups.h
modp1  #  768 bits
modp2  # 1024 bits
modp5  # 1536 bits
modp14 # 2048 bits
modp15 # etc.
modp16
modp17
modp18

Class: ECDH#

Added in: v0.11.14

The ECDH class is a utility for creating Elliptic Curve Diffie-Hellman (ECDH) key exchanges.

Instances of the ECDH class can be created using the crypto.createECDH() function.

const crypto = require('crypto');
const assert = require('assert');

// Generate Alice's keys...
const alice = crypto.createECDH('secp521r1');
const aliceKey = alice.generateKeys();

// Generate Bob's keys...
const bob = crypto.createECDH('secp521r1');
const bobKey = bob.generateKeys();

// Exchange and generate the secret...
const aliceSecret = alice.computeSecret(bobKey);
const bobSecret = bob.computeSecret(aliceKey);

assert.strictEqual(aliceSecret.toString('hex'), bobSecret.toString('hex'));
// OK

Class Method: ECDH.convertKey(key, curve[, inputEncoding[, outputEncoding[, format]]])#

Added in: v10.0.0

Converts the EC Diffie-Hellman public key specified by key and curve to the format specified by format. The format argument specifies point encoding and can be 'compressed', 'uncompressed' or 'hybrid'. The supplied key is interpreted using the specified inputEncoding, and the returned key is encoded using the specified outputEncoding.

Use crypto.getCurves() to obtain a list of available curve names. On recent OpenSSL releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve.

If format is not specified the point will be returned in 'uncompressed' format.

If the inputEncoding is not provided, key is expected to be a Buffer, TypedArray, or DataView.

Example (uncompressing a key):

const { createECDH, ECDH } = require('crypto');

const ecdh = createECDH('secp256k1');
ecdh.generateKeys();

const compressedKey = ecdh.getPublicKey('hex', 'compressed');

const uncompressedKey = ECDH.convertKey(compressedKey,
                                        'secp256k1',
                                        'hex',
                                        'hex',
                                        'uncompressed');

// The converted key and the uncompressed public key should be the same
console.log(uncompressedKey === ecdh.getPublicKey('hex'));

ecdh.computeSecret(otherPublicKey[, inputEncoding][, outputEncoding])#

History
VersionChanges
v10.0.0

Changed error format to better support invalid public key error

v6.0.0

The default inputEncoding changed from binary to utf8

v0.11.14

Added in: v0.11.14

Computes the shared secret using otherPublicKey as the other party's public key and returns the computed shared secret. The supplied key is interpreted using specified inputEncoding, and the returned secret is encoded using the specified outputEncoding. If the inputEncoding is not provided, otherPublicKey is expected to be a Buffer, TypedArray, or DataView.

If outputEncoding is given a string will be returned; otherwise a Buffer is returned.

ecdh.computeSecret will throw an ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY error when otherPublicKey lies outside of the elliptic curve. Since otherPublicKey is usually supplied from a remote user over an insecure network, its recommended for developers to handle this exception accordingly.

ecdh.generateKeys([encoding[, format]])#

Added in: v0.11.14

Generates private and public EC Diffie-Hellman key values, and returns the public key in the specified format and encoding. This key should be transferred to the other party.

The format argument specifies point encoding and can be 'compressed' or 'uncompressed'. If format is not specified, the point will be returned in 'uncompressed' format.

If encoding is provided a string is returned; otherwise a Buffer is returned.

ecdh.getPrivateKey([encoding])#

Added in: v0.11.14

If encoding is specified, a string is returned; otherwise a Buffer is returned.

ecdh.getPublicKey([encoding][, format])#

Added in: v0.11.14

The format argument specifies point encoding and can be 'compressed' or 'uncompressed'. If format is not specified the point will be returned in 'uncompressed' format.

If encoding is specified, a string is returned; otherwise a Buffer is returned.

ecdh.setPrivateKey(privateKey[, encoding])#

Added in: v0.11.14

Sets the EC Diffie-Hellman private key. If encoding is provided, privateKey is expected to be a string; otherwise privateKey is expected to be a Buffer, TypedArray, or DataView.

If privateKey is not valid for the curve specified when the ECDH object was created, an error is thrown. Upon setting the private key, the associated public point (key) is also generated and set in the ECDH object.

ecdh.setPublicKey(publicKey[, encoding])#

Added in: v0.11.14Deprecated since: v5.2.0

Stability: 0 - Deprecated

Sets the EC Diffie-Hellman public key. If encoding is provided publicKey is expected to be a string; otherwise a Buffer, TypedArray, or DataView is expected.

There is not normally a reason to call this method because ECDH only requires a private key and the other party's public key to compute the shared secret. Typically either ecdh.generateKeys() or ecdh.setPrivateKey() will be called. The ecdh.setPrivateKey() method attempts to generate the public point/key associated with the private key being set.

Example (obtaining a shared secret):

const crypto = require('crypto');
const alice = crypto.createECDH('secp256k1');
const bob = crypto.createECDH('secp256k1');

// This is a shortcut way of specifying one of Alice's previous private
// keys. It would be unwise to use such a predictable private key in a real
// application.
alice.setPrivateKey(
  crypto.createHash('sha256').update('alice', 'utf8').digest()
);

// Bob uses a newly generated cryptographically strong
// pseudorandom key pair
bob.generateKeys();

const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');

// aliceSecret and bobSecret should be the same shared secret value
console.log(aliceSecret === bobSecret);

Class: Hash#

Added in: v0.1.92

The Hash class is a utility for creating hash digests of data. It can be used in one of two ways:

  • As a stream that is both readable and writable, where data is written to produce a computed hash digest on the readable side, or
  • Using the hash.update() and hash.digest() methods to produce the computed hash.

The crypto.createHash() method is used to create Hash instances. Hash objects are not to be created directly using the new keyword.

Example: Using Hash objects as streams:

const crypto = require('crypto');
const hash = crypto.createHash('sha256');

hash.on('readable', () => {
  // Only one element is going to be produced by the
  // hash stream.
  const data = hash.read();
  if (data) {
    console.log(data.toString('hex'));
    // Prints:
    //   6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50
  }
});

hash.write('some data to hash');
hash.end();

Example: Using Hash and piped streams:

const crypto = require('crypto');
const fs = require('fs');
const hash = crypto.createHash('sha256');

const input = fs.createReadStream('test.js');
input.pipe(hash).pipe(process.stdout);

Example: Using the hash.update() and hash.digest() methods:

const crypto = require('crypto');
const hash = crypto.createHash('sha256');

hash.update('some data to hash');
console.log(hash.digest('hex'));
// Prints:
//   6a2da20943931e9834fc12cfe5bb47bbd9ae43489a30726962b576f4e3993e50

hash.copy([options])#

Added in: v13.1.0

Creates a new Hash object that contains a deep copy of the internal state of the current Hash object.

The optional options argument controls stream behavior. For XOF hash functions such as 'shake256', the outputLength option can be used to specify the desired output length in bytes.

An error is thrown when an attempt is made to copy the Hash object after its hash.digest() method has been called.

// Calculate a rolling hash.
const crypto = require('crypto');
const hash = crypto.createHash('sha256');

hash.update('one');
console.log(hash.copy().digest('hex'));

hash.update('two');
console.log(hash.copy().digest('hex'));

hash.update('three');
console.log(hash.copy().digest('hex'));

// Etc.

hash.digest([encoding])#

Added in: v0.1.92

Calculates the digest of all of the data passed to be hashed (using the hash.update() method). If encoding is provided a string will be returned; otherwise a Buffer is returned.

The Hash object can not be used again after hash.digest() method has been called. Multiple calls will cause an error to be thrown.

hash.update(data[, inputEncoding])#

History
VersionChanges
v6.0.0

The default inputEncoding changed from binary to utf8.

v0.1.92

Added in: v0.1.92

Updates the hash content with the given data, the encoding of which is given in inputEncoding. If encoding is not provided, and the data is a string, an encoding of 'utf8' is enforced. If data is a Buffer, TypedArray, or DataView, then inputEncoding is ignored.

This can be called many times with new data as it is streamed.

Class: Hmac#

Added in: v0.1.94

The Hmac class is a utility for creating cryptographic HMAC digests. It can be used in one of two ways:

  • As a stream that is both readable and writable, where data is written to produce a computed HMAC digest on the readable side, or
  • Using the hmac.update() and hmac.digest() methods to produce the computed HMAC digest.

The crypto.createHmac() method is used to create Hmac instances. Hmac objects are not to be created directly using the new keyword.

Example: Using Hmac objects as streams:

const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', 'a secret');

hmac.on('readable', () => {
  // Only one element is going to be produced by the
  // hash stream.
  const data = hmac.read();
  if (data) {
    console.log(data.toString('hex'));
    // Prints:
    //   7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e
  }
});

hmac.write('some data to hash');
hmac.end();

Example: Using Hmac and piped streams:

const crypto = require('crypto');
const fs = require('fs');
const hmac = crypto.createHmac('sha256', 'a secret');

const input = fs.createReadStream('test.js');
input.pipe(hmac).pipe(process.stdout);

Example: Using the hmac.update() and hmac.digest() methods:

const crypto = require('crypto');
const hmac = crypto.createHmac('sha256', 'a secret');

hmac.update('some data to hash');
console.log(hmac.digest('hex'));
// Prints:
//   7fd04df92f636fd450bc841c9418e5825c17f33ad9c87c518115a45971f7f77e

hmac.digest([encoding])#

Added in: v0.1.94

Calculates the HMAC digest of all of the data passed using hmac.update(). If encoding is provided a string is returned; otherwise a Buffer is returned;

The Hmac object can not be used again after hmac.digest() has been called. Multiple calls to hmac.digest() will result in an error being thrown.

hmac.update(data[, inputEncoding])#

History
VersionChanges
v6.0.0

The default inputEncoding changed from binary to utf8.

v0.1.94

Added in: v0.1.94

Updates the Hmac content with the given data, the encoding of which is given in inputEncoding. If encoding is not provided, and the data is a string, an encoding of 'utf8' is enforced. If data is a Buffer, TypedArray, or DataView, then inputEncoding is ignored.

This can be called many times with new data as it is streamed.

Class: KeyObject#

History
VersionChanges
v11.13.0

This class is now exported.

v11.6.0

Added in: v11.6.0

Node.js uses a KeyObject class to represent a symmetric or asymmetric key, and each kind of key exposes different functions. The crypto.createSecretKey(), crypto.createPublicKey() and crypto.createPrivateKey() methods are used to create KeyObject instances. KeyObject objects are not to be created directly using the new keyword.

Most applications should consider using the new KeyObject API instead of passing keys as strings or Buffers due to improved security features.

keyObject.asymmetricKeyType#

History
VersionChanges
v12.0.0

Added support for 'rsa-pss'

v12.0.0

This property now returns undefined for KeyObject instances of unrecognized type instead of aborting.

v12.0.0

Added support for 'x25519' and 'x448'

v12.0.0

Added support for 'ed25519' and 'ed448'.

v11.6.0

Added in: v11.6.0

For asymmetric keys, this property represents the type of the key. Supported key types are:

  • 'rsa' (OID 1.2.840.113549.1.1.1)
  • 'rsa-pss' (OID 1.2.840.113549.1.1.10)
  • 'dsa' (OID 1.2.840.10040.4.1)
  • 'ec' (OID 1.2.840.10045.2.1)
  • 'x25519' (OID 1.3.101.110)
  • 'x448' (OID 1.3.101.111)
  • 'ed25519' (OID 1.3.101.112)
  • 'ed448' (OID 1.3.101.113)

This property is undefined for unrecognized KeyObject types and symmetric keys.

keyObject.export([options])#

Added in: v11.6.0

For symmetric keys, this function allocates a Buffer containing the key material and ignores any options.

For asymmetric keys, the options parameter is used to determine the export format.

For public keys, the following encoding options can be used:

  • type: <string> Must be one of 'pkcs1' (RSA only) or 'spki'.
  • format: <string> Must be 'pem' or 'der'.

For private keys, the following encoding options can be used:

  • type: <string> Must be one of 'pkcs1' (RSA only), 'pkcs8' or 'sec1' (EC only).
  • format: <string> Must be 'pem' or 'der'.
  • cipher: <string> If specified, the private key will be encrypted with the given cipher and passphrase using PKCS#5 v2.0 password based encryption.
  • passphrase: <string> | <Buffer> The passphrase to use for encryption, see cipher.

When PEM encoding was selected, the result will be a string, otherwise it will be a buffer containing the data encoded as DER.

PKCS#1, SEC1, and PKCS#8 type keys can be encrypted by using a combination of the cipher and format options. The PKCS#8 type can be used with any format to encrypt any key algorithm (RSA, EC, or DH) by specifying a cipher. PKCS#1 and SEC1 can only be encrypted by specifying a cipher when the PEM format is used. For maximum compatibility, use PKCS#8 for encrypted private keys. Since PKCS#8 defines its own encryption mechanism, PEM-level encryption is not supported when encrypting a PKCS#8 key. See RFC 5208 for PKCS#8 encryption and RFC 1421 for PKCS#1 and SEC1 encryption.

keyObject.symmetricKeySize#

Added in: v11.6.0

For secret keys, this property represents the size of the key in bytes. This property is undefined for asymmetric keys.

keyObject.type#

Added in: v11.6.0

Depending on the type of this KeyObject, this property is either 'secret' for secret (symmetric) keys, 'public' for public (asymmetric) keys or 'private' for private (asymmetric) keys.

Class: Sign#

Added in: v0.1.92

The Sign class is a utility for generating signatures. It can be used in one of two ways:

  • As a writable stream, where data to be signed is written and the sign.sign() method is used to generate and return the signature, or
  • Using the sign.update() and sign.sign() methods to produce the signature.

The crypto.createSign() method is used to create Sign instances. The argument is the string name of the hash function to use. Sign objects are not to be created directly using the new keyword.

Example: Using Sign and Verify objects as streams:

const crypto = require('crypto');

const { privateKey, publicKey } = crypto.generateKeyPairSync('ec', {
  namedCurve: 'sect239k1'
});

const sign = crypto.createSign('SHA256');
sign.write('some data to sign');
sign.end();
const signature = sign.sign(privateKey, 'hex');

const verify = crypto.createVerify('SHA256');
verify.write('some data to sign');
verify.end();
console.log(verify.verify(publicKey, signature));
// Prints: true or false

Example: Using the sign.update() and verify.update() methods:

const crypto = require('crypto');

const { privateKey, publicKey } = crypto.generateKeyPairSync('rsa', {
  modulusLength: 2048,
});

const sign = crypto.createSign('SHA256');
sign.update('some data to sign');
sign.end();
const signature = sign.sign(privateKey);

const verify = crypto.createVerify('SHA256');
verify.update('some data to sign');
verify.end();
console.log(verify.verify(publicKey, signature));
// Prints: true

sign.sign(privateKey[, outputEncoding])#

History
VersionChanges
v12.0.0

This function now supports RSA-PSS keys.

v11.6.0

This function now supports key objects.

v8.0.0

Support for RSASSA-PSS and additional options was added.

v0.1.92

Added in: v0.1.92

Calculates the signature on all the data passed through using either sign.update() or sign.write().

If privateKey is not a KeyObject, this function behaves as if privateKey had been passed to crypto.createPrivateKey(). If it is an object, the following additional properties can be passed:

  • padding <integer> Optional padding value for RSA, one of the following:

    • crypto.constants.RSA_PKCS1_PADDING (default)
    • crypto.constants.RSA_PKCS1_PSS_PADDING

    RSA_PKCS1_PSS_PADDING will use MGF1 with the same hash function used to sign the message as specified in section 3.1 of RFC 4055, unless an MGF1 hash function has been specified as part of the key in compliance with section 3.3 of RFC 4055.

  • saltLength <integer> Salt length for when padding is RSA_PKCS1_PSS_PADDING. The special value crypto.constants.RSA_PSS_SALTLEN_DIGEST sets the salt length to the digest size, crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN (default) sets it to the maximum permissible value.

If outputEncoding is provided a string is returned; otherwise a Buffer is returned.

The Sign object can not be again used after sign.sign() method has been called. Multiple calls to sign.sign() will result in an error being thrown.

sign.update(data[, inputEncoding])#

History
VersionChanges
v6.0.0

The default inputEncoding changed from binary to utf8.

v0.1.92

Added in: v0.1.92

Updates the Sign content with the given data, the encoding of which is given in inputEncoding. If encoding is not provided, and the data is a string, an encoding of 'utf8' is enforced. If data is a Buffer, TypedArray, or DataView, then inputEncoding is ignored.

This can be called many times with new data as it is streamed.

Class: Verify#

Added in: v0.1.92

The Verify class is a utility for verifying signatures. It can be used in one of two ways:

The crypto.createVerify() method is used to create Verify instances. Verify objects are not to be created directly using the new keyword.

See Sign for examples.

verify.update(data[, inputEncoding])#

History
VersionChanges
v6.0.0

The default inputEncoding changed from binary to utf8.

v0.1.92

Added in: v0.1.92

Updates the Verify content with the given data, the encoding of which is given in inputEncoding. If inputEncoding is not provided, and the data is a string, an encoding of 'utf8' is enforced. If data is a Buffer, TypedArray, or DataView, then inputEncoding is ignored.

This can be called many times with new data as it is streamed.

verify.verify(object, signature[, signatureEncoding])#

History
VersionChanges
v12.0.0

This function now supports RSA-PSS keys.

v11.7.0

The key can now be a private key.

v8.0.0

Support for RSASSA-PSS and additional options was added.

v0.1.92

Added in: v0.1.92

Verifies the provided data using the given object and signature.

If object is not a KeyObject, this function behaves as if object had been passed to crypto.createPublicKey(). If it is an object, the following additional properties can be passed:

  • padding <integer> Optional padding value for RSA, one of the following:

    • crypto.constants.RSA_PKCS1_PADDING (default)
    • crypto.constants.RSA_PKCS1_PSS_PADDING

    RSA_PKCS1_PSS_PADDING will use MGF1 with the same hash function used to verify the message as specified in section 3.1 of RFC 4055, unless an MGF1 hash function has been specified as part of the key in compliance with section 3.3 of RFC 4055.

  • saltLength <integer> Salt length for when padding is RSA_PKCS1_PSS_PADDING. The special value crypto.constants.RSA_PSS_SALTLEN_DIGEST sets the salt length to the digest size, crypto.constants.RSA_PSS_SALTLEN_AUTO (default) causes it to be determined automatically.

The signature argument is the previously calculated signature for the data, in the signatureEncoding. If a signatureEncoding is specified, the signature is expected to be a string; otherwise signature is expected to be a Buffer, TypedArray, or DataView.

The verify object can not be used again after verify.verify() has been called. Multiple calls to verify.verify() will result in an error being thrown.

Because public keys can be derived from private keys, a private key may be passed instead of a public key.

crypto module methods and properties#

crypto.constants#

Added in: v6.3.0
  • Returns: <Object> An object containing commonly used constants for crypto and security related operations. The specific constants currently defined are described in Crypto Constants.

crypto.DEFAULT_ENCODING#

Added in: v0.9.3Deprecated since: v10.0.0

Stability: 0 - Deprecated

The default encoding to use for functions that can take either strings or buffers. The default value is 'buffer', which makes methods default to Buffer objects.

The crypto.DEFAULT_ENCODING mechanism is provided for backwards compatibility with legacy programs that expect 'latin1' to be the default encoding.

New applications should expect the default to be 'buffer'.

This property is deprecated.

crypto.fips#

Added in: v6.0.0Deprecated since: v10.0.0

Stability: 0 - Deprecated

Property for checking and controlling whether a FIPS compliant crypto provider is currently in use. Setting to true requires a FIPS build of Node.js.

This property is deprecated. Please use crypto.setFips() and crypto.getFips() instead.

crypto.createCipher(algorithm, password[, options])#

History
VersionChanges
v10.10.0

Ciphers in OCB mode are now supported.

v10.2.0

The authTagLength option can now be used to produce shorter authentication tags in GCM mode and defaults to 16 bytes.

v10.0.0

Deprecated since: v10.0.0

v0.1.94

Added in: v0.1.94

Stability: 0 - Deprecated: Use crypto.createCipheriv() instead.

Creates and returns a Cipher object that uses the given algorithm and password.

The options argument controls stream behavior and is optional except when a cipher in CCM or OCB mode is used (e.g. 'aes-128-ccm'). In that case, the authTagLength option is required and specifies the length of the authentication tag in bytes, see CCM mode. In GCM mode, the authTagLength option is not required but can be used to set the length of the authentication tag that will be returned by getAuthTag() and defaults to 16 bytes.

The algorithm is dependent on OpenSSL, examples are 'aes192', etc. On recent OpenSSL releases, openssl list -cipher-algorithms (openssl list-cipher-algorithms for older versions of OpenSSL) will display the available cipher algorithms.

The password is used to derive the cipher key and initialization vector (IV). The value must be either a 'latin1' encoded string, a Buffer, a TypedArray, or a DataView.

The implementation of crypto.createCipher() derives keys using the OpenSSL function EVP_BytesToKey with the digest algorithm set to MD5, one iteration, and no salt. The lack of salt allows dictionary attacks as the same password always creates the same key. The low iteration count and non-cryptographically secure hash algorithm allow passwords to be tested very rapidly.

In line with OpenSSL's recommendation to use a more modern algorithm instead of EVP_BytesToKey it is recommended that developers derive a key and IV on their own using crypto.scrypt() and to use crypto.createCipheriv() to create the Cipher object. Users should not use ciphers with counter mode (e.g. CTR, GCM, or CCM) in crypto.createCipher(). A warning is emitted when they are used in order to avoid the risk of IV reuse that causes vulnerabilities. For the case when IV is reused in GCM, see Nonce-Disrespecting Adversaries for details.

crypto.createCipheriv(algorithm, key, iv[, options])[src]#

History
VersionChanges
v11.6.0

The key argument can now be a KeyObject.

v11.2.0

The cipher chacha20-poly1305 is now supported.

v10.10.0

Ciphers in OCB mode are now supported.

v10.2.0

The authTagLength option can now be used to produce shorter authentication tags in GCM mode and defaults to 16 bytes.

v9.9.0

The iv parameter may now be null for ciphers which do not need an initialization vector.

v0.1.94

Added in: v0.1.94

Creates and returns a Cipher object, with the given algorithm, key and initialization vector (iv).

The options argument controls stream behavior and is optional except when a cipher in CCM or OCB mode is used (e.g. 'aes-128-ccm'). In that case, the authTagLength option is required and specifies the length of the authentication tag in bytes, see CCM mode. In GCM mode, the authTagLength option is not required but can be used to set the length of the authentication tag that will be returned by getAuthTag() and defaults to 16 bytes.

The algorithm is dependent on OpenSSL, examples are 'aes192', etc. On recent OpenSSL releases, openssl list -cipher-algorithms (openssl list-cipher-algorithms for older versions of OpenSSL) will display the available cipher algorithms.

The key is the raw key used by the algorithm and iv is an initialization vector. Both arguments must be 'utf8' encoded strings, Buffers, TypedArray, or DataViews. The key may optionally be a KeyObject of type secret. If the cipher does not need an initialization vector, iv may be null.

Initialization vectors should be unpredictable and unique; ideally, they will be cryptographically random. They do not have to be secret: IVs are typically just added to ciphertext messages unencrypted. It may sound contradictory that something has to be unpredictable and unique, but does not have to be secret; remember that an attacker must not be able to predict ahead of time what a given IV will be.

crypto.createDecipher(algorithm, password[, options])#

History
VersionChanges
v10.10.0

Ciphers in OCB mode are now supported.

v10.0.0

Deprecated since: v10.0.0

v0.1.94

Added in: v0.1.94

Stability: 0 - Deprecated: Use crypto.createDecipheriv() instead.

Creates and returns a Decipher object that uses the given algorithm and password (key).

The options argument controls stream behavior and is optional except when a cipher in CCM or OCB mode is used (e.g. 'aes-128-ccm'). In that case, the authTagLength option is required and specifies the length of the authentication tag in bytes, see CCM mode.

The implementation of crypto.createDecipher() derives keys using the OpenSSL function EVP_BytesToKey with the digest algorithm set to MD5, one iteration, and no salt. The lack of salt allows dictionary attacks as the same password always creates the same key. The low iteration count and non-cryptographically secure hash algorithm allow passwords to be tested very rapidly.

In line with OpenSSL's recommendation to use a more modern algorithm instead of EVP_BytesToKey it is recommended that developers derive a key and IV on their own using crypto.scrypt() and to use crypto.createDecipheriv() to create the Decipher object.

crypto.createDecipheriv(algorithm, key, iv[, options])[src]#

History
VersionChanges
v11.6.0

The key argument can now be a KeyObject.

v11.2.0

The cipher chacha20-poly1305 is now supported.

v10.10.0

Ciphers in OCB mode are now supported.

v10.2.0

The authTagLength option can now be used to restrict accepted GCM authentication tag lengths.

v9.9.0

The iv parameter may now be null for ciphers which do not need an initialization vector.

v0.1.94

Added in: v0.1.94

Creates and returns a Decipher object that uses the given algorithm, key and initialization vector (iv).

The options argument controls stream behavior and is optional except when a cipher in CCM or OCB mode is used (e.g. 'aes-128-ccm'). In that case, the authTagLength option is required and specifies the length of the authentication tag in bytes, see CCM mode. In GCM mode, the authTagLength option is not required but can be used to restrict accepted authentication tags to those with the specified length.

The algorithm is dependent on OpenSSL, examples are 'aes192', etc. On recent OpenSSL releases, openssl list -cipher-algorithms (openssl list-cipher-algorithms for older versions of OpenSSL) will display the available cipher algorithms.

The key is the raw key used by the algorithm and iv is an initialization vector. Both arguments must be 'utf8' encoded strings, Buffers, TypedArray, or DataViews. The key may optionally be a KeyObject of type secret. If the cipher does not need an initialization vector, iv may be null.

Initialization vectors should be unpredictable and unique; ideally, they will be cryptographically random. They do not have to be secret: IVs are typically just added to ciphertext messages unencrypted. It may sound contradictory that something has to be unpredictable and unique, but does not have to be secret; remember that an attacker must not be able to predict ahead of time what a given IV will be.

crypto.createDiffieHellman(prime[, primeEncoding][, generator][, generatorEncoding])[src]#

History
VersionChanges
v8.0.0

The prime argument can be any TypedArray or DataView now.

v8.0.0

The prime argument can be a Uint8Array now.

v6.0.0

The default for the encoding parameters changed from binary to utf8.

v0.11.12

Added in: v0.11.12

Creates a DiffieHellman key exchange object using the supplied prime and an optional specific generator.

The generator argument can be a number, string, or Buffer. If generator is not specified, the value 2 is used.

If primeEncoding is specified, prime is expected to be a string; otherwise a Buffer, TypedArray, or DataView is expected.

If generatorEncoding is specified, generator is expected to be a string; otherwise a number, Buffer, TypedArray, or DataView is expected.

crypto.createDiffieHellman(primeLength[, generator])[src]#

Added in: v0.5.0

Creates a DiffieHellman key exchange object and generates a prime of primeLength bits using an optional specific numeric generator. If generator is not specified, the value 2 is used.

crypto.createDiffieHellmanGroup(name)[src]#

Added in: v0.9.3

An alias for crypto.getDiffieHellman()

crypto.createECDH(curveName)[src]#

Added in: v0.11.14

Creates an Elliptic Curve Diffie-Hellman (ECDH) key exchange object using a predefined curve specified by the curveName string. Use crypto.getCurves() to obtain a list of available curve names. On recent OpenSSL releases, openssl ecparam -list_curves will also display the name and description of each available elliptic curve.

crypto.createHash(algorithm[, options])[src]#

History
VersionChanges
v12.8.0

The outputLength option was added for XOF hash functions.

v0.1.92

Added in: v0.1.92

Creates and returns a Hash object that can be used to generate hash digests using the given algorithm. Optional options argument controls stream behavior. For XOF hash functions such as 'shake256', the outputLength option can be used to specify the desired output length in bytes.

The algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha256', 'sha512', etc. On recent releases of OpenSSL, openssl list -digest-algorithms (openssl list-message-digest-algorithms for older versions of OpenSSL) will display the available digest algorithms.

Example: generating the sha256 sum of a file

const filename = process.argv[2];
const crypto = require('crypto');
const fs = require('fs');

const hash = crypto.createHash('sha256');

const input = fs.createReadStream(filename);
input.on('readable', () => {
  // Only one element is going to be produced by the
  // hash stream.
  const data = input.read();
  if (data)
    hash.update(data);
  else {
    console.log(`${hash.digest('hex')} ${filename}`);
  }
});

crypto.createHmac(algorithm, key[, options])[src]#

History
VersionChanges
v11.6.0

The key argument can now be a KeyObject.

v0.1.94

Added in: v0.1.94

Creates and returns an Hmac object that uses the given algorithm and key. Optional options argument controls stream behavior.

The algorithm is dependent on the available algorithms supported by the version of OpenSSL on the platform. Examples are 'sha256', 'sha512', etc. On recent releases of OpenSSL, openssl list -digest-algorithms (openssl list-message-digest-algorithms for older versions of OpenSSL) will display the available digest algorithms.

The key is the HMAC key used to generate the cryptographic HMAC hash. If it is a KeyObject, its type must be secret.

Example: generating the sha256 HMAC of a file

const filename = process.argv[2];
const crypto = require('crypto');
const fs = require('fs');

const hmac = crypto.createHmac('sha256', 'a secret');

const input = fs.createReadStream(filename);
input.on('readable', () => {
  // Only one element is going to be produced by the
  // hash stream.
  const data = input.read();
  if (data)
    hmac.update(data);
  else {
    console.log(`${hmac.digest('hex')} ${filename}`);
  }
});

crypto.createPrivateKey(key)#

Added in: v11.6.0

Creates and returns a new key object containing a private key. If key is a string or Buffer, format is assumed to be 'pem'; otherwise, key must be an object with the properties described above.

If the private key is encrypted, a passphrase must be specified. The length of the passphrase is limited to 1024 bytes.

crypto.createPublicKey(key)#

History
VersionChanges
v11.13.0

The key argument can now be a KeyObject with type private.

v11.7.0

The key argument can now be a private key.

v11.6.0

Added in: v11.6.0

Creates and returns a new key object containing a public key. If key is a string or Buffer, format is assumed to be 'pem'; if key is a KeyObject with type 'private', the public key is derived from the given private key; otherwise, key must be an object with the properties described above.

If the format is 'pem', the 'key' may also be an X.509 certificate.

Because public keys can be derived from private keys, a private key may be passed instead of a public key. In that case, this function behaves as if crypto.createPrivateKey() had been called, except that the type of the returned KeyObject will be 'public' and that the private key cannot be extracted from the returned KeyObject. Similarly, if a KeyObject with type 'private' is given, a new KeyObject with type 'public' will be returned and it will be impossible to extract the private key from the returned object.

crypto.createSecretKey(key)#

Added in: v11.6.0

Creates and returns a new key object containing a secret key for symmetric encryption or Hmac.

crypto.createSign(algorithm[, options])[src]#

Added in: v0.1.92

Creates and returns a Sign object that uses the given algorithm. Use crypto.getHashes() to obtain the names of the available digest algorithms. Optional options argument controls the stream.Writable behavior.

In some cases, a Sign instance can be created using the name of a signature algorithm, such as 'RSA-SHA256', instead of a digest algorithm. This will use the corresponding digest algorithm. This does not work for all signature algorithms, such as 'ecdsa-with-SHA256', so it is best to always use digest algorithm names.

crypto.createVerify(algorithm[, options])[src]#

Added in: v0.1.92

Creates and returns a Verify object that uses the given algorithm. Use crypto.getHashes() to obtain an array of names of the available signing algorithms. Optional options argument controls the stream.Writable behavior.

In some cases, a Verify instance can be created using the name of a signature algorithm, such as 'RSA-SHA256', instead of a digest algorithm. This will use the corresponding digest algorithm. This does not work for all signature algorithms, such as 'ecdsa-with-SHA256', so it is best to always use digest algorithm names.

crypto.generateKeyPair(type, options, callback)#

History
VersionChanges
v12.0.0

Add ability to generate X25519 and X448 key pairs.

v12.0.0

Add ability to generate Ed25519 and Ed448 key pairs.

v11.6.0

The generateKeyPair and generateKeyPairSync functions now produce key objects if no encoding was specified.

v10.12.0

Added in: v10.12.0

Generates a new asymmetric key pair of the given type. RSA, DSA, EC, Ed25519 and Ed448 are currently supported.

If a publicKeyEncoding or privateKeyEncoding was specified, this function behaves as if keyObject.export() had been called on its result. Otherwise, the respective part of the key is returned as a KeyObject.

It is recommended to encode public keys as 'spki' and private keys as 'pkcs8' with encryption for long-term storage:

const { generateKeyPair } = require('crypto');
generateKeyPair('rsa', {
  modulusLength: 4096,
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem',
    cipher: 'aes-256-cbc',
    passphrase: 'top secret'
  }
}, (err, publicKey, privateKey) => {
  // Handle errors and use the generated key pair.
});

On completion, callback will be called with err set to undefined and publicKey / privateKey representing the generated key pair.

If this method is invoked as its util.promisify()ed version, it returns a Promise for an Object with publicKey and privateKey properties.

crypto.generateKeyPairSync(type, options)#

History
VersionChanges
v12.0.0

Add ability to generate Ed25519 and Ed448 key pairs.

v11.6.0

The generateKeyPair and generateKeyPairSync functions now produce key objects if no encoding was specified.

v10.12.0

Added in: v10.12.0

Generates a new asymmetric key pair of the given type. RSA, DSA, EC, Ed25519 and Ed448 are currently supported.

If a publicKeyEncoding or privateKeyEncoding was specified, this function behaves as if keyObject.export() had been called on its result. Otherwise, the respective part of the key is returned as a KeyObject.

When encoding public keys, it is recommended to use 'spki'. When encoding private keys, it is recommended to use 'pks8' with a strong passphrase, and to keep the passphrase confidential.

const { generateKeyPairSync } = require('crypto');
const { publicKey, privateKey } = generateKeyPairSync('rsa', {
  modulusLength: 4096,
  publicKeyEncoding: {
    type: 'spki',
    format: 'pem'
  },
  privateKeyEncoding: {
    type: 'pkcs8',
    format: 'pem',
    cipher: 'aes-256-cbc',
    passphrase: 'top secret'
  }
});

The return value { publicKey, privateKey } represents the generated key pair. When PEM encoding was selected, the respective key will be a string, otherwise it will be a buffer containing the data encoded as DER.

crypto.getCiphers()#

Added in: v0.9.3
  • Returns: <string[]> An array with the names of the supported cipher algorithms.
const ciphers = crypto.getCiphers();
console.log(ciphers); // ['aes-128-cbc', 'aes-128-ccm', ...]

crypto.getCurves()#

Added in: v2.3.0
  • Returns: <string[]> An array with the names of the supported elliptic curves.
const curves = crypto.getCurves();
console.log(curves); // ['Oakley-EC2N-3', 'Oakley-EC2N-4', ...]

crypto.getDiffieHellman(groupName)#

Added in: v0.7.5

Creates a predefined DiffieHellmanGroup key exchange object. The supported groups are: 'modp1', 'modp2', 'modp5' (defined in RFC 2412, but see Caveats) and 'modp14', 'modp15', 'modp16', 'modp17', 'modp18' (defined in RFC 3526). The returned object mimics the interface of objects created by crypto.createDiffieHellman(), but will not allow changing the keys (with diffieHellman.setPublicKey(), for example). The advantage of using this method is that the parties do not have to generate nor exchange a group modulus beforehand, saving both processor and communication time.

Example (obtaining a shared secret):

const crypto = require('crypto');
const alice = crypto.getDiffieHellman('modp14');
const bob = crypto.getDiffieHellman('modp14');

alice.generateKeys();
bob.generateKeys();

const aliceSecret = alice.computeSecret(bob.getPublicKey(), null, 'hex');
const bobSecret = bob.computeSecret(alice.getPublicKey(), null, 'hex');

/* aliceSecret and bobSecret should be the same */
console.log(aliceSecret === bobSecret);

crypto.getFips()#

Added in: v10.0.0
  • Returns: <boolean> true if and only if a FIPS compliant crypto provider is currently in use.

crypto.getHashes()#

Added in: v0.9.3
  • Returns: <string[]> An array of the names of the supported hash algorithms, such as 'RSA-SHA256'. Hash algorithms are also called "digest" algorithms.
const hashes = crypto.getHashes();
console.log(hashes); // ['DSA', 'DSA-SHA', 'DSA-SHA1', ...]

crypto.pbkdf2(password, salt, iterations, keylen, digest, callback)#

History
VersionChanges
v8.0.0

The digest parameter is always required now.

v6.0.0

Calling this function without passing the digest parameter is deprecated now and will emit a warning.

v6.0.0

The default encoding for password if it is a string changed from binary to utf8.

v0.5.5

Added in: v0.5.5

Provides an asynchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

The supplied callback function is called with two arguments: err and derivedKey. If an error occurs while deriving the key, err will be set; otherwise err will be null. By default, the successfully generated derivedKey will be passed to the callback as a Buffer. An error will be thrown if any of the input arguments specify invalid values or types.

If digest is null, 'sha1' will be used. This behavior is deprecated, please specify a digest explicitly.

The iterations argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.

The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.

const crypto = require('crypto');
crypto.pbkdf2('secret', 'salt', 100000, 64, 'sha512', (err, derivedKey) => {
  if (err) throw err;
  console.log(derivedKey.toString('hex'));  // '3745e48...08d59ae'
});

The crypto.DEFAULT_ENCODING property can be used to change the way the derivedKey is passed to the callback. This property, however, has been deprecated and use should be avoided.

const crypto = require('crypto');
crypto.DEFAULT_ENCODING = 'hex';
crypto.pbkdf2('secret', 'salt', 100000, 512, 'sha512', (err, derivedKey) => {
  if (err) throw err;
  console.log(derivedKey);  // '3745e48...aa39b34'
});

An array of supported digest functions can be retrieved using crypto.getHashes().

This API uses libuv's threadpool, which can have surprising and negative performance implications for some applications; see the UV_THREADPOOL_SIZE documentation for more information.

crypto.pbkdf2Sync(password, salt, iterations, keylen, digest)#

History
VersionChanges
v6.0.0

Calling this function without passing the digest parameter is deprecated now and will emit a warning.

v6.0.0

The default encoding for password if it is a string changed from binary to utf8.

v0.9.3

Added in: v0.9.3

Provides a synchronous Password-Based Key Derivation Function 2 (PBKDF2) implementation. A selected HMAC digest algorithm specified by digest is applied to derive a key of the requested byte length (keylen) from the password, salt and iterations.

If an error occurs an Error will be thrown, otherwise the derived key will be returned as a Buffer.

If digest is null, 'sha1' will be used. This behavior is deprecated, please specify a digest explicitly.

The iterations argument must be a number set as high as possible. The higher the number of iterations, the more secure the derived key will be, but will take a longer amount of time to complete.

The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.

const crypto = require('crypto');
const key = crypto.pbkdf2Sync('secret', 'salt', 100000, 64, 'sha512');
console.log(key.toString('hex'));  // '3745e48...08d59ae'

The crypto.DEFAULT_ENCODING property may be used to change the way the derivedKey is returned. This property, however, is deprecated and use should be avoided.

const crypto = require('crypto');
crypto.DEFAULT_ENCODING = 'hex';
const key = crypto.pbkdf2Sync('secret', 'salt', 100000, 512, 'sha512');
console.log(key);  // '3745e48...aa39b34'

An array of supported digest functions can be retrieved using crypto.getHashes().

crypto.privateDecrypt(privateKey, buffer)#

History
VersionChanges
v12.11.0

The oaepLabel option was added.

v12.9.0

The oaepHash option was added.

v11.6.0

This function now supports key objects.

v0.11.14

Added in: v0.11.14

Decrypts buffer with privateKey. buffer was previously encrypted using the corresponding public key, for example using crypto.publicEncrypt().

If privateKey is not a KeyObject, this function behaves as if privateKey had been passed to crypto.createPrivateKey(). If it is an object, the padding property can be passed. Otherwise, this function uses RSA_PKCS1_OAEP_PADDING.

crypto.privateEncrypt(privateKey, buffer)#

History
VersionChanges
v11.6.0

This function now supports key objects.

v1.1.0

Added in: v1.1.0

Encrypts buffer with privateKey. The returned data can be decrypted using the corresponding public key, for example using crypto.publicDecrypt().

If privateKey is not a KeyObject, this function behaves as if privateKey had been passed to crypto.createPrivateKey(). If it is an object, the padding property can be passed. Otherwise, this function uses RSA_PKCS1_PADDING.

crypto.publicDecrypt(key, buffer)#

History
VersionChanges
v11.6.0

This function now supports key objects.

v1.1.0

Added in: v1.1.0

Decrypts buffer with key.buffer was previously encrypted using the corresponding private key, for example using crypto.privateEncrypt().

If key is not a KeyObject, this function behaves as if key had been passed to crypto.createPublicKey(). If it is an object, the padding property can be passed. Otherwise, this function uses RSA_PKCS1_PADDING.

Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.

crypto.publicEncrypt(key, buffer)#

History
VersionChanges
v12.11.0

The oaepLabel option was added.

v12.9.0

The oaepHash option was added.

v11.6.0

This function now supports key objects.

v0.11.14

Added in: v0.11.14

Encrypts the content of buffer with key and returns a new Buffer with encrypted content. The returned data can be decrypted using the corresponding private key, for example using crypto.privateDecrypt().

If key is not a KeyObject, this function behaves as if key had been passed to crypto.createPublicKey(). If it is an object, the padding property can be passed. Otherwise, this function uses RSA_PKCS1_OAEP_PADDING.

Because RSA public keys can be derived from private keys, a private key may be passed instead of a public key.

crypto.randomBytes(size[, callback])#

History
VersionChanges
v9.0.0

Passing null as the callback argument now throws ERR_INVALID_CALLBACK.

v0.5.8

Added in: v0.5.8

Generates cryptographically strong pseudo-random data. The size argument is a number indicating the number of bytes to generate.

If a callback function is provided, the bytes are generated asynchronously and the callback function is invoked with two arguments: err and buf. If an error occurs, err will be an Error object; otherwise it is null. The buf argument is a Buffer containing the generated bytes.

// Asynchronous
const crypto = require('crypto');
crypto.randomBytes(256, (err, buf) => {
  if (err) throw err;
  console.log(`${buf.length} bytes of random data: ${buf.toString('hex')}`);
});

If the callback function is not provided, the random bytes are generated synchronously and returned as a Buffer. An error will be thrown if there is a problem generating the bytes.

// Synchronous
const buf = crypto.randomBytes(256);
console.log(
  `${buf.length} bytes of random data: ${buf.toString('hex')}`);

The crypto.randomBytes() method will not complete until there is sufficient entropy available. This should normally never take longer than a few milliseconds. The only time when generating the random bytes may conceivably block for a longer period of time is right after boot, when the whole system is still low on entropy.

This API uses libuv's threadpool, which can have surprising and negative performance implications for some applications; see the UV_THREADPOOL_SIZE documentation for more information.

The asynchronous version of crypto.randomBytes() is carried out in a single threadpool request. To minimize threadpool task length variation, partition large randomBytes requests when doing so as part of fulfilling a client request.

crypto.randomFillSync(buffer[, offset][, size])#

History
VersionChanges
v9.0.0

The buffer argument may be any TypedArray or DataView.

v7.10.0, v6.13.0

Added in: v7.10.0, v6.13.0

Synchronous version of crypto.randomFill().

const buf = Buffer.alloc(10);
console.log(crypto.randomFillSync(buf).toString('hex'));

crypto.randomFillSync(buf, 5);
console.log(buf.toString('hex'));

// The above is equivalent to the following:
crypto.randomFillSync(buf, 5, 5);
console.log(buf.toString('hex'));

Any TypedArray or DataView instance may be passed as buffer.

const a = new Uint32Array(10);
console.log(Buffer.from(crypto.randomFillSync(a).buffer,
                        a.byteOffset, a.byteLength).toString('hex'));

const b = new Float64Array(10);
console.log(Buffer.from(crypto.randomFillSync(b).buffer,
                        b.byteOffset, b.byteLength).toString('hex'));

const c = new DataView(new ArrayBuffer(10));
console.log(Buffer.from(crypto.randomFillSync(c).buffer,
                        c.byteOffset, c.byteLength).toString('hex'));

crypto.randomFill(buffer[, offset][, size], callback)#

History
VersionChanges
v9.0.0

The buffer argument may be any TypedArray or DataView.

v7.10.0, v6.13.0

Added in: v7.10.0, v6.13.0

This function is similar to crypto.randomBytes() but requires the first argument to be a Buffer that will be filled. It also requires that a callback is passed in.

If the callback function is not provided, an error will be thrown.

const buf = Buffer.alloc(10);
crypto.randomFill(buf, (err, buf) => {
  if (err) throw err;
  console.log(buf.toString('hex'));
});

crypto.randomFill(buf, 5, (err, buf) => {
  if (err) throw err;
  console.log(buf.toString('hex'));
});

// The above is equivalent to the following:
crypto.randomFill(buf, 5, 5, (err, buf) => {
  if (err) throw err;
  console.log(buf.toString('hex'));
});

Any TypedArray or DataView instance may be passed as buffer.

const a = new Uint32Array(10);
crypto.randomFill(a, (err, buf) => {
  if (err) throw err;
  console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
    .toString('hex'));
});

const b = new Float64Array(10);
crypto.randomFill(b, (err, buf) => {
  if (err) throw err;
  console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
    .toString('hex'));
});

const c = new DataView(new ArrayBuffer(10));
crypto.randomFill(c, (err, buf) => {
  if (err) throw err;
  console.log(Buffer.from(buf.buffer, buf.byteOffset, buf.byteLength)
    .toString('hex'));
});

This API uses libuv's threadpool, which can have surprising and negative performance implications for some applications; see the UV_THREADPOOL_SIZE documentation for more information.

The asynchronous version of crypto.randomFill() is carried out in a single threadpool request. To minimize threadpool task length variation, partition large randomFill requests when doing so as part of fulfilling a client request.

crypto.scrypt(password, salt, keylen[, options], callback)#

History
VersionChanges
v12.8.0

The maxmem value can now be any safe integer.

v10.9.0

The cost, blockSize and parallelization option names have been added.

v10.5.0

Added in: v10.5.0

Provides an asynchronous scrypt implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.

The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.

The callback function is called with two arguments: err and derivedKey. err is an exception object when key derivation fails, otherwise err is null. derivedKey is passed to the callback as a Buffer.

An exception is thrown when any of the input arguments specify invalid values or types.

const crypto = require('crypto');
// Using the factory defaults.
crypto.scrypt('secret', 'salt', 64, (err, derivedKey) => {
  if (err) throw err;
  console.log(derivedKey.toString('hex'));  // '3745e48...08d59ae'
});
// Using a custom N parameter. Must be a power of two.
crypto.scrypt('secret', 'salt', 64, { N: 1024 }, (err, derivedKey) => {
  if (err) throw err;
  console.log(derivedKey.toString('hex'));  // '3745e48...aa39b34'
});

crypto.scryptSync(password, salt, keylen[, options])#

History
VersionChanges
v12.8.0

The maxmem value can now be any safe integer.

v10.9.0

The cost, blockSize and parallelization option names have been added.

v10.5.0

Added in: v10.5.0

Provides a synchronous scrypt implementation. Scrypt is a password-based key derivation function that is designed to be expensive computationally and memory-wise in order to make brute-force attacks unrewarding.

The salt should be as unique as possible. It is recommended that a salt is random and at least 16 bytes long. See NIST SP 800-132 for details.

An exception is thrown when key derivation fails, otherwise the derived key is returned as a Buffer.

An exception is thrown when any of the input arguments specify invalid values or types.

const crypto = require('crypto');
// Using the factory defaults.
const key1 = crypto.scryptSync('secret', 'salt', 64);
console.log(key1.toString('hex'));  // '3745e48...08d59ae'
// Using a custom N parameter. Must be a power of two.
const key2 = crypto.scryptSync('secret', 'salt', 64, { N: 1024 });
console.log(key2.toString('hex'));  // '3745e48...aa39b34'

crypto.setEngine(engine[, flags])#

Added in: v0.11.11

Load and set the engine for some or all OpenSSL functions (selected by flags).

engine could be either an id or a path to the engine's shared library.

The optional flags argument uses ENGINE_METHOD_ALL by default. The flags is a bit field taking one of or a mix of the following flags (defined in crypto.constants):

  • crypto.constants.ENGINE_METHOD_RSA
  • crypto.constants.ENGINE_METHOD_DSA
  • crypto.constants.ENGINE_METHOD_DH
  • crypto.constants.ENGINE_METHOD_RAND
  • crypto.constants.ENGINE_METHOD_EC
  • crypto.constants.ENGINE_METHOD_CIPHERS
  • crypto.constants.ENGINE_METHOD_DIGESTS
  • crypto.constants.ENGINE_METHOD_PKEY_METHS
  • crypto.constants.ENGINE_METHOD_PKEY_ASN1_METHS
  • crypto.constants.ENGINE_METHOD_ALL
  • crypto.constants.ENGINE_METHOD_NONE

The flags below are deprecated in OpenSSL-1.1.0.

  • crypto.constants.ENGINE_METHOD_ECDH
  • crypto.constants.ENGINE_METHOD_ECDSA
  • crypto.constants.ENGINE_METHOD_STORE

crypto.setFips(bool)#

Added in: v10.0.0

Enables the FIPS compliant crypto provider in a FIPS-enabled Node.js build. Throws an error if FIPS mode is not available.

crypto.sign(algorithm, data, key)#

Added in: v12.0.0

Calculates and returns the signature for data using the given private key and algorithm. If algorithm is null or undefined, then the algorithm is dependent upon the key type (especially Ed25519 and Ed448).

If key is not a KeyObject, this function behaves as if key had been passed to crypto.createPrivateKey(). If it is an object, the following additional properties can be passed:

  • padding <integer> Optional padding value for RSA, one of the following:

    • crypto.constants.RSA_PKCS1_PADDING (default)
    • crypto.constants.RSA_PKCS1_PSS_PADDING

    RSA_PKCS1_PSS_PADDING will use MGF1 with the same hash function used to sign the message as specified in section 3.1 of RFC 4055.

  • saltLength <integer> Salt length for when padding is RSA_PKCS1_PSS_PADDING. The special value crypto.constants.RSA_PSS_SALTLEN_DIGEST sets the salt length to the digest size, crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN (default) sets it to the maximum permissible value.

crypto.timingSafeEqual(a, b)#

Added in: v6.6.0

This function is based on a constant-time algorithm. Returns true if a is equal to b, without leaking timing information that would allow an attacker to guess one of the values. This is suitable for comparing HMAC digests or secret values like authentication cookies or capability urls.

a and b must both be Buffers, TypedArrays, or DataViews, and they must have the same length.

Use of crypto.timingSafeEqual does not guarantee that the surrounding code is timing-safe. Care should be taken to ensure that the surrounding code does not introduce timing vulnerabilities.

crypto.verify(algorithm, data, key, signature)#

Added in: v12.0.0

Verifies the given signature for data using the given key and algorithm. If algorithm is null or undefined, then the algorithm is dependent upon the key type (especially Ed25519 and Ed448).

If key is not a KeyObject, this function behaves as if key had been passed to crypto.createPublicKey(). If it is an object, the following additional properties can be passed:

  • padding <integer> Optional padding value for RSA, one of the following:

    • crypto.constants.RSA_PKCS1_PADDING (default)
    • crypto.constants.RSA_PKCS1_PSS_PADDING

    RSA_PKCS1_PSS_PADDING will use MGF1 with the same hash function used to sign the message as specified in section 3.1 of RFC 4055.

  • saltLength <integer> Salt length for when padding is RSA_PKCS1_PSS_PADDING. The special value crypto.constants.RSA_PSS_SALTLEN_DIGEST sets the salt length to the digest size, crypto.constants.RSA_PSS_SALTLEN_MAX_SIGN (default) sets it to the maximum permissible value.

The signature argument is the previously calculated signature for the data.

Because public keys can be derived from private keys, a private key or a public key may be passed for key.

Notes#

Legacy Streams API (pre Node.js v0.10)#

The Crypto module was added to Node.js before there was the concept of a unified Stream API, and before there were Buffer objects for handling binary data. As such, the many of the crypto defined classes have methods not typically found on other Node.js classes that implement the streams API (e.g. update(), final(), or digest()). Also, many methods accepted and returned 'latin1' encoded strings by default rather than Buffers. This default was changed after Node.js v0.8 to use Buffer objects by default instead.

Recent ECDH Changes#

Usage of ECDH with non-dynamically generated key pairs has been simplified. Now, ecdh.setPrivateKey() can be called with a preselected private key and the associated public point (key) will be computed and stored in the object. This allows code to only store and provide the private part of the EC key pair. ecdh.setPrivateKey() now also validates that the private key is valid for the selected curve.

The ecdh.setPublicKey() method is now deprecated as its inclusion in the API is not useful. Either a previously stored private key should be set, which automatically generates the associated public key, or ecdh.generateKeys() should be called. The main drawback of using ecdh.setPublicKey() is that it can be used to put the ECDH key pair into an inconsistent state.

Support for weak or compromised algorithms#

The crypto module still supports some algorithms which are already compromised and are not currently recommended for use. The API also allows the use of ciphers and hashes with a small key size that are too weak for safe use.

Users should take full responsibility for selecting the crypto algorithm and key size according to their security requirements.

Based on the recommendations of NIST SP 800-131A:

  • MD5 and SHA-1 are no longer acceptable where collision resistance is required such as digital signatures.
  • The key used with RSA, DSA, and DH algorithms is recommended to have at least 2048 bits and that of the curve of ECDSA and ECDH at least 224 bits, to be safe to use for several years.
  • The DH groups of modp1, modp2 and modp5 have a key size smaller than 2048 bits and are not recommended.

See the reference for other recommendations and details.

CCM mode#

CCM is one of the supported AEAD algorithms. Applications which use this mode must adhere to certain restrictions when using the cipher API:

  • The authentication tag length must be specified during cipher creation by setting the authTagLength option and must be one of 4, 6, 8, 10, 12, 14 or 16 bytes.
  • The length of the initialization vector (nonce) N must be between 7 and 13 bytes (7 ≤ N ≤ 13).
  • The length of the plaintext is limited to 2 ** (8 * (15 - N)) bytes.
  • When decrypting, the authentication tag must be set via setAuthTag() before calling update(). Otherwise, decryption will fail and final() will throw an error in compliance with section 2.6 of RFC 3610.
  • Using stream methods such as write(data), end(data) or pipe() in CCM mode might fail as CCM cannot handle more than one chunk of data per instance.
  • When passing additional authenticated data (AAD), the length of the actual message in bytes must be passed to setAAD() via the plaintextLength option. This is not necessary if no AAD is used.
  • As CCM processes the whole message at once, update() can only be called once.
  • Even though calling update() is sufficient to encrypt/decrypt the message, applications must call final() to compute or verify the authentication tag.
const crypto = require('crypto');

const key = 'keykeykeykeykeykeykeykey';
const nonce = crypto.randomBytes(12);

const aad = Buffer.from('0123456789', 'hex');

const cipher = crypto.createCipheriv('aes-192-ccm', key, nonce, {
  authTagLength: 16
});
const plaintext = 'Hello world';
cipher.setAAD(aad, {
  plaintextLength: Buffer.byteLength(plaintext)
});
const ciphertext = cipher.update(plaintext, 'utf8');
cipher.final();
const tag = cipher.getAuthTag();

// Now transmit { ciphertext, nonce, tag }.

const decipher = crypto.createDecipheriv('aes-192-ccm', key, nonce, {
  authTagLength: 16
});
decipher.setAuthTag(tag);
decipher.setAAD(aad, {
  plaintextLength: ciphertext.length
});
const receivedPlaintext = decipher.update(ciphertext, null, 'utf8');

try {
  decipher.final();
} catch (err) {
  console.error('Authentication failed!');
  return;
}

console.log(receivedPlaintext);

Crypto Constants#

The following constants exported by crypto.constants apply to various uses of the crypto, tls, and https modules and are generally specific to OpenSSL.

OpenSSL Options#

Constant Description
SSL_OP_ALL Applies multiple bug workarounds within OpenSSL. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html for detail.
SSL_OP_ALLOW_UNSAFE_LEGACY_RENEGOTIATION Allows legacy insecure renegotiation between OpenSSL and unpatched clients or servers. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
SSL_OP_CIPHER_SERVER_PREFERENCE Attempts to use the server's preferences instead of the client's when selecting a cipher. Behavior depends on protocol version. See https://www.openssl.org/docs/man1.0.2/ssl/SSL_CTX_set_options.html.
SSL_OP_CISCO_ANYCONNECT Instructs OpenSSL to use Cisco's "speshul" version of DTLS_BAD_VER.
SSL_OP_COOKIE_EXCHANGE Instructs OpenSSL to turn on cookie exchange.
SSL_OP_CRYPTOPRO_TLSEXT_BUG Instructs OpenSSL to add server-hello extension from an early version of the cryptopro draft.
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS Instructs OpenSSL to disable a SSL 3.0/TLS 1.0 vulnerability workaround added in OpenSSL 0.9.6d.
SSL_OP_EPHEMERAL_RSA Instructs OpenSSL to always use the tmp_rsa key when performing RSA operations.
SSL_OP_LEGACY_SERVER_CONNECT Allows initial connection to servers that do not support RI.
SSL_OP_MICROSOFT_BIG_SSLV3_BUFFER
SSL_OP_MICROSOFT_SESS_ID_BUG
SSL_OP_MSIE_SSLV2_RSA_PADDING Instructs OpenSSL to disable the workaround for a man-in-the-middle protocol-version vulnerability in the SSL 2.0 server implementation.
SSL_OP_NETSCAPE_CA_DN_BUG
SSL_OP_NETSCAPE_CHALLENGE_BUG
SSL_OP_NETSCAPE_DEMO_CIPHER_CHANGE_BUG
SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG
SSL_OP_NO_COMPRESSION Instructs OpenSSL to disable support for SSL/TLS compression.
SSL_OP_NO_QUERY_MTU
SSL_OP_NO_SESSION_RESUMPTION_ON_RENEGOTIATION Instructs OpenSSL to always start a new session when performing renegotiation.
SSL_OP_NO_SSLv2 Instructs OpenSSL to turn off SSL v2
SSL_OP_NO_SSLv3 Instructs OpenSSL to turn off SSL v3
SSL_OP_NO_TICKET Instructs OpenSSL to disable use of RFC4507bis tickets.
SSL_OP_NO_TLSv1 Instructs OpenSSL to turn off TLS v1
SSL_OP_NO_TLSv1_1 Instructs OpenSSL to turn off TLS v1.1
SSL_OP_NO_TLSv1_2 Instructs OpenSSL to turn off TLS v1.2
SSL_OP_PKCS1_CHECK_1
SSL_OP_PKCS1_CHECK_2
SSL_OP_SINGLE_DH_USE Instructs OpenSSL to always create a new key when using temporary/ephemeral DH parameters.
SSL_OP_SINGLE_ECDH_USE Instructs OpenSSL to always create a new key when using temporary/ephemeral ECDH parameters.
SSL_OP_SSLEAY_080_CLIENT_DH_BUG
SSL_OP_SSLREF2_REUSE_CERT_TYPE_BUG
SSL_OP_TLS_BLOCK_PADDING_BUG
SSL_OP_TLS_D5_BUG
SSL_OP_TLS_ROLLBACK_BUG Instructs OpenSSL to disable version rollback attack detection.

OpenSSL Engine Constants#

Constant Description
ENGINE_METHOD_RSA Limit engine usage to RSA
ENGINE_METHOD_DSA Limit engine usage to DSA
ENGINE_METHOD_DH Limit engine usage to DH
ENGINE_METHOD_RAND Limit engine usage to RAND
ENGINE_METHOD_EC Limit engine usage to EC
ENGINE_METHOD_CIPHERS Limit engine usage to CIPHERS
ENGINE_METHOD_DIGESTS Limit engine usage to DIGESTS
ENGINE_METHOD_PKEY_METHS Limit engine usage to PKEY_METHDS
ENGINE_METHOD_PKEY_ASN1_METHS Limit engine usage to PKEY_ASN1_METHS
ENGINE_METHOD_ALL
ENGINE_METHOD_NONE

Other OpenSSL Constants#

Constant Description
DH_CHECK_P_NOT_SAFE_PRIME
DH_CHECK_P_NOT_PRIME
DH_UNABLE_TO_CHECK_GENERATOR
DH_NOT_SUITABLE_GENERATOR
ALPN_ENABLED
RSA_PKCS1_PADDING
RSA_SSLV23_PADDING
RSA_NO_PADDING
RSA_PKCS1_OAEP_PADDING
RSA_X931_PADDING
RSA_PKCS1_PSS_PADDING
RSA_PSS_SALTLEN_DIGEST Sets the salt length for RSA_PKCS1_PSS_PADDING to the digest size when signing or verifying.
RSA_PSS_SALTLEN_MAX_SIGN Sets the salt length for RSA_PKCS1_PSS_PADDING to the maximum permissible value when signing data.
RSA_PSS_SALTLEN_AUTO Causes the salt length for RSA_PKCS1_PSS_PADDING to be determined automatically when verifying a signature.
POINT_CONVERSION_COMPRESSED
POINT_CONVERSION_UNCOMPRESSED
POINT_CONVERSION_HYBRID

Node.js Crypto Constants#

Constant Description
defaultCoreCipherList Specifies the built-in default cipher list used by Node.js.
defaultCipherList Specifies the active default cipher list used by the current Node.js process.

Debugger#

Stability: 2 - Stable

Node.js includes an out-of-process debugging utility accessible via a V8 Inspector and built-in debugging client. To use it, start Node.js with the inspect argument followed by the path to the script to debug; a prompt will be displayed indicating successful launch of the debugger:

$ node inspect myscript.js
< Debugger listening on ws://127.0.0.1:9229/80e7a814-7cd3-49fb-921a-2e02228cd5ba
< For help, see: https://nodejs.org/en/docs/inspector
< Debugger attached.
Break on start in myscript.js:1
> 1 (function (exports, require, module, __filename, __dirname) { global.x = 5;
  2 setTimeout(() => {
  3   console.log('world');
debug>

Node.js's debugger client is not a full-featured debugger, but simple step and inspection are possible.

Inserting the statement debugger; into the source code of a script will enable a breakpoint at that position in the code:

// myscript.js
global.x = 5;
setTimeout(() => {
  debugger;
  console.log('world');
}, 1000);
console.log('hello');

Once the debugger is run, a breakpoint will occur at line 3:

$ node inspect myscript.js
< Debugger listening on ws://127.0.0.1:9229/80e7a814-7cd3-49fb-921a-2e02228cd5ba
< For help, see: https://nodejs.org/en/docs/inspector
< Debugger attached.
Break on start in myscript.js:1
> 1 (function (exports, require, module, __filename, __dirname) { global.x = 5;
  2 setTimeout(() => {
  3   debugger;
debug> cont
< hello
break in myscript.js:3
  1 (function (exports, require, module, __filename, __dirname) { global.x = 5;
  2 setTimeout(() => {
> 3   debugger;
  4   console.log('world');
  5 }, 1000);
debug> next
break in myscript.js:4
  2 setTimeout(() => {
  3   debugger;
> 4   console.log('world');
  5 }, 1000);
  6 console.log('hello');
debug> repl
Press Ctrl + C to leave debug repl
> x
5
> 2 + 2
4
debug> next
< world
break in myscript.js:5
  3   debugger;
  4   console.log('world');
> 5 }, 1000);
  6 console.log('hello');
  7
debug> .exit

The repl command allows code to be evaluated remotely. The next command steps to the next line. Type help to see what other commands are available.

Pressing enter without typing a command will repeat the previous debugger command.

Watchers#

It is possible to watch expression and variable values while debugging. On every breakpoint, each expression from the watchers list will be evaluated in the current context and displayed immediately before the breakpoint's source code listing.

To begin watching an expression, type watch('my_expression'). The command watchers will print the active watchers. To remove a watcher, type unwatch('my_expression').

Command reference#

Stepping#

  • cont, c: Continue execution
  • next, n: Step next
  • step, s: Step in
  • out, o: Step out
  • pause: Pause running code (like pause button in Developer Tools)

Breakpoints#

  • setBreakpoint(), sb(): Set breakpoint on current line
  • setBreakpoint(line), sb(line): Set breakpoint on specific line
  • setBreakpoint('fn()'), sb(...): Set breakpoint on a first statement in functions body
  • setBreakpoint('script.js', 1), sb(...): Set breakpoint on first line of script.js
  • clearBreakpoint('script.js', 1), cb(...): Clear breakpoint in script.js on line 1

It is also possible to set a breakpoint in a file (module) that is not loaded yet:

$ node inspect main.js
< Debugger listening on ws://127.0.0.1:9229/4e3db158-9791-4274-8909-914f7facf3bd
< For help, see: https://nodejs.org/en/docs/inspector
< Debugger attached.
Break on start in main.js:1
> 1 (function (exports, require, module, __filename, __dirname) { const mod = require('./mod.js');
  2 mod.hello();
  3 mod.hello();
debug> setBreakpoint('mod.js', 22)
Warning: script 'mod.js' was not loaded yet.
debug> c
break in mod.js:22
 20 // USE OR OTHER DEALINGS IN THE SOFTWARE.
 21
>22 exports.hello = function() {
 23   return 'hello from module';
 24 };
debug>

Information#

  • backtrace, bt: Print backtrace of current execution frame
  • list(5): List scripts source code with 5 line context (5 lines before and after)
  • watch(expr): Add expression to watch list
  • unwatch(expr): Remove expression from watch list
  • watchers: List all watchers and their values (automatically listed on each breakpoint)
  • repl: Open debugger's repl for evaluation in debugging script's context
  • exec expr: Execute an expression in debugging script's context

Execution control#

  • run: Run script (automatically runs on debugger's start)
  • restart: Restart script
  • kill: Kill script

Various#

  • scripts: List all loaded scripts
  • version: Display V8's version

Advanced Usage#

V8 Inspector Integration for Node.js#

V8 Inspector integration allows attaching Chrome DevTools to Node.js instances for debugging and profiling. It uses the Chrome DevTools Protocol.

V8 Inspector can be enabled by passing the --inspect flag when starting a Node.js application. It is also possible to supply a custom port with that flag, e.g. --inspect=9222 will accept DevTools connections on port 9222.

To break on the first line of the application code, pass the --inspect-brk flag instead of --inspect.

$ node --inspect index.js
Debugger listening on 127.0.0.1:9229.
To start debugging, open the following URL in Chrome:
    chrome-devtools://devtools/bundled/js_app.html?experiments=true&v8only=true&ws=127.0.0.1:9229/dc9010dd-f8b8-4ac5-a510-c1a114ec7d29

(In the example above, the UUID dc9010dd-f8b8-4ac5-a510-c1a114ec7d29 at the end of the URL is generated on the fly, it varies in different debugging sessions.)

If the Chrome browser is older than 66.0.3345.0, use inspector.html instead of js_app.html in the above URL.

Deprecated APIs#

Node.js may deprecate APIs for any of the following reasons:

  • Use of the API is unsafe.
  • An improved alternative API is available.
  • Breaking changes to the API are expected in a future major release.

Node.js utilizes three kinds of Deprecations:

  • Documentation-only
  • Runtime
  • End-of-Life

A Documentation-only deprecation is one that is expressed only within the Node.js API docs. These generate no side-effects while running Node.js. Some Documentation-only deprecations trigger a runtime warning when launched with --pending-deprecation flag (or its alternative, NODE_PENDING_DEPRECATION=1 environment variable), similarly to Runtime deprecations below. Documentation-only deprecations that support that flag are explicitly labeled as such in the list of Deprecated APIs.

A Runtime deprecation will, by default, generate a process warning that will be printed to stderr the first time the deprecated API is used. When the --throw-deprecation command-line flag is used, a Runtime deprecation will cause an error to be thrown.

An End-of-Life deprecation is used when functionality is or will soon be removed from Node.js.

Revoking deprecations#

Occasionally, the deprecation of an API may be reversed. In such situations, this document will be updated with information relevant to the decision. However, the deprecation identifier will not be modified.

List of Deprecated APIs#

DEP0001: http.OutgoingMessage.prototype.flush#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v1.6.0

Runtime deprecation.

Type: Runtime

The OutgoingMessage.prototype.flush() method is deprecated. Use OutgoingMessage.prototype.flushHeaders() instead.

DEP0002: require('_linklist')#

History
VersionChanges
v8.0.0

End-of-Life.

v6.12.0

A deprecation code has been assigned.

v5.0.0

Runtime deprecation.

Type: End-of-Life

The _linklist module is deprecated. Please use a userland alternative.

DEP0003: _writableState.buffer#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.15

Runtime deprecation.

Type: Runtime

The _writableState.buffer property is deprecated. Use the _writableState.getBuffer() method instead.

DEP0004: CryptoStream.prototype.readyState#

History
VersionChanges
v10.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

0.4.0

Documentation-only deprecation.

Type: End-of-Life

The CryptoStream.prototype.readyState property was removed.

DEP0005: Buffer() constructor#

History
VersionChanges
v10.0.0

Runtime deprecation.

v6.12.0

A deprecation code has been assigned.

v6.0.0

Documentation-only deprecation.

Type: Runtime (supports --pending-deprecation)

The Buffer() function and new Buffer() constructor are deprecated due to API usability issues that can lead to accidental security issues.

As an alternative, use one of the following methods of constructing Buffer objects:

Without --pending-deprecation, runtime warnings occur only for code not in node_modules. This means there will not be deprecation warnings for Buffer() usage in dependencies. With --pending-deprecation, a runtime warning results no matter where the Buffer() usage occurs.

DEP0006: child_process options.customFds#

History
VersionChanges
v12.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.14

Runtime deprecation.

v0.5.11

Documentation-only deprecation.

Type: End-of-Life

Within the child_process module's spawn(), fork(), and exec() methods, the options.customFds option is deprecated. The options.stdio option should be used instead.

DEP0007: Replace cluster worker.suicide with worker.exitedAfterDisconnect#

History
VersionChanges
v9.0.0

End-of-Life.

v7.0.0

Runtime deprecation.

v6.12.0

A deprecation code has been assigned.

v6.0.0

Documentation-only deprecation.

Type: End-of-Life

In an earlier version of the Node.js cluster, a boolean property with the name suicide was added to the Worker object. The intent of this property was to provide an indication of how and why the Worker instance exited. In Node.js 6.0.0, the old property was deprecated and replaced with a new worker.exitedAfterDisconnect property. The old property name did not precisely describe the actual semantics and was unnecessarily emotion-laden.

DEP0008: require('constants')#

History
VersionChanges
v6.12.0

A deprecation code has been assigned.

v6.3.0

Documentation-only deprecation.

Type: Documentation-only

The constants module is deprecated. When requiring access to constants relevant to specific Node.js builtin modules, developers should instead refer to the constants property exposed by the relevant module. For instance, require('fs').constants and require('os').constants.

DEP0009: crypto.pbkdf2 without digest#

History
VersionChanges
v11.0.0

Runtime deprecation (for digest === null).

v8.0.0

End-of-Life (for digest === undefined).

v6.12.0

A deprecation code has been assigned.

v6.0.0

Runtime deprecation (for digest === undefined).

Type: Runtime

Use of the crypto.pbkdf2() API without specifying a digest was deprecated in Node.js 6.0 because the method defaulted to using the non-recommended 'SHA1' digest. Previously, a deprecation warning was printed. Starting in Node.js 8.0.0, calling crypto.pbkdf2() or crypto.pbkdf2Sync() with digest set to undefined will throw a TypeError.

Beginning in Node.js v11.0.0, calling these functions with digest set to null will print a deprecation warning to align with the behavior when digest is undefined.

DEP0010: crypto.createCredentials#

History
VersionChanges
v11.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.13

Runtime deprecation.

Type: End-of-Life

The crypto.createCredentials() API was removed. Please use tls.createSecureContext() instead.

DEP0011: crypto.Credentials#

History
VersionChanges
v11.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.13

Runtime deprecation.

Type: End-of-Life

The crypto.Credentials class was removed. Please use tls.SecureContext instead.

DEP0012: Domain.dispose#

History
VersionChanges
v9.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.7

Runtime deprecation.

Type: End-of-Life

Domain.dispose() has been removed. Recover from failed I/O actions explicitly via error event handlers set on the domain instead.

DEP0013: fs asynchronous function without callback#

History
VersionChanges
v10.0.0

End-of-Life.

v7.0.0

Runtime deprecation.

Type: End-of-Life

Calling an asynchronous function without a callback throws a TypeError in Node.js 10.0.0 onwards. See https://github.com/nodejs/node/pull/12562.

DEP0014: fs.read legacy String interface#

History
VersionChanges
v8.0.0

End-of-Life.

v6.0.0

Runtime deprecation.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.1.96

Documentation-only deprecation.

Type: End-of-Life

The fs.read() legacy String interface is deprecated. Use the Buffer API as mentioned in the documentation instead.

DEP0015: fs.readSync legacy String interface#

History
VersionChanges
v8.0.0

End-of-Life.

v6.0.0

Runtime deprecation.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.1.96

Documentation-only deprecation.

Type: End-of-Life

The fs.readSync() legacy String interface is deprecated. Use the Buffer API as mentioned in the documentation instead.

DEP0016: GLOBAL/root#

History
VersionChanges
v6.12.0

A deprecation code has been assigned.

v6.0.0

Runtime deprecation.

Type: Runtime

The GLOBAL and root aliases for the global property are deprecated and should no longer be used.

DEP0017: Intl.v8BreakIterator#

History
VersionChanges
v9.0.0

End-of-Life.

v7.0.0

Runtime deprecation.

Type: End-of-Life

Intl.v8BreakIterator was a non-standard extension and has been removed. See Intl.Segmenter.

DEP0018: Unhandled promise rejections#

History
VersionChanges
v7.0.0

Runtime deprecation.

Type: Runtime

Unhandled promise rejections are deprecated. In the future, promise rejections that are not handled will terminate the Node.js process with a non-zero exit code.

DEP0019: require('.') resolved outside directory#

History
VersionChanges
v12.0.0

Removed functionality.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v1.8.1

Runtime deprecation.

Type: End-of-Life

In certain cases, require('.') could resolve outside the package directory. This behavior has been removed.

DEP0020: Server.connections#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.9.7

Runtime deprecation.

Type: Runtime

The Server.connections property is deprecated. Please use the Server.getConnections() method instead.

DEP0021: Server.listenFD#

History
VersionChanges
v12.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.7.12

Runtime deprecation.

Type: End-of-Life

The Server.listenFD() method was deprecated and removed. Please use Server.listen({fd: <number>}) instead.

DEP0022: os.tmpDir()#

History
VersionChanges
v7.0.0

Runtime deprecation.

Type: Runtime

The os.tmpDir() API is deprecated. Please use os.tmpdir() instead.

DEP0023: os.getNetworkInterfaces()#

History
VersionChanges
v12.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.6.0

Runtime deprecation.

Type: End-of-Life

The os.getNetworkInterfaces() method is deprecated. Please use the os.networkInterfaces() method instead.

DEP0024: REPLServer.prototype.convertToContext()#

History
VersionChanges
v9.0.0

End-of-Life.

v7.0.0

Runtime deprecation.

Type: End-of-Life

The REPLServer.prototype.convertToContext() API has been removed.

DEP0025: require('sys')#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v1.0.0

Runtime deprecation.

Type: Runtime

The sys module is deprecated. Please use the util module instead.

DEP0026: util.print()#

History
VersionChanges
v12.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.3

Runtime deprecation.

Type: End-of-Life

util.print() has been removed. Please use console.log() instead.

DEP0027: util.puts()#

History
VersionChanges
v12.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.3

Runtime deprecation.

Type: End-of-Life

util.puts() has been removed. Please use console.log() instead.

DEP0028: util.debug()#

History
VersionChanges
v12.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.3

Runtime deprecation.

Type: End-of-Life

util.debug() has been removed. Please use console.error() instead.

DEP0029: util.error()#

History
VersionChanges
v12.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.3

Runtime deprecation.

Type: End-of-Life

util.error() has been removed. Please use console.error() instead.

DEP0030: SlowBuffer#

History
VersionChanges
v6.12.0

A deprecation code has been assigned.

v6.0.0

Documentation-only deprecation.

Type: Documentation-only

The SlowBuffer class is deprecated. Please use Buffer.allocUnsafeSlow(size) instead.

DEP0031: ecdh.setPublicKey()#

History
VersionChanges
v6.12.0

A deprecation code has been assigned.

v5.2.0

Documentation-only deprecation.

Type: Documentation-only

The ecdh.setPublicKey() method is now deprecated as its inclusion in the API is not useful.

DEP0032: domain module#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v1.4.2

Documentation-only deprecation.

Type: Documentation-only

The domain module is deprecated and should not be used.

DEP0033: EventEmitter.listenerCount()#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.2.0

Documentation-only deprecation.

Type: Documentation-only

The EventEmitter.listenerCount(emitter, eventName) API is deprecated. Please use emitter.listenerCount(eventName) instead.

DEP0034: fs.exists(path, callback)[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v1.0.0

Documentation-only deprecation.

Type: Documentation-only

The fs.exists(path, callback) API is deprecated. Please use fs.stat() or fs.access() instead.

DEP0035: fs.lchmod(path, mode, callback)#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.4.7

Documentation-only deprecation.

Type: Documentation-only

The fs.lchmod(path, mode, callback) API is deprecated.

DEP0036: fs.lchmodSync(path, mode)#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.4.7

Documentation-only deprecation.

Type: Documentation-only

The fs.lchmodSync(path, mode) API is deprecated.

DEP0037: fs.lchown(path, uid, gid, callback)[src]#

History
VersionChanges
v10.6.0

Deprecation revoked.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.4.7

Documentation-only deprecation.

Type: Deprecation revoked

The fs.lchown(path, uid, gid, callback) API was deprecated. The deprecation was revoked because the requisite supporting APIs were added in libuv.

DEP0038: fs.lchownSync(path, uid, gid)[src]#

History
VersionChanges
v10.6.0

Deprecation revoked.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.4.7

Documentation-only deprecation.

Type: Deprecation revoked

The fs.lchownSync(path, uid, gid) API was deprecated. The deprecation was revoked because the requisite supporting APIs were added in libuv.

DEP0039: require.extensions#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.10.6

Documentation-only deprecation.

Type: Documentation-only

The require.extensions property is deprecated.

DEP0040: punycode module#

History
VersionChanges
v7.0.0

Documentation-only deprecation.

Type: Documentation-only

The punycode module is deprecated. Please use a userland alternative instead.

DEP0041: NODE_REPL_HISTORY_FILE environment variable#

History
VersionChanges
v10.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.0.0

Documentation-only deprecation.

Type: End-of-Life

The NODE_REPL_HISTORY_FILE environment variable was removed. Please use NODE_REPL_HISTORY instead.

DEP0042: tls.CryptoStream#

History
VersionChanges
v10.0.0

End-of-Life.

v4.8.6, v6.12.0

A deprecation code has been assigned.

v0.11.3

Documentation-only deprecation.

Type: End-of-Life

The tls.CryptoStream class was removed. Please use tls.TLSSocket instead.

DEP0043: tls.SecurePair#

History
VersionChanges
v8.0.0

Runtime deprecation.

v6.12.0

A deprecation code has been assigned.

v6.0.0

Documentation-only deprecation.

v0.11.15

Deprecation revoked.

v0.11.3

Runtime deprecation.

Type: Documentation-only

The tls.SecurePair class is deprecated. Please use tls.TLSSocket instead.

DEP0044: util.isArray()#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isArray() API is deprecated. Please use Array.isArray() instead.

DEP0045: util.isBoolean()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isBoolean() API is deprecated.

DEP0046: util.isBuffer()#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isBuffer() API is deprecated. Please use Buffer.isBuffer() instead.

DEP0047: util.isDate()#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isDate() API is deprecated.

DEP0048: util.isError()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isError() API is deprecated.

DEP0049: util.isFunction()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isFunction() API is deprecated.

DEP0050: util.isNull()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isNull() API is deprecated.

DEP0051: util.isNullOrUndefined()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isNullOrUndefined() API is deprecated.

DEP0052: util.isNumber()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isNumber() API is deprecated.

DEP0053 util.isObject()#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isObject() API is deprecated.

DEP0054: util.isPrimitive()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isPrimitive() API is deprecated.

DEP0055: util.isRegExp()#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isRegExp() API is deprecated.

DEP0056: util.isString()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isString() API is deprecated.

DEP0057: util.isSymbol()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isSymbol() API is deprecated.

DEP0058: util.isUndefined()[src]#

History
VersionChanges
v4.8.6, v6.12.0

A deprecation code has been assigned.

v3.3.1, v4.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.isUndefined() API is deprecated.

DEP0059: util.log()[src]#

History
VersionChanges
v6.12.0

A deprecation code has been assigned.

v6.0.0

Documentation-only deprecation.

Type: Documentation-only

The util.log() API is deprecated.

DEP0060: util._extend()#

History
VersionChanges
v6.12.0

A deprecation code has been assigned.

v6.0.0

Documentation-only deprecation.

Type: Documentation-only

The util._extend() API is deprecated.

DEP0061: fs.SyncWriteStream#

History
VersionChanges
v11.0.0

End-of-Life.

v8.0.0

Runtime deprecation.

v7.0.0

Documentation-only deprecation.

Type: End-of-Life

The fs.SyncWriteStream class was never intended to be a publicly accessible API and has been removed. No alternative API is available. Please use a userland alternative.

DEP0062: node --debug#

History
VersionChanges
v12.0.0

End-of-Life.

v8.0.0

Runtime deprecation.

Type: End-of-Life

--debug activates the legacy V8 debugger interface, which was removed as of V8 5.8. It is replaced by Inspector which is activated with --inspect instead.

DEP0063: ServerResponse.prototype.writeHeader()#

History
VersionChanges
v8.0.0

Documentation-only deprecation.

Type: Documentation-only

The http module ServerResponse.prototype.writeHeader() API is deprecated. Please use ServerResponse.prototype.writeHead() instead.

The ServerResponse.prototype.writeHeader() method was never documented as an officially supported API.

DEP0064: tls.createSecurePair()#

History
VersionChanges
v8.0.0

Runtime deprecation.

v6.12.0

A deprecation code has been assigned.

v6.0.0

Documentation-only deprecation.

v0.11.15

Deprecation revoked.

v0.11.3

Runtime deprecation.

Type: Runtime

The tls.createSecurePair() API was deprecated in documentation in Node.js 0.11.3. Users should use tls.Socket instead.

DEP0065: repl.REPL_MODE_MAGIC and NODE_REPL_MODE=magic#

History
VersionChanges
v10.0.0

End-of-Life.

v8.0.0

Documentation-only deprecation.

Type: End-of-Life

The repl module's REPL_MODE_MAGIC constant, used for replMode option, has been removed. Its behavior has been functionally identical to that of REPL_MODE_SLOPPY since Node.js 6.0.0, when V8 5.0 was imported. Please use REPL_MODE_SLOPPY instead.

The NODE_REPL_MODE environment variable is used to set the underlying replMode of an interactive node session. Its value, magic, is also removed. Please use sloppy instead.

DEP0066: OutgoingMessage.prototype._headers, OutgoingMessage.prototype._headerNames#

History
VersionChanges
v12.0.0

Runtime deprecation.

v8.0.0

Documentation-only deprecation.

Type: Runtime

The http module OutgoingMessage.prototype._headers and OutgoingMessage.prototype._headerNames properties are deprecated. Use one of the public methods (e.g. OutgoingMessage.prototype.getHeader(), OutgoingMessage.prototype.getHeaders(), OutgoingMessage.prototype.getHeaderNames(), OutgoingMessage.prototype.hasHeader(), OutgoingMessage.prototype.removeHeader(), OutgoingMessage.prototype.setHeader()) for working with outgoing headers.

The OutgoingMessage.prototype._headers and OutgoingMessage.prototype._headerNames properties were never documented as officially supported properties.

DEP0067: OutgoingMessage.prototype._renderHeaders#

History
VersionChanges
v8.0.0

Documentation-only deprecation.

Type: Documentation-only

The http module OutgoingMessage.prototype._renderHeaders() API is deprecated.

The OutgoingMessage.prototype._renderHeaders property was never documented as an officially supported API.

DEP0068: node debug#

History
VersionChanges
v8.0.0

Runtime deprecation.

Type: Runtime

node debug corresponds to the legacy CLI debugger which has been replaced with a V8-inspector based CLI debugger available through node inspect.

DEP0069: vm.runInDebugContext(string)#

History
VersionChanges
v10.0.0

End-of-Life.

v9.0.0

Runtime deprecation.

v8.0.0

Documentation-only deprecation.

Type: End-of-Life

DebugContext has been removed in V8 and is not available in Node.js 10+.

DebugContext was an experimental API.

DEP0070: async_hooks.currentId()#

History
VersionChanges
v9.0.0

End-of-Life.

v8.2.0

Runtime deprecation.

Type: End-of-Life

async_hooks.currentId() was renamed to async_hooks.executionAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0071: async_hooks.triggerId()#

History
VersionChanges
v9.0.0

End-of-Life.

v8.2.0

Runtime deprecation.

Type: End-of-Life

async_hooks.triggerId() was renamed to async_hooks.triggerAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0072: async_hooks.AsyncResource.triggerId()#

History
VersionChanges
v9.0.0

End-of-Life.

v8.2.0

Runtime deprecation.

Type: End-of-Life

async_hooks.AsyncResource.triggerId() was renamed to async_hooks.AsyncResource.triggerAsyncId() for clarity.

This change was made while async_hooks was an experimental API.

DEP0073: Several internal properties of net.Server#

History
VersionChanges
v10.0.0

End-of-Life.

v9.0.0

Runtime deprecation.

Type: End-of-Life

Accessing several internal, undocumented properties of net.Server instances with inappropriate names is deprecated.

As the original API was undocumented and not generally useful for non-internal code, no replacement API is provided.

DEP0074: REPLServer.bufferedCommand#

History
VersionChanges
v9.0.0

Runtime deprecation.

Type: Runtime

The REPLServer.bufferedCommand property was deprecated in favor of REPLServer.clearBufferedCommand().

DEP0075: REPLServer.parseREPLKeyword()#

History
VersionChanges
v9.0.0

Runtime deprecation.

Type: Runtime

REPLServer.parseREPLKeyword() was removed from userland visibility.

DEP0076: tls.parseCertString()#

History
VersionChanges
v9.0.0

Runtime deprecation.

v8.6.0

Documentation-only deprecation.

Type: Runtime

tls.parseCertString() is a trivial parsing helper that was made public by mistake. This function can usually be replaced with:

const querystring = require('querystring');
querystring.parse(str, '\n', '=');

This function is not completely equivalent to querystring.parse(). One difference is that querystring.parse() does url decoding:

> querystring.parse('%E5%A5%BD=1', '\n', '=');
{ '好': '1' }
> tls.parseCertString('%E5%A5%BD=1');
{ '%E5%A5%BD': '1' }

DEP0077: Module._debug()#

History
VersionChanges
v9.0.0

Runtime deprecation.

Type: Runtime

Module._debug() is deprecated.

The Module._debug() function was never documented as an officially supported API.

DEP0078: REPLServer.turnOffEditorMode()#

History
VersionChanges
v9.0.0

Runtime deprecation.

Type: Runtime

REPLServer.turnOffEditorMode() was removed from userland visibility.

DEP0079: Custom inspection function on Objects via .inspect()#

History
VersionChanges
v11.0.0

End-of-Life.

v10.0.0

Runtime deprecation.

v8.7.0

Documentation-only deprecation.

Type: End-of-Life

Using a property named inspect on an object to specify a custom inspection function for util.inspect() is deprecated. Use util.inspect.custom instead. For backward compatibility with Node.js prior to version 6.4.0, both may be specified.

DEP0080: path._makeLong()#

History
VersionChanges
v9.0.0

Documentation-only deprecation.

Type: Documentation-only

The internal path._makeLong() was not intended for public use. However, userland modules have found it useful. The internal API is deprecated and replaced with an identical, public path.toNamespacedPath() method.

DEP0081: fs.truncate() using a file descriptor[src]#

History
VersionChanges
v9.0.0

Runtime deprecation.

Type: Runtime

fs.truncate() fs.truncateSync() usage with a file descriptor is deprecated. Please use fs.ftruncate() or fs.ftruncateSync() to work with file descriptors.

DEP0082: REPLServer.prototype.memory()#

History
VersionChanges
v9.0.0

Runtime deprecation.

Type: Runtime

REPLServer.prototype.memory() is only necessary for the internal mechanics of the REPLServer itself. Do not use this function.

DEP0083: Disabling ECDH by setting ecdhCurve to false#

History
VersionChanges
v10.0.0

End-of-Life.

v9.2.0

Runtime deprecation.

Type: End-of-Life.

The ecdhCurve option to tls.createSecureContext() and tls.TLSSocket could be set to false to disable ECDH entirely on the server only. This mode was deprecated in preparation for migrating to OpenSSL 1.1.0 and consistency with the client and is now unsupported. Use the ciphers parameter instead.

DEP0084: requiring bundled internal dependencies#

History
VersionChanges
v12.0.0

This functionality has been removed.

v10.0.0

Runtime deprecation.

Type: End-of-Life

Since Node.js versions 4.4.0 and 5.2.0, several modules only intended for internal usage were mistakenly exposed to user code through require(). These modules were:

  • v8/tools/codemap
  • v8/tools/consarray
  • v8/tools/csvparser
  • v8/tools/logreader
  • v8/tools/profile_view
  • v8/tools/profile
  • v8/tools/SourceMap
  • v8/tools/splaytree
  • v8/tools/tickprocessor-driver
  • v8/tools/tickprocessor
  • node-inspect/lib/_inspect (from 7.6.0)
  • node-inspect/lib/internal/inspect_client (from 7.6.0)
  • node-inspect/lib/internal/inspect_repl (from 7.6.0)

The v8/* modules do not have any exports, and if not imported in a specific order would in fact throw errors. As such there are virtually no legitimate use cases for importing them through require().

On the other hand, node-inspect may be installed locally through a package manager, as it is published on the npm registry under the same name. No source code modification is necessary if that is done.

DEP0085: AsyncHooks Sensitive API#

History
VersionChanges
10.0.0

End-of-Life.

v8.10.0, v9.4.0

Runtime deprecation.

Type: End-of-Life

The AsyncHooks Sensitive API was never documented and had various minor issues. Use the AsyncResource API instead. See https://github.com/nodejs/node/issues/15572.

DEP0086: Remove runInAsyncIdScope#

History
VersionChanges
10.0.0

End-of-Life.

v8.10.0, v9.4.0

Runtime deprecation.

Type: End-of-Life

runInAsyncIdScope doesn't emit the 'before' or 'after' event and can thus cause a lot of issues. See https://github.com/nodejs/node/issues/14328.

DEP0089: require('assert')#

History
VersionChanges
v12.8.0

Deprecation revoked.

v9.9.0, v10.0.0

Documentation-only deprecation.

Type: Deprecation revoked

Importing assert directly was not recommended as the exposed functions use loose equality checks. The deprecation was revoked because use of the assert module is not discouraged, and the deprecation caused end user confusion.

DEP0090: Invalid GCM authentication tag lengths#

History
VersionChanges
v11.0.0

End-of-Life.

v10.0.0

Runtime deprecation.

Type: End-of-Life

Node.js used to support all GCM authentication tag lengths which are accepted by OpenSSL when calling decipher.setAuthTag(). Beginning with Node.js v11.0.0, only authentication tag lengths of 128, 120, 112, 104, 96, 64, and 32 bits are allowed. Authentication tags of other lengths are invalid per NIST SP 800-38D.

DEP0091: crypto.DEFAULT_ENCODING#

History
VersionChanges
v10.0.0

Runtime deprecation.

Type: Runtime

The crypto.DEFAULT_ENCODING property is deprecated.

DEP0092: Top-level this bound to module.exports#

History
VersionChanges
v10.0.0

Documentation-only deprecation.

Type: Documentation-only

Assigning properties to the top-level this as an alternative to module.exports is deprecated. Developers should use exports or module.exports instead.

DEP0093: crypto.fips is deprecated and replaced.#

History
VersionChanges
v10.0.0

Documentation-only deprecation.

Type: Documentation-only

The crypto.fips property is deprecated. Please use crypto.setFips() and crypto.getFips() instead.

DEP0094: Using assert.fail() with more than one argument.#

History
VersionChanges
v10.0.0

Runtime deprecation.

Type: Runtime

Using assert.fail() with more than one argument is deprecated. Use assert.fail() with only one argument or use a different assert module method.

DEP0095: timers.enroll()#

History
VersionChanges
v10.0.0

Runtime deprecation.

Type: Runtime

timers.enroll() is deprecated. Please use the publicly documented setTimeout() or setInterval() instead.

DEP0096: timers.unenroll()#

History
VersionChanges
v10.0.0

Runtime deprecation.

Type: Runtime

timers.unenroll() is deprecated. Please use the publicly documented clearTimeout() or clearInterval() instead.

DEP0097: MakeCallback with domain property#

History
VersionChanges
v10.0.0

Runtime deprecation.

Type: Runtime

Users of MakeCallback that add the domain property to carry context, should start using the async_context variant of MakeCallback or CallbackScope, or the high-level AsyncResource class.

DEP0098: AsyncHooks Embedder AsyncResource.emitBefore and AsyncResource.emitAfter APIs#

History
VersionChanges
v12.0.0

End-of-Life

v8.12.0, v9.6.0, v10.0.0

Runtime deprecation.

Type: End-of-Life

The embedded API provided by AsyncHooks exposes .emitBefore() and .emitAfter() methods which are very easy to use incorrectly which can lead to unrecoverable errors.

Use asyncResource.runInAsyncScope() API instead which provides a much safer, and more convenient, alternative. See https://github.com/nodejs/node/pull/18513.

DEP0099: async context-unaware node::MakeCallback C++ APIs#

History
VersionChanges
v10.0.0

Compile-time deprecation.

Type: Compile-time

Certain versions of node::MakeCallback APIs available to native modules are deprecated. Please use the versions of the API that accept an async_context parameter.

DEP0100: process.assert()#

History
VersionChanges
v10.0.0

Runtime deprecation.

v0.3.7

Documentation-only deprecation.

Type: Runtime

process.assert() is deprecated. Please use the assert module instead.

This was never a documented feature.

DEP0101: --with-lttng#

History
VersionChanges
v10.0.0

End-of-Life.

Type: End-of-Life

The --with-lttng compile-time option has been removed.

DEP0102: Using noAssert in Buffer#(read|write) operations.#

History
VersionChanges
v10.0.0

End-of-Life.

Type: End-of-Life

Using the noAssert argument has no functionality anymore. All input is going to be verified, no matter if it is set to true or not. Skipping the verification could lead to hard to find errors and crashes.

DEP0103: process.binding('util').is[...] typechecks#

History
VersionChanges
v10.9.0

Superseded by DEP0111.

v10.0.0

Documentation-only deprecation.

Type: Documentation-only (supports --pending-deprecation)

Using process.binding() in general should be avoided. The type checking methods in particular can be replaced by using util.types.

This deprecation has been superseded by the deprecation of the process.binding() API (DEP0111).

DEP0104: process.env string coercion#

History
VersionChanges
v10.0.0

Documentation-only deprecation.

Type: Documentation-only (supports --pending-deprecation)

When assigning a non-string property to process.env, the assigned value is implicitly converted to a string. This behavior is deprecated if the assigned value is not a string, boolean, or number. In the future, such assignment may result in a thrown error. Please convert the property to a string before assigning it to process.env.

DEP0105: decipher.finaltol#

History
VersionChanges
v11.0.0

End-of-Life.

v10.0.0

Runtime deprecation.

Type: End-of-Life

decipher.finaltol() has never been documented and was an alias for decipher.final(). This API has been removed, and it is recommended to use decipher.final() instead.

DEP0106: crypto.createCipher and crypto.createDecipher#

History
VersionChanges
v11.0.0

Runtime deprecation.

v10.0.0

Documentation-only deprecation.

Type: Runtime

Using crypto.createCipher() and crypto.createDecipher() should be avoided as they use a weak key derivation function (MD5 with no salt) and static initialization vectors. It is recommended to derive a key using crypto.pbkdf2() or crypto.scrypt() and to use crypto.createCipheriv() and crypto.createDecipheriv() to obtain the Cipher and Decipher objects respectively.

DEP0107: tls.convertNPNProtocols()#

History
VersionChanges
v11.0.0

End-of-Life.

v10.0.0

Runtime deprecation.

Type: End-of-Life

This was an undocumented helper function not intended for use outside Node.js core and obsoleted by the removal of NPN (Next Protocol Negotiation) support.

DEP0108: zlib.bytesRead#

History
VersionChanges
v11.0.0

Runtime deprecation.

v10.0.0

Documentation-only deprecation.

Type: Runtime

Deprecated alias for zlib.bytesWritten. This original name was chosen because it also made sense to interpret the value as the number of bytes read by the engine, but is inconsistent with other streams in Node.js that expose values under these names.

DEP0109: http, https, and tls support for invalid URLs#

History
VersionChanges
v11.0.0

Runtime deprecation.

Type: Runtime

Some previously supported (but strictly invalid) URLs were accepted through the http.request(), http.get(), https.request(), https.get(), and tls.checkServerIdentity() APIs because those were accepted by the legacy url.parse() API. The mentioned APIs now use the WHATWG URL parser that requires strictly valid URLs. Passing an invalid URL is deprecated and support will be removed in the future.

DEP0110: vm.Script cached data#

History
VersionChanges
v10.6.0

Documentation-only deprecation.

Type: Documentation-only

The produceCachedData option is deprecated. Use script.createCachedData() instead.

DEP0111: process.binding()#

History
VersionChanges
v11.12.0

Added support for --pending-deprecation.

v10.9.0

Documentation-only deprecation.

Type: Documentation-only (supports --pending-deprecation)

process.binding() is for use by Node.js internal code only.

DEP0112: dgram private APIs#

History
VersionChanges
v11.0.0

Runtime deprecation.

Type: Runtime

The dgram module previously contained several APIs that were never meant to accessed outside of Node.js core: Socket.prototype._handle, Socket.prototype._receiving, Socket.prototype._bindState, Socket.prototype._queue, Socket.prototype._reuseAddr, Socket.prototype._healthCheck(), Socket.prototype._stopReceiving(), and dgram._createSocketHandle().

DEP0113: Cipher.setAuthTag(), Decipher.getAuthTag()#

History
VersionChanges
v12.0.0

End-of-Life.

v11.0.0

Runtime deprecation.

Type: End-of-Life

Cipher.setAuthTag() and Decipher.getAuthTag() are no longer available. They were never documented and would throw when called.

DEP0114: crypto._toBuf()#

History
VersionChanges
v12.0.0

End-of-Life.

v11.0.0

Runtime deprecation.

Type: End-of-Life

The crypto._toBuf() function was not designed to be used by modules outside of Node.js core and was removed.

DEP0115: crypto.prng(), crypto.pseudoRandomBytes(), crypto.rng()#

History
VersionChanges
v11.0.0

Added documentation-only deprecation with --pending-deprecation support.

Type: Documentation-only (supports --pending-deprecation)

In recent versions of Node.js, there is no difference between crypto.randomBytes() and crypto.pseudoRandomBytes(). The latter is deprecated along with the undocumented aliases crypto.prng() and crypto.rng() in favor of crypto.randomBytes() and may be removed in a future release.

DEP0116: Legacy URL API#

History
VersionChanges
v11.0.0

Documentation-only deprecation.

Type: Documentation-only

The Legacy URL API is deprecated. This includes url.format(), url.parse(), url.resolve(), and the legacy urlObject. Please use the WHATWG URL API instead.

DEP0117: Native crypto handles#

History
VersionChanges
v12.0.0

End-of-Life.

v11.0.0

Runtime deprecation.

Type: End-of-Life

Previous versions of Node.js exposed handles to internal native objects through the _handle property of the Cipher, Decipher, DiffieHellman, DiffieHellmanGroup, ECDH, Hash, Hmac, Sign, and Verify classes. The _handle property has been removed because improper use of the native object can lead to crashing the application.

DEP0118: dns.lookup() support for a falsy hostname[src]#

History
VersionChanges
v11.0.0

Runtime deprecation.

Type: Runtime

Previous versions of Node.js supported dns.lookup() with a falsy hostname like dns.lookup(false) due to backward compatibility. This behavior is undocumented and is thought to be unused in real world apps. It will become an error in future versions of Node.js.

DEP0119: process.binding('uv').errname() private API#

History
VersionChanges
v11.0.0

Documentation-only deprecation.

Type: Documentation-only (supports --pending-deprecation)

process.binding('uv').errname() is deprecated. Please use util.getSystemErrorName() instead.

DEP0120: Windows Performance Counter Support#

History
VersionChanges
v12.0.0

End-of-Life.

v11.0.0

Runtime deprecation.

Type: End-of-Life

Windows Performance Counter support has been removed from Node.js. The undocumented COUNTER_NET_SERVER_CONNECTION(), COUNTER_NET_SERVER_CONNECTION_CLOSE(), COUNTER_HTTP_SERVER_REQUEST(), COUNTER_HTTP_SERVER_RESPONSE(), COUNTER_HTTP_CLIENT_REQUEST(), and COUNTER_HTTP_CLIENT_RESPONSE() functions have been deprecated.

DEP0121: net._setSimultaneousAccepts()#

History
VersionChanges
v12.0.0

Runtime deprecation.

Type: Runtime

The undocumented net._setSimultaneousAccepts() function was originally intended for debugging and performance tuning when using the child_process and cluster modules on Windows. The function is not generally useful and is being removed. See discussion here: https://github.com/nodejs/node/issues/18391

DEP0122: tls Server.prototype.setOptions()#

History
VersionChanges
v12.0.0

Runtime deprecation.

Type: Runtime

Please use Server.prototype.setSecureContext() instead.

DEP0123: setting the TLS ServerName to an IP address#

History
VersionChanges
v12.0.0

Runtime deprecation.

Type: Runtime

Setting the TLS ServerName to an IP address is not permitted by RFC 6066. This will be ignored in a future version.

DEP0124: using REPLServer.rli#

History
VersionChanges
v12.0.0

Runtime deprecation.

Type: Runtime

This property is a reference to the instance itself.

DEP0125: require('_stream_wrap')#

History
VersionChanges
v12.0.0

Runtime deprecation.

Type: Runtime

The _stream_wrap module is deprecated.

DEP0126: timers.active()#

History
VersionChanges
v11.14.0

Runtime deprecation.

Type: Runtime

The previously undocumented timers.active() is deprecated. Please use the publicly documented timeout.refresh() instead. If re-referencing the timeout is necessary, timeout.ref() can be used with no performance impact since Node.js 10.

DEP0127: timers._unrefActive()#

History
VersionChanges
v11.14.0

Runtime deprecation.

Type: Runtime

The previously undocumented and "private" timers._unrefActive() is deprecated. Please use the publicly documented timeout.refresh() instead. If unreferencing the timeout is necessary, timeout.unref() can be used with no performance impact since Node.js 10.

DEP0128: modules with an invalid main entry and an index.js file#

History
VersionChanges
v12.0.0

Documentation-only.

Type: Documentation-only (supports --pending-deprecation)

Modules that have an invalid main entry (e.g., ./does-not-exist.js) and also have an index.js file in the top level directory will resolve the index.js file. That is deprecated and is going to throw an error in future Node.js versions.

DEP0129: ChildProcess._channel#

History
VersionChanges
v13.0.0

Runtime deprecation.

v11.14.0

Documentation-only.

Type: Runtime

The _channel property of child process objects returned by spawn() and similar functions is not intended for public use. Use ChildProcess.channel instead.

DEP0130: Module.createRequireFromPath()#

History
VersionChanges
v13.0.0

Runtime deprecation.

v12.2.0

Documentation-only.

Type: Runtime

Module.createRequireFromPath() is deprecated. Please use module.createRequire() instead.

DEP0131: Legacy HTTP parser#

History
VersionChanges
v13.0.0

This feature has been removed.

v12.3.0

Documentation-only.

Type: End-of-Life

The legacy HTTP parser, used by default in versions of Node.js prior to 12.0.0, is deprecated and has been removed in v13.0.0. Prior to v13.0.0, the --http-parser=legacy command-line flag could be used to revert to using the legacy parser.

DEP0132: worker.terminate() with callback#

History
VersionChanges
v12.5.0

Runtime deprecation.

Type: Runtime

Passing a callback to worker.terminate() is deprecated. Use the returned Promise instead, or a listener to the worker’s 'exit' event.

DEP0133: http connection#

History
VersionChanges
v12.12.0

Documentation-only deprecation.

Type: Documentation-only

Prefer response.socket over response.connection and request.socket over request.connection.

DEP0134: process._tickCallback#

History
VersionChanges
v12.12.0

Documentation-only deprecation.

Type: Documentation-only (supports --pending-deprecation)

The process._tickCallback property was never documented as an officially supported API.

DEP0135: WriteStream.open() and ReadStream.open() are internal#

History
VersionChanges
v13.0.0

Runtime deprecation.

Type: Runtime

WriteStream.open() and ReadStream.open() are undocumented internal APIs that do not make sense to use in userland. File streams should always be opened through their corresponding factory methods fs.createWriteStream() and fs.createReadStream()) or by passing a file descriptor in options.

DNS#

Stability: 2 - Stable

The dns module contains functions belonging to two different categories:

  1. Functions that use the underlying operating system facilities to perform name resolution, and that do not necessarily perform any network communication. This category contains only one function: dns.lookup(). Developers looking to perform name resolution in the same way that other applications on the same operating system behave should use dns.lookup().

    For example, looking up iana.org.

    const dns = require('dns');

dns.lookup('iana.org', (err, address, family) => {
  console.log('address: %j family: IPv%s', address, family);
});
// address: "192.0.43.8" family: IPv4

  2. Functions that connect to an actual DNS server to perform name resolution, and that always use the network to perform DNS queries. This category contains all functions in the dns module except dns.lookup(). These functions do not use the same set of configuration files used by dns.lookup() (e.g. /etc/hosts). These functions should be used by developers who do not want to use the underlying operating system's facilities for name resolution, and instead want to always perform DNS queries.

    Below is an example that resolves 'archive.org' then reverse resolves the IP addresses that are returned.

    const dns = require('dns');

dns.resolve4('archive.org', (err, addresses) => {
  if (err) throw err;

  console.log(`addresses: ${JSON.stringify(addresses)}`);

  addresses.forEach((a) => {
    dns.reverse(a, (err, hostnames) => {
      if (err) {
        throw err;
      }
      console.log(`reverse for ${a}: ${JSON.stringify(hostnames)}`);
    });
  });
});

There are subtle consequences in choosing one over the other, please consult the Implementation considerations section for more information.

Class: dns.Resolver#

Added in: v8.3.0

An independent resolver for DNS requests.

Creating a new resolver uses the default server settings. Setting the servers used for a resolver using resolver.setServers() does not affect other resolvers:

const { Resolver } = require('dns');
const resolver = new Resolver();
resolver.setServers(['4.4.4.4']);

// This request will use the server at 4.4.4.4, independent of global settings.
resolver.resolve4('example.org', (err, addresses) => {
  // ...
});

The following methods from the dns module are available:

resolver.cancel()#

Added in: v8.3.0

Cancel all outstanding DNS queries made by this resolver. The corresponding callbacks will be called with an error with code ECANCELLED.

dns.getServers()#

Added in: v0.11.3

Returns an array of IP address strings, formatted according to RFC 5952, that are currently configured for DNS resolution. A string will include a port section if a custom port is used.

[
  '4.4.4.4',
  '2001:4860:4860::8888',
  '4.4.4.4:1053',
  '[2001:4860:4860::8888]:1053'
]

dns.lookup(hostname[, options], callback)[src]#

History
VersionChanges
v8.5.0

The verbatim option is supported now.

v1.2.0

The all option is supported now.

v0.1.90

Added in: v0.1.90

  • hostname <string>

  • options <integer> | <Object>

    • family <integer> The record family. Must be 4, 6, or 0. The value 0 indicates that IPv4 and IPv6 addresses are both returned. Default: 0.
    • hints <number> One or more supported getaddrinfo flags. Multiple flags may be passed by bitwise ORing their values.
    • all <boolean> When true, the callback returns all resolved addresses in an array. Otherwise, returns a single address. Default: false.
    • verbatim <boolean> When true, the callback receives IPv4 and IPv6 addresses in the order the DNS resolver returned them. When false, IPv4 addresses are placed before IPv6 addresses. Default: currently false (addresses are reordered) but this is expected to change in the not too distant future. New code should use { verbatim: true }.

  • callback <Function>

    • err <Error>
    • address <string> A string representation of an IPv4 or IPv6 address.
    • family <integer> 4 or 6, denoting the family of address, or 0 if the address is not an IPv4 or IPv6 address. 0 is a likely indicator of a bug in the name resolution service used by the operating system.

Resolves a hostname (e.g. 'nodejs.org') into the first found A (IPv4) or AAAA (IPv6) record. All option properties are optional. If options is an integer, then it must be 4 or 6 – if options is not provided, then IPv4 and IPv6 addresses are both returned if found.

With the all option set to true, the arguments for callback change to (err, addresses), with addresses being an array of objects with the properties address and family.

On error, err is an Error object, where err.code is the error code. Keep in mind that err.code will be set to 'ENOTFOUND' not only when the hostname does not exist but also when the lookup fails in other ways such as no available file descriptors.

dns.lookup() does not necessarily have anything to do with the DNS protocol. The implementation uses an operating system facility that can associate names with addresses, and vice versa. This implementation can have subtle but important consequences on the behavior of any Node.js program. Please take some time to consult the Implementation considerations section before using dns.lookup().

Example usage:

const dns = require('dns');
const options = {
  family: 6,
  hints: dns.ADDRCONFIG | dns.V4MAPPED,
};
dns.lookup('example.com', options, (err, address, family) =>
  console.log('address: %j family: IPv%s', address, family));
// address: "2606:2800:220:1:248:1893:25c8:1946" family: IPv6

// When options.all is true, the result will be an Array.
options.all = true;
dns.lookup('example.com', options, (err, addresses) =>
  console.log('addresses: %j', addresses));
// addresses: [{"address":"2606:2800:220:1:248:1893:25c8:1946","family":6}]

If this method is invoked as its util.promisify()ed version, and all is not set to true, it returns a Promise for an Object with address and family properties.

Supported getaddrinfo flags#

The following flags can be passed as hints to dns.lookup().

  • dns.ADDRCONFIG: Returned address types are determined by the types of addresses supported by the current system. For example, IPv4 addresses are only returned if the current system has at least one IPv4 address configured. Loopback addresses are not considered.
  • dns.V4MAPPED: If the IPv6 family was specified, but no IPv6 addresses were found, then return IPv4 mapped IPv6 addresses. It is not supported on some operating systems (e.g FreeBSD 10.1).

dns.lookupService(address, port, callback)[src]#

Added in: v0.11.14

Resolves the given address and port into a hostname and service using the operating system's underlying getnameinfo implementation.

If address is not a valid IP address, a TypeError will be thrown. The port will be coerced to a number. If it is not a legal port, a TypeError will be thrown.

On an error, err is an Error object, where err.code is the error code.

const dns = require('dns');
dns.lookupService('127.0.0.1', 22, (err, hostname, service) => {
  console.log(hostname, service);
  // Prints: localhost ssh
});

If this method is invoked as its util.promisify()ed version, it returns a Promise for an Object with hostname and service properties.

dns.resolve(hostname[, rrtype], callback)#

Added in: v0.1.27

Uses the DNS protocol to resolve a hostname (e.g. 'nodejs.org') into an array of the resource records. The callback function has arguments (err, records). When successful, records will be an array of resource records. The type and structure of individual results varies based on rrtype:

rrtyperecords containsResult typeShorthand method
'A'IPv4 addresses (default)<string>dns.resolve4()
'AAAA'IPv6 addresses<string>dns.resolve6()
'ANY'any records<Object>dns.resolveAny()
'CNAME'canonical name records<string>dns.resolveCname()
'MX'mail exchange records<Object>dns.resolveMx()
'NAPTR'name authority pointer records<Object>dns.resolveNaptr()
'NS'name server records<string>dns.resolveNs()
'PTR'pointer records<string>dns.resolvePtr()
'SOA'start of authority records<Object>dns.resolveSoa()
'SRV'service records<Object>dns.resolveSrv()
'TXT'text records<string[]>dns.resolveTxt()

On error, err is an Error object, where err.code is one of the DNS error codes.

dns.resolve4(hostname[, options], callback)#

History
VersionChanges
v7.2.0

This method now supports passing options, specifically options.ttl.

v0.1.16

Added in: v0.1.16

  • hostname <string> Hostname to resolve.

  • options <Object>

    • ttl <boolean> Retrieve the Time-To-Live value (TTL) of each record. When true, the callback receives an array of { address: '1.2.3.4', ttl: 60 } objects rather than an array of strings, with the TTL expressed in seconds.

  • callback <Function>

Uses the DNS protocol to resolve a IPv4 addresses (A records) for the hostname. The addresses argument passed to the callback function will contain an array of IPv4 addresses (e.g. ['74.125.79.104', '74.125.79.105', '74.125.79.106']).

dns.resolve6(hostname[, options], callback)#

History
VersionChanges
v7.2.0

This method now supports passing options, specifically options.ttl.

v0.1.16

Added in: v0.1.16

  • hostname <string> Hostname to resolve.

  • options <Object>

    • ttl <boolean> Retrieve the Time-To-Live value (TTL) of each record. When true, the callback receives an array of { address: '0:1:2:3:4:5:6:7', ttl: 60 } objects rather than an array of strings, with the TTL expressed in seconds.

  • callback <Function>

Uses the DNS protocol to resolve a IPv6 addresses (AAAA records) for the hostname. The addresses argument passed to the callback function will contain an array of IPv6 addresses.

dns.resolveAny(hostname, callback)#

Uses the DNS protocol to resolve all records (also known as ANY or * query). The ret argument passed to the callback function will be an array containing various types of records. Each object has a property type that indicates the type of the current record. And depending on the type, additional properties will be present on the object:

TypeProperties
'A'address/ttl
'AAAA'address/ttl
'CNAME'value
'MX'Refer to dns.resolveMx()
'NAPTR'Refer to dns.resolveNaptr()
'NS'value
'PTR'value
'SOA'Refer to dns.resolveSoa()
'SRV'Refer to dns.resolveSrv()
'TXT'This type of record contains an array property called entries which refers to dns.resolveTxt(), e.g. { entries: ['...'], type: 'TXT' }

Here is an example of the ret object passed to the callback:

[ { type: 'A', address: '127.0.0.1', ttl: 299 },
  { type: 'CNAME', value: 'example.com' },
  { type: 'MX', exchange: 'alt4.aspmx.l.example.com', priority: 50 },
  { type: 'NS', value: 'ns1.example.com' },
  { type: 'TXT', entries: [ 'v=spf1 include:_spf.example.com ~all' ] },
  { type: 'SOA',
    nsname: 'ns1.example.com',
    hostmaster: 'admin.example.com',
    serial: 156696742,
    refresh: 900,
    retry: 900,
    expire: 1800,
    minttl: 60 } ]

DNS server operators may choose not to respond to ANY queries. It may be better to call individual methods like dns.resolve4(), dns.resolveMx(), and so on. For more details, see RFC 8482.

dns.resolveCname(hostname, callback)#

Added in: v0.3.2

Uses the DNS protocol to resolve CNAME records for the hostname. The addresses argument passed to the callback function will contain an array of canonical name records available for the hostname (e.g. ['bar.example.com']).

dns.resolveMx(hostname, callback)#

Added in: v0.1.27

Uses the DNS protocol to resolve mail exchange records (MX records) for the hostname. The addresses argument passed to the callback function will contain an array of objects containing both a priority and exchange property (e.g. [{priority: 10, exchange: 'mx.example.com'}, ...]).

dns.resolveNaptr(hostname, callback)#

Added in: v0.9.12

Uses the DNS protocol to resolve regular expression based records (NAPTR records) for the hostname. The addresses argument passed to the callback function will contain an array of objects with the following properties:

  • flags
  • service
  • regexp
  • replacement
  • order
  • preference
{
  flags: 's',
  service: 'SIP+D2U',
  regexp: '',
  replacement: '_sip._udp.example.com',
  order: 30,
  preference: 100
}

dns.resolveNs(hostname, callback)#

Added in: v0.1.90

Uses the DNS protocol to resolve name server records (NS records) for the hostname. The addresses argument passed to the callback function will contain an array of name server records available for hostname (e.g. ['ns1.example.com', 'ns2.example.com']).

dns.resolvePtr(hostname, callback)#

Added in: v6.0.0

Uses the DNS protocol to resolve pointer records (PTR records) for the hostname. The addresses argument passed to the callback function will be an array of strings containing the reply records.

dns.resolveSoa(hostname, callback)#

Added in: v0.11.10

Uses the DNS protocol to resolve a start of authority record (SOA record) for the hostname. The address argument passed to the callback function will be an object with the following properties:

  • nsname
  • hostmaster
  • serial
  • refresh
  • retry
  • expire
  • minttl
{
  nsname: 'ns.example.com',
  hostmaster: 'root.example.com',
  serial: 2013101809,
  refresh: 10000,
  retry: 2400,
  expire: 604800,
  minttl: 3600
}

dns.resolveSrv(hostname, callback)#

Added in: v0.1.27

Uses the DNS protocol to resolve service records (SRV records) for the hostname. The addresses argument passed to the callback function will be an array of objects with the following properties:

  • priority
  • weight
  • port
  • name
{
  priority: 10,
  weight: 5,
  port: 21223,
  name: 'service.example.com'
}

dns.resolveTxt(hostname, callback)#

Added in: v0.1.27

Uses the DNS protocol to resolve text queries (TXT records) for the hostname. The records argument passed to the callback function is a two-dimensional array of the text records available for hostname (e.g. [ ['v=spf1 ip4:0.0.0.0 ', '~all' ] ]). Each sub-array contains TXT chunks of one record. Depending on the use case, these could be either joined together or treated separately.

dns.reverse(ip, callback)#

Added in: v0.1.16

Performs a reverse DNS query that resolves an IPv4 or IPv6 address to an array of hostnames.

On error, err is an Error object, where err.code is one of the DNS error codes.

dns.setServers(servers)#

Added in: v0.11.3

Sets the IP address and port of servers to be used when performing DNS resolution. The servers argument is an array of RFC 5952 formatted addresses. If the port is the IANA default DNS port (53) it can be omitted.

dns.setServers([
  '4.4.4.4',
  '[2001:4860:4860::8888]',
  '4.4.4.4:1053',
  '[2001:4860:4860::8888]:1053'
]);

An error will be thrown if an invalid address is provided.

The dns.setServers() method must not be called while a DNS query is in progress.

The dns.setServers() method affects only dns.resolve(), dns.resolve*() and dns.reverse() (and specifically not dns.lookup()).

This method works much like resolve.conf. That is, if attempting to resolve with the first server provided results in a NOTFOUND error, the resolve() method will not attempt to resolve with subsequent servers provided. Fallback DNS servers will only be used if the earlier ones time out or result in some other error.

DNS Promises API#

The dns.promises API provides an alternative set of asynchronous DNS methods that return Promise objects rather than using callbacks. The API is accessible via require('dns').promises.

Class: dnsPromises.Resolver#

Added in: v10.6.0

An independent resolver for DNS requests.

Creating a new resolver uses the default server settings. Setting the servers used for a resolver using resolver.setServers() does not affect other resolvers:

const { Resolver } = require('dns').promises;
const resolver = new Resolver();
resolver.setServers(['4.4.4.4']);

// This request will use the server at 4.4.4.4, independent of global settings.
resolver.resolve4('example.org').then((addresses) => {
  // ...
});

// Alternatively, the same code can be written using async-await style.
(async function() {
  const addresses = await resolver.resolve4('example.org');
})();

The following methods from the dnsPromises API are available:

dnsPromises.getServers()#

Added in: v10.6.0

Returns an array of IP address strings, formatted according to RFC 5952, that are currently configured for DNS resolution. A string will include a port section if a custom port is used.

[
  '4.4.4.4',
  '2001:4860:4860::8888',
  '4.4.4.4:1053',
  '[2001:4860:4860::8888]:1053'
]

dnsPromises.lookup(hostname[, options])#

Added in: v10.6.0
  • hostname <string>

  • options <integer> | <Object>

    • family <integer> The record family. Must be 4, 6, or 0. The value 0 indicates that IPv4 and IPv6 addresses are both returned. Default: 0.
    • hints <number> One or more supported getaddrinfo flags. Multiple flags may be passed by bitwise ORing their values.
    • all <boolean> When true, the Promise is resolved with all addresses in an array. Otherwise, returns a single address. Default: false.
    • verbatim <boolean> When true, the Promise is resolved with IPv4 and IPv6 addresses in the order the DNS resolver returned them. When false, IPv4 addresses are placed before IPv6 addresses. Default: currently false (addresses are reordered) but this is expected to change in the not too distant future. New code should use { verbatim: true }.

Resolves a hostname (e.g. 'nodejs.org') into the first found A (IPv4) or AAAA (IPv6) record. All option properties are optional. If options is an integer, then it must be 4 or 6 – if options is not provided, then IPv4 and IPv6 addresses are both returned if found.

With the all option set to true, the Promise is resolved with addresses being an array of objects with the properties address and family.

On error, the Promise is rejected with an Error object, where err.code is the error code. Keep in mind that err.code will be set to 'ENOTFOUND' not only when the hostname does not exist but also when the lookup fails in other ways such as no available file descriptors.

dnsPromises.lookup() does not necessarily have anything to do with the DNS protocol. The implementation uses an operating system facility that can associate names with addresses, and vice versa. This implementation can have subtle but important consequences on the behavior of any Node.js program. Please take some time to consult the Implementation considerations section before using dnsPromises.lookup().

Example usage:

const dns = require('dns');
const dnsPromises = dns.promises;
const options = {
  family: 6,
  hints: dns.ADDRCONFIG | dns.V4MAPPED,
};

dnsPromises.lookup('example.com', options).then((result) => {
  console.log('address: %j family: IPv%s', result.address, result.family);
  // address: "2606:2800:220:1:248:1893:25c8:1946" family: IPv6
});

// When options.all is true, the result will be an Array.
options.all = true;
dnsPromises.lookup('example.com', options).then((result) => {
  console.log('addresses: %j', result);
  // addresses: [{"address":"2606:2800:220:1:248:1893:25c8:1946","family":6}]
});

dnsPromises.lookupService(address, port)#

Added in: v10.6.0

Resolves the given address and port into a hostname and service using the operating system's underlying getnameinfo implementation.

If address is not a valid IP address, a TypeError will be thrown. The port will be coerced to a number. If it is not a legal port, a TypeError will be thrown.

On error, the Promise is rejected with an Error object, where err.code is the error code.

const dnsPromises = require('dns').promises;
dnsPromises.lookupService('127.0.0.1', 22).then((result) => {
  console.log(result.hostname, result.service);
  // Prints: localhost ssh
});

dnsPromises.resolve(hostname[, rrtype])#

Added in: v10.6.0
  • hostname <string> Hostname to resolve.
  • rrtype <string> Resource record type. Default: 'A'.

Uses the DNS protocol to resolve a hostname (e.g. 'nodejs.org') into an array of the resource records. When successful, the Promise is resolved with an array of resource records. The type and structure of individual results vary based on rrtype:

rrtyperecords containsResult typeShorthand method
'A'IPv4 addresses (default)<string>dnsPromises.resolve4()
'AAAA'IPv6 addresses<string>dnsPromises.resolve6()
'ANY'any records<Object>dnsPromises.resolveAny()
'CNAME'canonical name records<string>dnsPromises.resolveCname()
'MX'mail exchange records<Object>dnsPromises.resolveMx()
'NAPTR'name authority pointer records<Object>dnsPromises.resolveNaptr()
'NS'name server records<string>dnsPromises.resolveNs()
'PTR'pointer records<string>dnsPromises.resolvePtr()
'SOA'start of authority records<Object>dnsPromises.resolveSoa()
'SRV'service records<Object>dnsPromises.resolveSrv()
'TXT'text records<string[]>dnsPromises.resolveTxt()

On error, the Promise is rejected with an Error object, where err.code is one of the DNS error codes.

dnsPromises.resolve4(hostname[, options])#

Added in: v10.6.0
  • hostname <string> Hostname to resolve.

  • options <Object>

    • ttl <boolean> Retrieve the Time-To-Live value (TTL) of each record. When true, the Promise is resolved with an array of { address: '1.2.3.4', ttl: 60 } objects rather than an array of strings, with the TTL expressed in seconds.

Uses the DNS protocol to resolve IPv4 addresses (A records) for the hostname. On success, the Promise is resolved with an array of IPv4 addresses (e.g. ['74.125.79.104', '74.125.79.105', '74.125.79.106']).

dnsPromises.resolve6(hostname[, options])#

Added in: v10.6.0
  • hostname <string> Hostname to resolve.

  • options <Object>

    • ttl <boolean> Retrieve the Time-To-Live value (TTL) of each record. When true, the Promise is resolved with an array of { address: '0:1:2:3:4:5:6:7', ttl: 60 } objects rather than an array of strings, with the TTL expressed in seconds.

Uses the DNS protocol to resolve IPv6 addresses (AAAA records) for the hostname. On success, the Promise is resolved with an array of IPv6 addresses.

dnsPromises.resolveAny(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve all records (also known as ANY or * query). On success, the Promise is resolved with an array containing various types of records. Each object has a property type that indicates the type of the current record. And depending on the type, additional properties will be present on the object:

TypeProperties
'A'address/ttl
'AAAA'address/ttl
'CNAME'value
'MX'Refer to dnsPromises.resolveMx()
'NAPTR'Refer to dnsPromises.resolveNaptr()
'NS'value
'PTR'value
'SOA'Refer to dnsPromises.resolveSoa()
'SRV'Refer to dnsPromises.resolveSrv()
'TXT'This type of record contains an array property called entries which refers to dnsPromises.resolveTxt(), e.g. { entries: ['...'], type: 'TXT' }

Here is an example of the result object:

[ { type: 'A', address: '127.0.0.1', ttl: 299 },
  { type: 'CNAME', value: 'example.com' },
  { type: 'MX', exchange: 'alt4.aspmx.l.example.com', priority: 50 },
  { type: 'NS', value: 'ns1.example.com' },
  { type: 'TXT', entries: [ 'v=spf1 include:_spf.example.com ~all' ] },
  { type: 'SOA',
    nsname: 'ns1.example.com',
    hostmaster: 'admin.example.com',
    serial: 156696742,
    refresh: 900,
    retry: 900,
    expire: 1800,
    minttl: 60 } ]

dnsPromises.resolveCname(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve CNAME records for the hostname. On success, the Promise is resolved with an array of canonical name records available for the hostname (e.g. ['bar.example.com']).

dnsPromises.resolveMx(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve mail exchange records (MX records) for the hostname. On success, the Promise is resolved with an array of objects containing both a priority and exchange property (e.g. [{priority: 10, exchange: 'mx.example.com'}, ...]).

dnsPromises.resolveNaptr(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve regular expression based records (NAPTR records) for the hostname. On success, the Promise is resolved with an array of objects with the following properties:

  • flags
  • service
  • regexp
  • replacement
  • order
  • preference
{
  flags: 's',
  service: 'SIP+D2U',
  regexp: '',
  replacement: '_sip._udp.example.com',
  order: 30,
  preference: 100
}

dnsPromises.resolveNs(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve name server records (NS records) for the hostname. On success, the Promise is resolved with an array of name server records available for hostname (e.g. ['ns1.example.com', 'ns2.example.com']).

dnsPromises.resolvePtr(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve pointer records (PTR records) for the hostname. On success, the Promise is resolved with an array of strings containing the reply records.

dnsPromises.resolveSoa(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve a start of authority record (SOA record) for the hostname. On success, the Promise is resolved with an object with the following properties:

  • nsname
  • hostmaster
  • serial
  • refresh
  • retry
  • expire
  • minttl
{
  nsname: 'ns.example.com',
  hostmaster: 'root.example.com',
  serial: 2013101809,
  refresh: 10000,
  retry: 2400,
  expire: 604800,
  minttl: 3600
}

dnsPromises.resolveSrv(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve service records (SRV records) for the hostname. On success, the Promise is resolved with an array of objects with the following properties:

  • priority
  • weight
  • port
  • name
{
  priority: 10,
  weight: 5,
  port: 21223,
  name: 'service.example.com'
}

dnsPromises.resolveTxt(hostname)#

Added in: v10.6.0

Uses the DNS protocol to resolve text queries (TXT records) for the hostname. On success, the Promise is resolved with a two-dimensional array of the text records available for hostname (e.g. [ ['v=spf1 ip4:0.0.0.0 ', '~all' ] ]). Each sub-array contains TXT chunks of one record. Depending on the use case, these could be either joined together or treated separately.

dnsPromises.reverse(ip)#

Added in: v10.6.0

Performs a reverse DNS query that resolves an IPv4 or IPv6 address to an array of hostnames.

On error, the Promise is rejected with an Error object, where err.code is one of the DNS error codes.

dnsPromises.setServers(servers)#

Added in: v10.6.0

Sets the IP address and port of servers to be used when performing DNS resolution. The servers argument is an array of RFC 5952 formatted addresses. If the port is the IANA default DNS port (53) it can be omitted.

dnsPromises.setServers([
  '4.4.4.4',
  '[2001:4860:4860::8888]',
  '4.4.4.4:1053',
  '[2001:4860:4860::8888]:1053'
]);

An error will be thrown if an invalid address is provided.

The dnsPromises.setServers() method must not be called while a DNS query is in progress.

This method works much like resolve.conf. That is, if attempting to resolve with the first server provided results in a NOTFOUND error, the resolve() method will not attempt to resolve with subsequent servers provided. Fallback DNS servers will only be used if the earlier ones time out or result in some other error.

Error codes#

Each DNS query can return one of the following error codes:

  • dns.NODATA: DNS server returned answer with no data.
  • dns.FORMERR: DNS server claims query was misformatted.
  • dns.SERVFAIL: DNS server returned general failure.
  • dns.NOTFOUND: Domain name not found.
  • dns.NOTIMP: DNS server does not implement requested operation.
  • dns.REFUSED: DNS server refused query.
  • dns.BADQUERY: Misformatted DNS query.
  • dns.BADNAME: Misformatted hostname.
  • dns.BADFAMILY: Unsupported address family.
  • dns.BADRESP: Misformatted DNS reply.
  • dns.CONNREFUSED: Could not contact DNS servers.
  • dns.TIMEOUT: Timeout while contacting DNS servers.
  • dns.EOF: End of file.
  • dns.FILE: Error reading file.
  • dns.NOMEM: Out of memory.
  • dns.DESTRUCTION: Channel is being destroyed.
  • dns.BADSTR: Misformatted string.
  • dns.BADFLAGS: Illegal flags specified.
  • dns.NONAME: Given hostname is not numeric.
  • dns.BADHINTS: Illegal hints flags specified.
  • dns.NOTINITIALIZED: c-ares library initialization not yet performed.
  • dns.LOADIPHLPAPI: Error loading iphlpapi.dll.
  • dns.ADDRGETNETWORKPARAMS: Could not find GetNetworkParams function.
  • dns.CANCELLED: DNS query cancelled.

Implementation considerations#

Although dns.lookup() and the various dns.resolve*()/dns.reverse() functions have the same goal of associating a network name with a network address (or vice versa), their behavior is quite different. These differences can have subtle but significant consequences on the behavior of Node.js programs.

dns.lookup()#

Under the hood, dns.lookup() uses the same operating system facilities as most other programs. For instance, dns.lookup() will almost always resolve a given name the same way as the ping command. On most POSIX-like operating systems, the behavior of the dns.lookup() function can be modified by changing settings in nsswitch.conf(5) and/or resolv.conf(5), but changing these files will change the behavior of all other programs running on the same operating system.

Though the call to dns.lookup() will be asynchronous from JavaScript's perspective, it is implemented as a synchronous call to getaddrinfo(3) that runs on libuv's threadpool. This can have surprising negative performance implications for some applications, see the UV_THREADPOOL_SIZE documentation for more information.

Various networking APIs will call dns.lookup() internally to resolve host names. If that is an issue, consider resolving the hostname to an address using dns.resolve() and using the address instead of a host name. Also, some networking APIs (such as socket.connect() and dgram.createSocket()) allow the default resolver, dns.lookup(), to be replaced.

dns.resolve(), dns.resolve*() and dns.reverse()#

These functions are implemented quite differently than dns.lookup(). They do not use getaddrinfo(3) and they always perform a DNS query on the network. This network communication is always done asynchronously, and does not use libuv's threadpool.

As a result, these functions cannot have the same negative impact on other processing that happens on libuv's threadpool that dns.lookup() can have.

They do not use the same set of configuration files than what dns.lookup() uses. For instance, they do not use the configuration from /etc/hosts.

Domain#

History
VersionChanges
v8.8.0

Any Promises created in VM contexts no longer have a .domain property. Their handlers are still executed in the proper domain, however, and Promises created in the main context still possess a .domain property.

v8.0.0

Handlers for Promises are now invoked in the domain in which the first promise of a chain was created.

Stability: 0 - Deprecated

This module is pending deprecation. Once a replacement API has been finalized, this module will be fully deprecated. Most end users should not have cause to use this module. Users who absolutely must have the functionality that domains provide may rely on it for the time being but should expect to have to migrate to a different solution in the future.

Domains provide a way to handle multiple different IO operations as a single group. If any of the event emitters or callbacks registered to a domain emit an 'error' event, or throw an error, then the domain object will be notified, rather than losing the context of the error in the process.on('uncaughtException') handler, or causing the program to exit immediately with an error code.

Warning: Don't Ignore Errors!#

Domain error handlers are not a substitute for closing down a process when an error occurs.

By the very nature of how throw works in JavaScript, there is almost never any way to safely "pick up where it left off", without leaking references, or creating some other sort of undefined brittle state.

The safest way to respond to a thrown error is to shut down the process. Of course, in a normal web server, there may be many open connections, and it is not reasonable to abruptly shut those down because an error was triggered by someone else.

The better approach is to send an error response to the request that triggered the error, while letting the others finish in their normal time, and stop listening for new requests in that worker.

In this way, domain usage goes hand-in-hand with the cluster module, since the master process can fork a new worker when a worker encounters an error. For Node.js programs that scale to multiple machines, the terminating proxy or service registry can take note of the failure, and react accordingly.

For example, this is not a good idea:

// XXX WARNING! BAD IDEA!

const d = require('domain').create();
d.on('error', (er) => {
  // The error won't crash the process, but what it does is worse!
  // Though we've prevented abrupt process restarting, we are leaking
  // resources like crazy if this ever happens.
  // This is no better than process.on('uncaughtException')!
  console.log(`error, but oh well ${er.message}`);
});
d.run(() => {
  require('http').createServer((req, res) => {
    handleRequest(req, res);
  }).listen(PORT);
});

By using the context of a domain, and the resilience of separating our program into multiple worker processes, we can react more appropriately, and handle errors with much greater safety.

// Much better!

const cluster = require('cluster');
const PORT = +process.env.PORT || 1337;

if (cluster.isMaster) {
  // A more realistic scenario would have more than 2 workers,
  // and perhaps not put the master and worker in the same file.
  //
  // It is also possible to get a bit fancier about logging, and
  // implement whatever custom logic is needed to prevent DoS
  // attacks and other bad behavior.
  //
  // See the options in the cluster documentation.
  //
  // The important thing is that the master does very little,
  // increasing our resilience to unexpected errors.

  cluster.fork();
  cluster.fork();

  cluster.on('disconnect', (worker) => {
    console.error('disconnect!');
    cluster.fork();
  });

} else {
  // the worker
  //
  // This is where we put our bugs!

  const domain = require('domain');

  // See the cluster documentation for more details about using
  // worker processes to serve requests. How it works, caveats, etc.

  const server = require('http').createServer((req, res) => {
    const d = domain.create();
    d.on('error', (er) => {
      console.error(`error ${er.stack}`);

      // We're in dangerous territory!
      // By definition, something unexpected occurred,
      // which we probably didn't want.
      // Anything can happen now! Be very careful!

      try {
        // Make sure we close down within 30 seconds
        const killtimer = setTimeout(() => {
          process.exit(1);
        }, 30000);
        // But don't keep the process open just for that!
        killtimer.unref();

        // Stop taking new requests.
        server.close();

        // Let the master know we're dead. This will trigger a
        // 'disconnect' in the cluster master, and then it will fork
        // a new worker.
        cluster.worker.disconnect();

        // Try to send an error to the request that triggered the problem
        res.statusCode = 500;
        res.setHeader('content-type', 'text/plain');
        res.end('Oops, there was a problem!\n');
      } catch (er2) {
        // Oh well, not much we can do at this point.
        console.error(`Error sending 500! ${er2.stack}`);
      }
    });

    // Because req and res were created before this domain existed,
    // we need to explicitly add them.
    // See the explanation of implicit vs explicit binding below.
    d.add(req);
    d.add(res);

    // Now run the handler function in the domain.
    d.run(() => {
      handleRequest(req, res);
    });
  });
  server.listen(PORT);
}

// This part is not important. Just an example routing thing.
// Put fancy application logic here.
function handleRequest(req, res) {
  switch (req.url) {
    case '/error':
      // We do some async stuff, and then...
      setTimeout(() => {
        // Whoops!
        flerb.bark();
      }, timeout);
      break;
    default:
      res.end('ok');
  }
}

Additions to Error objects#

Any time an Error object is routed through a domain, a few extra fields are added to it.

  • error.domain The domain that first handled the error.
  • error.domainEmitter The event emitter that emitted an 'error' event with the error object.
  • error.domainBound The callback function which was bound to the domain, and passed an error as its first argument.
  • error.domainThrown A boolean indicating whether the error was thrown, emitted, or passed to a bound callback function.

Implicit Binding#

If domains are in use, then all new EventEmitter objects (including Stream objects, requests, responses, etc.) will be implicitly bound to the active domain at the time of their creation.

Additionally, callbacks passed to lowlevel event loop requests (such as to fs.open(), or other callback-taking methods) will automatically be bound to the active domain. If they throw, then the domain will catch the error.

In order to prevent excessive memory usage, Domain objects themselves are not implicitly added as children of the active domain. If they were, then it would be too easy to prevent request and response objects from being properly garbage collected.

To nest Domain objects as children of a parent Domain they must be explicitly added.

Implicit binding routes thrown errors and 'error' events to the Domain's 'error' event, but does not register the EventEmitter on the Domain. Implicit binding only takes care of thrown errors and 'error' events.

Explicit Binding#

Sometimes, the domain in use is not the one that ought to be used for a specific event emitter. Or, the event emitter could have been created in the context of one domain, but ought to instead be bound to some other domain.

For example, there could be one domain in use for an HTTP server, but perhaps we would like to have a separate domain to use for each request.

That is possible via explicit binding.

// Create a top-level domain for the server
const domain = require('domain');
const http = require('http');
const serverDomain = domain.create();

serverDomain.run(() => {
  // Server is created in the scope of serverDomain
  http.createServer((req, res) => {
    // Req and res are also created in the scope of serverDomain
    // however, we'd prefer to have a separate domain for each request.
    // create it first thing, and add req and res to it.
    const reqd = domain.create();
    reqd.add(req);
    reqd.add(res);
    reqd.on('error', (er) => {
      console.error('Error', er, req.url);
      try {
        res.writeHead(500);
        res.end('Error occurred, sorry.');
      } catch (er2) {
        console.error('Error sending 500', er2, req.url);
      }
    });
  }).listen(1337);
});

domain.create()#

Class: Domain#

The Domain class encapsulates the functionality of routing errors and uncaught exceptions to the active Domain object.

To handle the errors that it catches, listen to its 'error' event.

domain.members#

An array of timers and event emitters that have been explicitly added to the domain.

domain.add(emitter)#

Explicitly adds an emitter to the domain. If any event handlers called by the emitter throw an error, or if the emitter emits an 'error' event, it will be routed to the domain's 'error' event, just like with implicit binding.

This also works with timers that are returned from setInterval() and setTimeout(). If their callback function throws, it will be caught by the domain 'error' handler.

If the Timer or EventEmitter was already bound to a domain, it is removed from that one, and bound to this one instead.

domain.bind(callback)#

The returned function will be a wrapper around the supplied callback function. When the returned function is called, any errors that are thrown will be routed to the domain's 'error' event.

const d = domain.create();

function readSomeFile(filename, cb) {
  fs.readFile(filename, 'utf8', d.bind((er, data) => {
    // If this throws, it will also be passed to the domain.
    return cb(er, data ? JSON.parse(data) : null);
  }));
}

d.on('error', (er) => {
  // An error occurred somewhere. If we throw it now, it will crash the program
  // with the normal line number and stack message.
});

domain.enter()#

The enter() method is plumbing used by the run(), bind(), and intercept() methods to set the active domain. It sets domain.active and process.domain to the domain, and implicitly pushes the domain onto the domain stack managed by the domain module (see domain.exit() for details on the domain stack). The call to enter() delimits the beginning of a chain of asynchronous calls and I/O operations bound to a domain.

Calling enter() changes only the active domain, and does not alter the domain itself. enter() and exit() can be called an arbitrary number of times on a single domain.

domain.exit()#

The exit() method exits the current domain, popping it off the domain stack. Any time execution is going to switch to the context of a different chain of asynchronous calls, it's important to ensure that the current domain is exited. The call to exit() delimits either the end of or an interruption to the chain of asynchronous calls and I/O operations bound to a domain.

If there are multiple, nested domains bound to the current execution context, exit() will exit any domains nested within this domain.

Calling exit() changes only the active domain, and does not alter the domain itself. enter() and exit() can be called an arbitrary number of times on a single domain.

domain.intercept(callback)#

This method is almost identical to domain.bind(callback). However, in addition to catching thrown errors, it will also intercept Error objects sent as the first argument to the function.

In this way, the common if (err) return callback(err); pattern can be replaced with a single error handler in a single place.

const d = domain.create();

function readSomeFile(filename, cb) {
  fs.readFile(filename, 'utf8', d.intercept((data) => {
    // Note, the first argument is never passed to the
    // callback since it is assumed to be the 'Error' argument
    // and thus intercepted by the domain.

    // If this throws, it will also be passed to the domain
    // so the error-handling logic can be moved to the 'error'
    // event on the domain instead of being repeated throughout
    // the program.
    return cb(null, JSON.parse(data));
  }));
}

d.on('error', (er) => {
  // An error occurred somewhere. If we throw it now, it will crash the program
  // with the normal line number and stack message.
});

domain.remove(emitter)#

The opposite of domain.add(emitter). Removes domain handling from the specified emitter.

domain.run(fn[, ...args])#

Run the supplied function in the context of the domain, implicitly binding all event emitters, timers, and lowlevel requests that are created in that context. Optionally, arguments can be passed to the function.

This is the most basic way to use a domain.

const domain = require('domain');
const fs = require('fs');
const d = domain.create();
d.on('error', (er) => {
  console.error('Caught error!', er);
});
d.run(() => {
  process.nextTick(() => {
    setTimeout(() => { // Simulating some various async stuff
      fs.open('non-existent file', 'r', (er, fd) => {
        if (er) throw er;
        // proceed...
      });
    }, 100);
  });
});

In this example, the d.on('error') handler will be triggered, rather than crashing the program.

Domains and Promises#

As of Node.js 8.0.0, the handlers of Promises are run inside the domain in which the call to .then() or .catch() itself was made:

const d1 = domain.create();
const d2 = domain.create();

let p;
d1.run(() => {
  p = Promise.resolve(42);
});

d2.run(() => {
  p.then((v) => {
    // running in d2
  });
});

A callback may be bound to a specific domain using domain.bind(callback):

const d1 = domain.create();
const d2 = domain.create();

let p;
d1.run(() => {
  p = Promise.resolve(42);
});

d2.run(() => {
  p.then(p.domain.bind((v) => {
    // running in d1
  }));
});

Domains will not interfere with the error handling mechanisms for Promises. In other words, no 'error' event will be emitted for unhandled Promise rejections.

ECMAScript Modules#

Stability: 1 - Experimental

Introduction#

ECMAScript modules are the official standard format to package JavaScript code for reuse. Modules are defined using a variety of import and export statements.

Node.js fully supports ECMAScript modules as they are currently specified and provides limited interoperability between them and the existing module format, CommonJS.

Node.js contains support for ES Modules based upon the Node.js EP for ES Modules and the ECMAScript-modules implementation.

Expect major changes in the implementation including interoperability support, specifier resolution, and default behavior.

Enabling#

The --experimental-modules flag can be used to enable support for ECMAScript modules (ES modules).

Once enabled, Node.js will treat the following as ES modules when passed to node as the initial input, or when referenced by import statements within ES module code:

  • Files ending in .mjs.

  • Files ending in .js, or extensionless files, when the nearest parent package.json file contains a top-level field "type" with a value of "module".

  • Strings passed in as an argument to --eval or --print, or piped to node via STDIN, with the flag --input-type=module.

Node.js will treat as CommonJS all other forms of input, such as .js files where the nearest parent package.json file contains no top-level "type" field, or string input without the flag --input-type. This behavior is to preserve backward compatibility. However, now that Node.js supports both CommonJS and ES modules, it is best to be explicit whenever possible. Node.js will treat the following as CommonJS when passed to node as the initial input, or when referenced by import statements within ES module code:

  • Files ending in .cjs.

  • Files ending in .js, or extensionless files, when the nearest parent package.json file contains a top-level field "type" with a value of "commonjs".

  • Strings passed in as an argument to --eval or --print, or piped to node via STDIN, with the flag --input-type=commonjs.

package.json "type" field#

Files ending with .js or .mjs, or lacking any extension, will be loaded as ES modules when the nearest parent package.json file contains a top-level field "type" with a value of "module".

The nearest parent package.json is defined as the first package.json found when searching in the current folder, that folder’s parent, and so on up until the root of the volume is reached.

// package.json
{
  "type": "module"
}

# In same folder as above package.json
node --experimental-modules my-app.js # Runs as ES module

If the nearest parent package.json lacks a "type" field, or contains "type": "commonjs", extensionless and .js files are treated as CommonJS. If the volume root is reached and no package.json is found, Node.js defers to the default, a package.json with no "type" field.

import statements of .js and extensionless files are treated as ES modules if the nearest parent package.json contains "type": "module".

// my-app.js, part of the same example as above
import './startup.js'; // Loaded as ES module because of package.json

Package authors should include the "type" field, even in packages where all sources are CommonJS. Being explicit about the type of the package will future-proof the package in case the default type of Node.js ever changes, and it will also make things easier for build tools and loaders to determine how the files in the package should be interpreted.

Package Scope and File Extensions#

A folder containing a package.json file, and all subfolders below that folder down until the next folder containing another package.json, is considered a package scope. The "type" field defines how .js and extensionless files should be treated within a particular package.json file’s package scope. Every package in a project’s node_modules folder contains its own package.json file, so each project’s dependencies have their own package scopes. A package.json lacking a "type" field is treated as if it contained "type": "commonjs".

The package scope applies not only to initial entry points (node --experimental-modules my-app.js) but also to files referenced by import statements and import() expressions.

// my-app.js, in an ES module package scope because there is a package.json
// file in the same folder with "type": "module".

import './startup/init.js';
// Loaded as ES module since ./startup contains no package.json file,
// and therefore inherits the ES module package scope from one level up.

import 'commonjs-package';
// Loaded as CommonJS since ./node_modules/commonjs-package/package.json
// lacks a "type" field or contains "type": "commonjs".

import './node_modules/commonjs-package/index.js';
// Loaded as CommonJS since ./node_modules/commonjs-package/package.json
// lacks a "type" field or contains "type": "commonjs".

Files ending with .mjs are always loaded as ES modules regardless of package scope.

Files ending with .cjs are always loaded as CommonJS regardless of package scope.

import './legacy-file.cjs';
// Loaded as CommonJS since .cjs is always loaded as CommonJS.

import 'commonjs-package/src/index.mjs';
// Loaded as ES module since .mjs is always loaded as ES module.

The .mjs and .cjs extensions may be used to mix types within the same package scope:

  • Within a "type": "module" package scope, Node.js can be instructed to interpret a particular file as CommonJS by naming it with a .cjs extension (since both .js and .mjs files are treated as ES modules within a "module" package scope).

  • Within a "type": "commonjs" package scope, Node.js can be instructed to interpret a particular file as an ES module by naming it with an .mjs extension (since both .js and .cjs files are treated as CommonJS within a "commonjs" package scope).

--input-type flag#

Strings passed in as an argument to --eval or --print (or -e or -p), or piped to node via STDIN, will be treated as ES modules when the --input-type=module flag is set.

node --experimental-modules --input-type=module --eval \
  "import { sep } from 'path'; console.log(sep);"

echo "import { sep } from 'path'; console.log(sep);" | \
  node --experimental-modules --input-type=module

For completeness there is also --input-type=commonjs, for explicitly running string input as CommonJS. This is the default behavior if --input-type is unspecified.

Packages#

Package Entry Points#

The package.json "main" field defines the entry point for a package, whether the package is included into CommonJS via require or into an ES module via import.

// ./node_modules/es-module-package/package.json
{
  "type": "module",
  "main": "./src/index.js"
}

// ./my-app.mjs

import { something } from 'es-module-package';
// Loads from ./node_modules/es-module-package/src/index.js

An attempt to require the above es-module-package would attempt to load ./node_modules/es-module-package/src/index.js as CommonJS, which would throw an error as Node.js would not be able to parse the export statement in CommonJS.

As with import statements, for ES module usage the value of "main" must be a full path including extension: "./index.mjs", not "./index".

If the package.json "type" field is omitted, a .js file in "main" will be interpreted as CommonJS.

The "main" field can point to exactly one file, regardless of whether the package is referenced via require (in a CommonJS context) or import (in an ES module context).

Compatibility with CommonJS-Only Versions of Node.js#

Prior to the introduction of support for ES modules in Node.js, it was a common pattern for package authors to include both CommonJS and ES module JavaScript sources in their package, with package.json "main" specifying the CommonJS entry point and package.json "module" specifying the ES module entry point. This enabled Node.js to run the CommonJS entry point while build tools such as bundlers used the ES module entry point, since Node.js ignored (and still ignores) "module".

Node.js can now run ES module entry points, but it remains impossible for a package to define separate CommonJS and ES module entry points. This is for good reason: the pkg variable created from import pkg from 'pkg' is not the same singleton as the pkg variable created from const pkg = require('pkg'), so if both are referenced within the same app (including dependencies), unexpected behavior might occur.

There are two general approaches to addressing this limitation while still publishing a package that contains both CommonJS and ES module sources:

  1. Document a new ES module entry point that’s not the package "main", e.g. import pkg from 'pkg/module.mjs' (or import 'pkg/esm', if using package exports). The package "main" would still point to a CommonJS file, and thus the package would remain compatible with older versions of Node.js that lack support for ES modules.

  2. Switch the package "main" entry point to an ES module file as part of a breaking change version bump. This version and above would only be usable on ES module-supporting versions of Node.js. If the package still contains a CommonJS version, it would be accessible via a path within the package, e.g. require('pkg/commonjs'); this is essentially the inverse of the previous approach. Package consumers who are using CommonJS-only versions of Node.js would need to update their code from require('pkg') to e.g. require('pkg/commonjs').

Of course, a package could also include only CommonJS or only ES module sources. An existing package could make a semver major bump to an ES module-only version, that would only be supported in ES module-supporting versions of Node.js (and other runtimes). New packages could be published containing only ES module sources, and would be compatible only with ES module-supporting runtimes.

Package Exports#

By default, all subpaths from a package can be imported (import 'pkg/x.js'). Custom subpath aliasing and encapsulation can be provided through the "exports" field.

// ./node_modules/es-module-package/package.json
{
  "exports": {
    "./submodule": "./src/submodule.js"
  }
}

import submodule from 'es-module-package/submodule';
// Loads ./node_modules/es-module-package/src/submodule.js

In addition to defining an alias, subpaths not defined by "exports" will throw when an attempt is made to import them:

import submodule from 'es-module-package/private-module.js';
// Throws ERR_MODULE_NOT_FOUND

Note: this is not a strong encapsulation as any private modules can still be loaded by absolute paths.

Folders can also be mapped with package exports:

// ./node_modules/es-module-package/package.json
{
  "exports": {
    "./features/": "./src/features/"
  }
}

import feature from 'es-module-package/features/x.js';
// Loads ./node_modules/es-module-package/src/features/x.js

If a package has no exports, setting "exports": false can be used instead of "exports": {} to indicate the package does not intend for submodules to be exposed.

Exports can also be used to map the main entry point of a package:

// ./node_modules/es-module-package/package.json
{
  "exports": {
    ".": "./main.js"
  }
}

where the "." indicates loading the package without any subpath. Exports will always override any existing "main" value for both CommonJS and ES module packages.

For packages with only a main entry point, an "exports" value of just a string is also supported:

// ./node_modules/es-module-package/package.json
{
  "exports": "./main.js"
}

Any invalid exports entries will be ignored. This includes exports not starting with "./" or a missing trailing "/" for directory exports.

Array fallback support is provided for exports, similarly to import maps in order to be forward-compatible with fallback workflows in future:

{
  "exports": {
    "./submodule": ["not:valid", "./submodule.js"]
  }
}

Since "not:valid" is not a supported target, "./submodule.js" is used instead as the fallback, as if it were the only target.

import Specifiers#

Terminology#

The specifier of an import statement is the string after the from keyword, e.g. 'path' in import { sep } from 'path'. Specifiers are also used in export from statements, and as the argument to an import() expression.

There are four types of specifiers:

  • Bare specifiers like 'some-package'. They refer to an entry point of a package by the package name.

  • Deep import specifiers like 'some-package/lib/shuffle.mjs'. They refer to a path within a package prefixed by the package name.

  • Relative specifiers like './startup.js' or '../config.mjs'. They refer to a path relative to the location of the importing file.

  • Absolute specifiers like 'file:///opt/nodejs/config.js'. They refer directly and explicitly to a full path.

Bare specifiers, and the bare specifier portion of deep import specifiers, are strings; but everything else in a specifier is a URL.

Only file: and data: URLs are supported. A specifier like 'https://example.com/app.js' may be supported by browsers but it is not supported in Node.js.

Specifiers may not begin with / or //. These are reserved for potential future use. The root of the current volume may be referenced via file:///.

data: Imports#

Added in: v12.10.0

data: URLs are supported for importing with the following MIME types:

  • text/javascript for ES Modules
  • application/json for JSON
  • application/wasm for WASM.

data: URLs only resolve Bare specifiers for builtin modules and Absolute specifiers. Resolving Relative specifiers will not work because data: is not a special scheme. For example, attempting to load ./foo from data:text/javascript,import "./foo"; will fail to resolve since there is no concept of relative resolution for data: URLs. An example of a data: URLs being used is:

import 'data:text/javascript,console.log("hello!");';
import _ from 'data:application/json,"world!"';

import.meta#

The import.meta metaproperty is an Object that contains the following property:

  • url <string> The absolute file: URL of the module.

Differences Between ES Modules and CommonJS#

Mandatory file extensions#

A file extension must be provided when using the import keyword. Directory indexes (e.g. './startup/index.js') must also be fully specified.

This behavior matches how import behaves in browser environments, assuming a typically configured server.

No NODE_PATH#

NODE_PATH is not part of resolving import specifiers. Please use symlinks if this behavior is desired.

No require, exports, module.exports, __filename, __dirname#

These CommonJS variables are not available in ES modules.

require can be imported into an ES module using module.createRequire().

Equivalents of __filename and __dirname can be created inside of each file via import.meta.url.

import { fileURLToPath } from 'url';
import { dirname } from 'path';

const __filename = fileURLToPath(import.meta.url);
const __dirname = dirname(__filename);

No require.extensions#

require.extensions is not used by import. The expectation is that loader hooks can provide this workflow in the future.

No require.cache#

require.cache is not used by import. It has a separate cache.

URL-based paths#

ES modules are resolved and cached based upon URL semantics. This means that files containing special characters such as # and ? need to be escaped.

Modules will be loaded multiple times if the import specifier used to resolve them have a different query or fragment.

import './foo.mjs?query=1'; // loads ./foo.mjs with query of "?query=1"
import './foo.mjs?query=2'; // loads ./foo.mjs with query of "?query=2"

For now, only modules using the file: protocol can be loaded.

Interoperability with CommonJS#

require#

require always treats the files it references as CommonJS. This applies whether require is used the traditional way within a CommonJS environment, or in an ES module environment using module.createRequire().

To include an ES module into CommonJS, use import().

import statements#

An import statement can reference an ES module, a CommonJS module, or JSON. Other file types such as Native modules are not supported. For those, use module.createRequire().

import statements are permitted only in ES modules. For similar functionality in CommonJS, see import().

The specifier of an import statement (the string after the from keyword) can either be an URL-style relative path like './file.mjs' or a package name like 'fs'.

Like in CommonJS, files within packages can be accessed by appending a path to the package name.

import { sin, cos } from 'geometry/trigonometry-functions.mjs';

Currently only the “default export” is supported for CommonJS files or packages:

import packageMain from 'commonjs-package'; // Works

import { method } from 'commonjs-package'; // Errors

There are ongoing efforts to make the latter code possible.

import() expressions#

Dynamic import() is supported in both CommonJS and ES modules. It can be used to include ES module files from CommonJS code.

(async () => {
  await import('./my-app.mjs');
})();

CommonJS, JSON, and Native Modules#

CommonJS, JSON, and Native modules can be used with module.createRequire().

// cjs.js
module.exports = 'cjs';

// esm.mjs
import { createRequire } from 'module';
import { fileURLToPath as fromURL } from 'url';

const require = createRequire(fromURL(import.meta.url));

const cjs = require('./cjs');
cjs === 'cjs'; // true

Builtin modules#

Builtin modules will provide named exports of their public API. A default export is also provided which is the value of the CommonJS exports. The default export can be used for, among other things, modifying the named exports. Named exports of builtin modules are updated only by calling module.syncBuiltinESMExports().

import EventEmitter from 'events';
const e = new EventEmitter();

import { readFile } from 'fs';
readFile('./foo.txt', (err, source) => {
  if (err) {
    console.error(err);
  } else {
    console.log(source);
  }
});

import fs, { readFileSync } from 'fs';
import { syncBuiltinESMExports } from 'module';

fs.readFileSync = () => Buffer.from('Hello, ESM');
syncBuiltinESMExports();

fs.readFileSync === readFileSync;

Experimental JSON Modules#

Currently importing JSON modules are only supported in the commonjs mode and are loaded using the CJS loader. WHATWG JSON modules specification are still being standardized, and are experimentally supported by including the additional flag --experimental-json-modules when running Node.js.

When the --experimental-json-modules flag is included both the commonjs and module mode will use the new experimental JSON loader. The imported JSON only exposes a default, there is no support for named exports. A cache entry is created in the CommonJS cache, to avoid duplication. The same object will be returned in CommonJS if the JSON module has already been imported from the same path.

Assuming an index.mjs with

import packageConfig from './package.json';

The --experimental-json-modules flag is needed for the module to work.

node --experimental-modules index.mjs # fails
node --experimental-modules --experimental-json-modules index.mjs # works

Experimental Wasm Modules#

Importing Web Assembly modules is supported under the --experimental-wasm-modules flag, allowing any .wasm files to be imported as normal modules while also supporting their module imports.

This integration is in line with the ES Module Integration Proposal for Web Assembly.

For example, an index.mjs containing:

import * as M from './module.wasm';
console.log(M);

executed under:

node --experimental-modules --experimental-wasm-modules index.mjs

would provide the exports interface for the instantiation of module.wasm.

Experimental Loader hooks#

Note: This API is currently being redesigned and will still change.

To customize the default module resolution, loader hooks can optionally be provided via a --experimental-loader ./loader-name.mjs argument to Node.js.

When hooks are used they only apply to ES module loading and not to any CommonJS modules loaded.

Resolve hook#

The resolve hook returns the resolved file URL and module format for a given module specifier and parent file URL:

import { URL, pathToFileURL } from 'url';
const baseURL = pathToFileURL(process.cwd()).href;

/**
 * @param {string} specifier
 * @param {string} parentModuleURL
 * @param {function} defaultResolver
 */
export async function resolve(specifier,
                              parentModuleURL = baseURL,
                              defaultResolver) {
  return {
    url: new URL(specifier, parentModuleURL).href,
    format: 'module'
  };
}

The parentModuleURL is provided as undefined when performing main Node.js load itself.

The default Node.js ES module resolution function is provided as a third argument to the resolver for easy compatibility workflows.

In addition to returning the resolved file URL value, the resolve hook also returns a format property specifying the module format of the resolved module. This can be one of the following:

formatDescription
'builtin'Load a Node.js builtin module
'commonjs'Load a Node.js CommonJS module
'dynamic'Use a dynamic instantiate hook
'json'Load a JSON file
'module'Load a standard JavaScript module
'wasm'Load a WebAssembly module

For example, a dummy loader to load JavaScript restricted to browser resolution rules with only JS file extension and Node.js builtin modules support could be written:

import path from 'path';
import process from 'process';
import Module from 'module';
import { URL, pathToFileURL } from 'url';

const builtins = Module.builtinModules;
const JS_EXTENSIONS = new Set(['.js', '.mjs']);

const baseURL = pathToFileURL(process.cwd()).href;

/**
 * @param {string} specifier
 * @param {string} parentModuleURL
 * @param {function} defaultResolver
 */
export async function resolve(specifier,
                              parentModuleURL = baseURL,
                              defaultResolver) {
  if (builtins.includes(specifier)) {
    return {
      url: specifier,
      format: 'builtin'
    };
  }
  if (/^\.{0,2}[/]/.test(specifier) !== true && !specifier.startsWith('file:')) {
    // For node_modules support:
    // return defaultResolver(specifier, parentModuleURL);
    throw new Error(
      `imports must begin with '/', './', or '../'; '${specifier}' does not`);
  }
  const resolved = new URL(specifier, parentModuleURL);
  const ext = path.extname(resolved.pathname);
  if (!JS_EXTENSIONS.has(ext)) {
    throw new Error(
      `Cannot load file with non-JavaScript file extension ${ext}.`);
  }
  return {
    url: resolved.href,
    format: 'module'
  };
}

With this loader, running:

NODE_OPTIONS='--experimental-modules --experimental-loader ./custom-loader.mjs' node x.js

would load the module x.js as an ES module with relative resolution support (with node_modules loading skipped in this example).

Dynamic instantiate hook#

To create a custom dynamic module that doesn't correspond to one of the existing format interpretations, the dynamicInstantiate hook can be used. This hook is called only for modules that return format: 'dynamic' from the resolve hook.

export async function dynamicInstantiate(url) {
  return {
    exports: ['customExportName'],
    execute: (exports) => {
      // Get and set functions provided for pre-allocated export names
      exports.customExportName.set('value');
    }
  };
}

With the list of module exports provided upfront, the execute function will then be called at the exact point of module evaluation order for that module in the import tree.

Resolution Algorithm#

Features#

The resolver has the following properties:

  • FileURL-based resolution as is used by ES modules
  • Support for builtin module loading
  • Relative and absolute URL resolution
  • No default extensions
  • No folder mains
  • Bare specifier package resolution lookup through node_modules

Resolver Algorithm#

The algorithm to load an ES module specifier is given through the ESM_RESOLVE method below. It returns the resolved URL for a module specifier relative to a parentURL, in addition to the unique module format for that resolved URL given by the ESM_FORMAT routine.

The "module" format is returned for an ECMAScript Module, while the "commonjs" format is used to indicate loading through the legacy CommonJS loader. Additional formats such as "addon" can be extended in future updates.

In the following algorithms, all subroutine errors are propagated as errors of these top-level routines unless stated otherwise.

isMain is true when resolving the Node.js application entry point.

Resolver algorithm specification

ESM_RESOLVE(specifier, parentURL, isMain)

  1. Let resolvedURL be undefined.

  2. If specifier is a valid URL, then

    1. Set resolvedURL to the result of parsing and reserializing specifier as a URL.

  3. Otherwise, if specifier starts with "/", then

    1. Throw an Invalid Specifier error.

  4. Otherwise, if specifier starts with "./" or "../", then

    1. Set resolvedURL to the URL resolution of specifier relative to parentURL.

  5. Otherwise,

    1. Note: specifier is now a bare specifier.
    2. Set resolvedURL the result of PACKAGE_RESOLVE(specifier, parentURL).

  6. If resolvedURL contains any percent encodings of "/" or "\" ("%2f" and "%5C" respectively), then

    1. Throw an Invalid Specifier error.

  7. If the file at resolvedURL does not exist, then

    1. Throw a Module Not Found error.
  8. Set resolvedURL to the real path of resolvedURL.
  9. Let format be the result of ESM_FORMAT(resolvedURL, isMain).
  10. Load resolvedURL as module format, format.

PACKAGE_RESOLVE(packageSpecifier, parentURL)

  1. Let packageName be undefined.
  2. Let packageSubpath be undefined.

  3. If packageSpecifier is an empty string, then

    1. Throw an Invalid Specifier error.

  4. Otherwise,

    1. If packageSpecifier does not contain a "/" separator, then

      1. Throw an Invalid Specifier error.
    2. Set packageName to the substring of packageSpecifier until the second "/" separator or the end of the string.

  5. If packageName starts with "." or contains "\" or "%", then

    1. Throw an Invalid Specifier error.
  6. Let packageSubpath be undefined.

  7. If the length of packageSpecifier is greater than the length of packageName, then

    1. Set packageSubpath to "." concatenated with the substring of packageSpecifier from the position at the length of packageName.

  8. If packageSubpath contains any "." or ".." segments or percent encoded strings for "/" or "\", then

    1. Throw an Invalid Specifier error.

  9. If packageSubpath is undefined and packageName is a Node.js builtin module, then

    1. Return the string "node:" concatenated with packageSpecifier.

  10. While parentURL is not the file system root,

    1. Let packageURL be the URL resolution of "node_modules/" concatenated with packageSpecifier, relative to parentURL.
    2. Set parentURL to the parent folder URL of parentURL.

    3. If the folder at packageURL does not exist, then

      1. Set parentURL to the parent URL path of parentURL.
      2. Continue the next loop iteration.
    4. Let pjson be the result of READ_PACKAGE_JSON(packageURL).

    5. If packageSubpath is _undefined__, then

      1. Return the result of PACKAGE_MAIN_RESOLVE(packageURL, pjson).

    6. Otherwise,

      1. If pjson is not null and pjson has an "exports" key, then

        1. Let exports be pjson.exports.

        2. If exports is not null or undefined, then

          1. Return PACKAGE_EXPORTS_RESOLVE(packageURL, packageSubpath, pjson.exports).
      2. Return the URL resolution of packageSubpath in packageURL.
  11. Set selfUrl to the result of SELF_REFERENCE_RESOLE(packageSpecifier, parentURL).
  12. If selfUrl isn't empty, return selfUrl.
  13. Throw a Module Not Found error.

SELF_REFERENCE_RESOLVE(specifier, parentURL)

  1. Let packageURL be the result of READ_PACKAGE_SCOPE(parentURL).

  2. If packageURL is null, then

    1. Return an empty result.
  3. Let pjson be the result of READ_PACKAGE_JSON(packageURL).
  4. Set name to pjson.name.
  5. If name is empty, then return an empty result.

  6. If name is equal to specifier, then

    1. Return the result of PACKAGE_MAIN_RESOLVE(packageURL, pjson).

  7. If specifier starts with name followed by "/", then

    1. Set subpath to everything after the "/".

    2. If pjson is not null and pjson has an "exports" key, then

      1. Let exports be pjson.exports.

      2. If exports is not null or undefined, then

        1. Return PACKAGE_EXPORTS_RESOLVE(packageURL, subpath, pjson.exports).
    3. Return the URL resolution of subpath in packageURL.
  8. Otherwise return an empty result.

PACKAGE_MAIN_RESOLVE(packageURL, pjson)

  1. If pjson is null, then

    1. Throw a Module Not Found error.

  2. If pjson.exports is not null or undefined, then

    1. If pjson.exports is a String or Array, then

      1. Return PACKAGE_EXPORTS_TARGET_RESOLVE(packageURL, pjson.exports, "")_.

    2. If _pjson.exports is an Object, then

      1. If pjson.exports contains a "." property, then

        1. Let mainExport be the "." property in pjson.exports.
        2. Return PACKAGE_EXPORTS_TARGET_RESOLVE(packageURL, mainExport, "")_.

  3. If pjson.main is a String, then

    1. Let resolvedMain be the URL resolution of packageURL, "/", and pjson.main.

    2. If the file at resolvedMain exists, then

      1. Return resolvedMain.

  4. If pjson.type is equal to "module", then

    1. Throw a Module Not Found error.
  5. Let legacyMainURL be the result applying the legacy LOAD_AS_DIRECTORY CommonJS resolver to packageURL, throwing a Module Not Found error for no resolution.
  6. Return legacyMainURL.

PACKAGE_EXPORTS_RESOLVE(packageURL, packagePath, exports)

  1. If exports is an Object, then

    1. Set packagePath to "./" concatenated with packagePath.

    2. If packagePath is a key of exports, then

      1. Let target be the value of exports[packagePath].
      2. Return PACKAGE_EXPORTS_TARGET_RESOLVE(packageURL, target, "").
    3. Let directoryKeys be the list of keys of exports ending in "/", sorted by length descending.

    4. For each key directory in directoryKeys, do

      1. If packagePath starts with directory, then

        1. Let target be the value of exports[directory].
        2. Let subpath be the substring of target starting at the index of the length of directory.
        3. Return PACKAGE_EXPORTS_TARGET_RESOLVE(packageURL, target, subpath).
  2. Throw a Module Not Found error.

PACKAGE_EXPORTS_TARGET_RESOLVE(packageURL, target, subpath)

  1. If target is a String, then

    1. If target does not start with "./", throw a Module Not Found error.
    2. If subpath has non-zero length and target does not end with "/", throw a Module Not Found error.
    3. If target or subpath contain any "node_modules" segments including "node_modules" percent-encoding, throw a Module Not Found error.
    4. Let resolvedTarget be the URL resolution of the concatenation of packageURL and target.

    5. If resolvedTarget is contained in packageURL, then

      1. Let resolved be the URL resolution of the concatenation of subpath and resolvedTarget.

      2. If resolved is contained in resolvedTarget, then

        1. Return resolved.

  2. Otherwise, if target is an Array, then

    1. For each item targetValue in target, do

      1. If targetValue is not a String, continue the loop.
      2. Let resolved be the result of PACKAGE_EXPORTS_TARGET_RESOLVE(packageURL, targetValue, subpath), continuing the loop on abrupt completion.
      3. Assert: resolved is a String.
      4. Return resolved.
  3. Throw a Module Not Found error.

ESM_FORMAT(url, isMain)

  1. Assert: url corresponds to an existing file.
  2. Let pjson be the result of READ_PACKAGE_SCOPE(url).

  3. If url ends in ".mjs", then

    1. Return "module".

  4. If url ends in ".cjs", then

    1. Return "commonjs".

  5. If pjson?.type exists and is "module", then

    1. If isMain is true or url ends in ".js", then

      1. Return "module".
    2. Throw an Unsupported File Extension error.

  6. Otherwise,

    1. If isMain is true or url ends in ".js", ".json" or ".node", then

      1. Return "commonjs".
    2. Throw an Unsupported File Extension error.

READ_PACKAGE_SCOPE(url)

  1. Let scopeURL be url.

  2. While scopeURL is not the file system root,

    1. If scopeURL ends in a "node_modules" path segment, return null.
    2. Let pjson be the result of READ_PACKAGE_JSON(scopeURL).

    3. If pjson is not null, then

      1. Return pjson.
    4. Set scopeURL to the parent URL of scopeURL.
  3. Return null.

READ_PACKAGE_JSON(packageURL)

  1. Let pjsonURL be the resolution of "package.json" within packageURL.

  2. If the file at pjsonURL does not exist, then

    1. Return null.

  3. If the file at packageURL does not parse as valid JSON, then

    1. Throw an Invalid Package Configuration error.
  4. Return the parsed JSON source of the file at pjsonURL.

Customizing ESM specifier resolution algorithm#

The current specifier resolution does not support all default behavior of the CommonJS loader. One of the behavior differences is automatic resolution of file extensions and the ability to import directories that have an index file.

The --es-module-specifier-resolution=[mode] flag can be used to customize the extension resolution algorithm. The default mode is explicit, which requires the full path to a module be provided to the loader. To enable the automatic extension resolution and importing from directories that include an index file use the node mode.

$ node --experimental-modules index.mjs
success!
$ node --experimental-modules index #Failure!
Error: Cannot find module
$ node --experimental-modules --es-module-specifier-resolution=node index
success!

Errors#

Applications running in Node.js will generally experience four categories of errors:

  • Standard JavaScript errors such as <EvalError>, <SyntaxError>, <RangeError>, <ReferenceError>, <TypeError>, and <URIError>.
  • System errors triggered by underlying operating system constraints such as attempting to open a file that does not exist or attempting to send data over a closed socket.
  • User-specified errors triggered by application code.
  • AssertionErrors are a special class of error that can be triggered when Node.js detects an exceptional logic violation that should never occur. These are raised typically by the assert module.

All JavaScript and System errors raised by Node.js inherit from, or are instances of, the standard JavaScript <Error> class and are guaranteed to provide at least the properties available on that class.

Error Propagation and Interception#

Node.js supports several mechanisms for propagating and handling errors that occur while an application is running. How these errors are reported and handled depends entirely on the type of Error and the style of the API that is called.

All JavaScript errors are handled as exceptions that immediately generate and throw an error using the standard JavaScript throw mechanism. These are handled using the try…catch construct provided by the JavaScript language.

// Throws with a ReferenceError because z is not defined.
try {
  const m = 1;
  const n = m + z;
} catch (err) {
  // Handle the error here.
}

Any use of the JavaScript throw mechanism will raise an exception that must be handled using try…catch or the Node.js process will exit immediately.

With few exceptions, Synchronous APIs (any blocking method that does not accept a callback function, such as fs.readFileSync), will use throw to report errors.

Errors that occur within Asynchronous APIs may be reported in multiple ways:

  • Most asynchronous methods that accept a callback function will accept an Error object passed as the first argument to that function. If that first argument is not null and is an instance of Error, then an error occurred that should be handled.
const fs = require('fs');
fs.readFile('a file that does not exist', (err, data) => {
  if (err) {
    console.error('There was an error reading the file!', err);
    return;
  }
  // Otherwise handle the data
});

  • When an asynchronous method is called on an object that is an EventEmitter, errors can be routed to that object's 'error' event.

    const net = require('net');
const connection = net.connect('localhost');

// Adding an 'error' event handler to a stream:
connection.on('error', (err) => {
  // If the connection is reset by the server, or if it can't
  // connect at all, or on any sort of error encountered by
  // the connection, the error will be sent here.
  console.error(err);
});

connection.pipe(process.stdout);

  • A handful of typically asynchronous methods in the Node.js API may still use the throw mechanism to raise exceptions that must be handled using try…catch. There is no comprehensive list of such methods; please refer to the documentation of each method to determine the appropriate error handling mechanism required.

The use of the 'error' event mechanism is most common for stream-based and event emitter-based APIs, which themselves represent a series of asynchronous operations over time (as opposed to a single operation that may pass or fail).

For all EventEmitter objects, if an 'error' event handler is not provided, the error will be thrown, causing the Node.js process to report an uncaught exception and crash unless either: The domain module is used appropriately or a handler has been registered for the 'uncaughtException' event.

const EventEmitter = require('events');
const ee = new EventEmitter();

setImmediate(() => {
  // This will crash the process because no 'error' event
  // handler has been added.
  ee.emit('error', new Error('This will crash'));
});

Errors generated in this way cannot be intercepted using try…catch as they are thrown after the calling code has already exited.

Developers must refer to the documentation for each method to determine exactly how errors raised by those methods are propagated.

Error-first callbacks#

Most asynchronous methods exposed by the Node.js core API follow an idiomatic pattern referred to as an error-first callback. With this pattern, a callback function is passed to the method as an argument. When the operation either completes or an error is raised, the callback function is called with the Error object (if any) passed as the first argument. If no error was raised, the first argument will be passed as null.

const fs = require('fs');

function errorFirstCallback(err, data) {
  if (err) {
    console.error('There was an error', err);
    return;
  }
  console.log(data);
}

fs.readFile('/some/file/that/does-not-exist', errorFirstCallback);
fs.readFile('/some/file/that/does-exist', errorFirstCallback);

The JavaScript try…catch mechanism cannot be used to intercept errors generated by asynchronous APIs. A common mistake for beginners is to try to use throw inside an error-first callback:

// THIS WILL NOT WORK:
const fs = require('fs');

try {
  fs.readFile('/some/file/that/does-not-exist', (err, data) => {
    // Mistaken assumption: throwing here...
    if (err) {
      throw err;
    }
  });
} catch (err) {
  // This will not catch the throw!
  console.error(err);
}

This will not work because the callback function passed to fs.readFile() is called asynchronously. By the time the callback has been called, the surrounding code, including the try…catch block, will have already exited. Throwing an error inside the callback can crash the Node.js process in most cases. If domains are enabled, or a handler has been registered with process.on('uncaughtException'), such errors can be intercepted.

Class: Error#

A generic JavaScript <Error> object that does not denote any specific circumstance of why the error occurred. Error objects capture a "stack trace" detailing the point in the code at which the Error was instantiated, and may provide a text description of the error.

All errors generated by Node.js, including all System and JavaScript errors, will either be instances of, or inherit from, the Error class.

new Error(message)#

Creates a new Error object and sets the error.message property to the provided text message. If an object is passed as message, the text message is generated by calling message.toString(). The error.stack property will represent the point in the code at which new Error() was called. Stack traces are dependent on V8's stack trace API. Stack traces extend only to either (a) the beginning of synchronous code execution, or (b) the number of frames given by the property Error.stackTraceLimit, whichever is smaller.

Error.captureStackTrace(targetObject[, constructorOpt])#

Creates a .stack property on targetObject, which when accessed returns a string representing the location in the code at which Error.captureStackTrace() was called.

const myObject = {};
Error.captureStackTrace(myObject);
myObject.stack;  // Similar to `new Error().stack`

The first line of the trace will be prefixed with ${myObject.name}: ${myObject.message}.

The optional constructorOpt argument accepts a function. If given, all frames above constructorOpt, including constructorOpt, will be omitted from the generated stack trace.

The constructorOpt argument is useful for hiding implementation details of error generation from an end user. For instance:

function MyError() {
  Error.captureStackTrace(this, MyError);
}

// Without passing MyError to captureStackTrace, the MyError
// frame would show up in the .stack property. By passing
// the constructor, we omit that frame, and retain all frames below it.
new MyError().stack;

Error.stackTraceLimit#

The Error.stackTraceLimit property specifies the number of stack frames collected by a stack trace (whether generated by new Error().stack or Error.captureStackTrace(obj)).

The default value is 10 but may be set to any valid JavaScript number. Changes will affect any stack trace captured after the value has been changed.

If set to a non-number value, or set to a negative number, stack traces will not capture any frames.

error.code#

The error.code property is a string label that identifies the kind of error. error.code is the most stable way to identify an error. It will only change between major versions of Node.js. In contrast, error.message strings may change between any versions of Node.js. See Node.js Error Codes for details about specific codes.

error.message#

The error.message property is the string description of the error as set by calling new Error(message). The message passed to the constructor will also appear in the first line of the stack trace of the Error, however changing this property after the Error object is created may not change the first line of the stack trace (for example, when error.stack is read before this property is changed).

const err = new Error('The message');
console.error(err.message);
// Prints: The message

error.stack#

The error.stack property is a string describing the point in the code at which the Error was instantiated.

Error: Things keep happening!
   at /home/gbusey/file.js:525:2
   at Frobnicator.refrobulate (/home/gbusey/business-logic.js:424:21)
   at Actor.<anonymous> (/home/gbusey/actors.js:400:8)
   at increaseSynergy (/home/gbusey/actors.js:701:6)

The first line is formatted as <error class name>: <error message>, and is followed by a series of stack frames (each line beginning with "at "). Each frame describes a call site within the code that lead to the error being generated. V8 attempts to display a name for each function (by variable name, function name, or object method name), but occasionally it will not be able to find a suitable name. If V8 cannot determine a name for the function, only location information will be displayed for that frame. Otherwise, the determined function name will be displayed with location information appended in parentheses.

Frames are only generated for JavaScript functions. If, for example, execution synchronously passes through a C++ addon function called cheetahify which itself calls a JavaScript function, the frame representing the cheetahify call will not be present in the stack traces:

const cheetahify = require('./native-binding.node');

function makeFaster() {
  // `cheetahify()` *synchronously* calls speedy.
  cheetahify(function speedy() {
    throw new Error('oh no!');
  });
}

makeFaster();
// will throw:
//   /home/gbusey/file.js:6
//       throw new Error('oh no!');
//           ^
//   Error: oh no!
//       at speedy (/home/gbusey/file.js:6:11)
//       at makeFaster (/home/gbusey/file.js:5:3)
//       at Object.<anonymous> (/home/gbusey/file.js:10:1)
//       at Module._compile (module.js:456:26)
//       at Object.Module._extensions..js (module.js:474:10)
//       at Module.load (module.js:356:32)
//       at Function.Module._load (module.js:312:12)
//       at Function.Module.runMain (module.js:497:10)
//       at startup (node.js:119:16)
//       at node.js:906:3

The location information will be one of:

  • native, if the frame represents a call internal to V8 (as in [].forEach).
  • plain-filename.js:line:column, if the frame represents a call internal to Node.js.
  • /absolute/path/to/file.js:line:column, if the frame represents a call in a user program, or its dependencies.

The string representing the stack trace is lazily generated when the error.stack property is accessed.

The number of frames captured by the stack trace is bounded by the smaller of Error.stackTraceLimit or the number of available frames on the current event loop tick.

Class: AssertionError#

Indicates the failure of an assertion. For details, see Class: assert.AssertionError.

Class: RangeError#

Indicates that a provided argument was not within the set or range of acceptable values for a function; whether that is a numeric range, or outside the set of options for a given function parameter.

require('net').connect(-1);
// Throws "RangeError: "port" option should be >= 0 and < 65536: -1"

Node.js will generate and throw RangeError instances immediately as a form of argument validation.

Class: ReferenceError#

Indicates that an attempt is being made to access a variable that is not defined. Such errors commonly indicate typos in code, or an otherwise broken program.

While client code may generate and propagate these errors, in practice, only V8 will do so.

doesNotExist;
// Throws ReferenceError, doesNotExist is not a variable in this program.

Unless an application is dynamically generating and running code, ReferenceError instances should always be considered a bug in the code or its dependencies.

Class: SyntaxError#

Indicates that a program is not valid JavaScript. These errors may only be generated and propagated as a result of code evaluation. Code evaluation may happen as a result of eval, Function, require, or vm. These errors are almost always indicative of a broken program.

try {
  require('vm').runInThisContext('binary ! isNotOk');
} catch (err) {
  // 'err' will be a SyntaxError.
}

SyntaxError instances are unrecoverable in the context that created them – they may only be caught by other contexts.

Class: SystemError#

Node.js generates system errors when exceptions occur within its runtime environment. These usually occur when an application violates an operating system constraint. For example, a system error will occur if an application attempts to read a file that does not exist.

  • address <string> If present, the address to which a network connection failed
  • code <string> The string error code
  • dest <string> If present, the file path destination when reporting a file system error
  • errno <number> The system-provided error number
  • info <Object> If present, extra details about the error condition
  • message <string> A system-provided human-readable description of the error
  • path <string> If present, the file path when reporting a file system error
  • port <number> If present, the network connection port that is not available
  • syscall <string> The name of the system call that triggered the error

error.address#

If present, error.address is a string describing the address to which a network connection failed.

error.code#

The error.code property is a string representing the error code.

error.dest#

If present, error.dest is the file path destination when reporting a file system error.

error.errno#

The error.errno property is a negative number which corresponds to the error code defined in libuv Error handling.

On Windows the error number provided by the system will be normalized by libuv.

To get the string representation of the error code, use util.getSystemErrorName(error.errno).

error.info#

If present, error.info is an object with details about the error condition.

error.message#

error.message is a system-provided human-readable description of the error.

error.path#

If present, error.path is a string containing a relevant invalid pathname.

error.port#

If present, error.port is the network connection port that is not available.

error.syscall#

The error.syscall property is a string describing the syscall that failed.

Common System Errors#

This is a list of system errors commonly-encountered when writing a Node.js program. For a comprehensive list, see the errno(3) man page.

  • EACCES (Permission denied): An attempt was made to access a file in a way forbidden by its file access permissions.

  • EADDRINUSE (Address already in use): An attempt to bind a server (net, http, or https) to a local address failed due to another server on the local system already occupying that address.

  • ECONNREFUSED (Connection refused): No connection could be made because the target machine actively refused it. This usually results from trying to connect to a service that is inactive on the foreign host.

  • ECONNRESET (Connection reset by peer): A connection was forcibly closed by a peer. This normally results from a loss of the connection on the remote socket due to a timeout or reboot. Commonly encountered via the http and net modules.

  • EEXIST (File exists): An existing file was the target of an operation that required that the target not exist.

  • EISDIR (Is a directory): An operation expected a file, but the given pathname was a directory.

  • EMFILE (Too many open files in system): Maximum number of file descriptors allowable on the system has been reached, and requests for another descriptor cannot be fulfilled until at least one has been closed. This is encountered when opening many files at once in parallel, especially on systems (in particular, macOS) where there is a low file descriptor limit for processes. To remedy a low limit, run ulimit -n 2048 in the same shell that will run the Node.js process.

  • ENOENT (No such file or directory): Commonly raised by fs operations to indicate that a component of the specified pathname does not exist — no entity (file or directory) could be found by the given path.

  • ENOTDIR (Not a directory): A component of the given pathname existed, but was not a directory as expected. Commonly raised by fs.readdir.

  • ENOTEMPTY (Directory not empty): A directory with entries was the target of an operation that requires an empty directory — usually fs.unlink.

  • ENOTFOUND (DNS lookup failed): Indicates a DNS failure of either EAI_NODATA or EAI_NONAME. This is not a standard POSIX error.

  • EPERM (Operation not permitted): An attempt was made to perform an operation that requires elevated privileges.

  • EPIPE (Broken pipe): A write on a pipe, socket, or FIFO for which there is no process to read the data. Commonly encountered at the net and http layers, indicative that the remote side of the stream being written to has been closed.

  • ETIMEDOUT (Operation timed out): A connect or send request failed because the connected party did not properly respond after a period of time. Usually encountered by http or net — often a sign that a socket.end() was not properly called.

Class: TypeError#

Indicates that a provided argument is not an allowable type. For example, passing a function to a parameter which expects a string would be considered a TypeError.

require('url').parse(() => { });
// Throws TypeError, since it expected a string.

Node.js will generate and throw TypeError instances immediately as a form of argument validation.

Exceptions vs. Errors#

A JavaScript exception is a value that is thrown as a result of an invalid operation or as the target of a throw statement. While it is not required that these values are instances of Error or classes which inherit from Error, all exceptions thrown by Node.js or the JavaScript runtime will be instances of Error.

Some exceptions are unrecoverable at the JavaScript layer. Such exceptions will always cause the Node.js process to crash. Examples include assert() checks or abort() calls in the C++ layer.

OpenSSL Errors#

Errors originating in crypto or tls are of class Error, and in addition to the standard .code and .message properties, may have some additional OpenSSL-specific properties.

error.opensslErrorStack#

An array of errors that can give context to where in the OpenSSL library an error originates from.

error.function#

The OpenSSL function the error originates in.

error.library#

The OpenSSL library the error originates in.

error.reason#

A human-readable string describing the reason for the error.

Node.js Error Codes#

ERR_AMBIGUOUS_ARGUMENT##

A function argument is being used in a way that suggests that the function signature may be misunderstood. This is thrown by the assert module when the message parameter in assert.throws(block, message) matches the error message thrown by block because that usage suggests that the user believes message is the expected message rather than the message the AssertionError will display if block does not throw.

ERR_ARG_NOT_ITERABLE##

An iterable argument (i.e. a value that works with for...of loops) was required, but not provided to a Node.js API.

ERR_ASSERTION##

A special type of error that can be triggered whenever Node.js detects an exceptional logic violation that should never occur. These are raised typically by the assert module.

ERR_ASYNC_CALLBACK##

An attempt was made to register something that is not a function as an AsyncHooks callback.

ERR_ASYNC_TYPE##

The type of an asynchronous resource was invalid. Users are also able to define their own types if using the public embedder API.

ERR_BROTLI_COMPRESSION_FAILED##

Data passed to a Brotli stream was not successfully compressed.

ERR_BROTLI_INVALID_PARAM##

An invalid parameter key was passed during construction of a Brotli stream.

ERR_BUFFER_CONTEXT_NOT_AVAILABLE##

An attempt was made to create a Node.js Buffer instance from addon or embedder code, while in a JS engine Context that is not associated with a Node.js instance. The data passed to the Buffer method will have been released by the time the method returns.

When encountering this error, a possible alternative to creating a Buffer instance is to create a normal Uint8Array, which only differs in the prototype of the resulting object. Uint8Arrays are generally accepted in all Node.js core APIs where Buffers are; they are available in all Contexts.

ERR_BUFFER_OUT_OF_BOUNDS##

An operation outside the bounds of a Buffer was attempted.

ERR_BUFFER_TOO_LARGE##

An attempt has been made to create a Buffer larger than the maximum allowed size.

ERR_CANNOT_WATCH_SIGINT##

Node.js was unable to watch for the SIGINT signal.

ERR_CHILD_CLOSED_BEFORE_REPLY##

A child process was closed before the parent received a reply.

ERR_CHILD_PROCESS_IPC_REQUIRED##

Used when a child process is being forked without specifying an IPC channel.

ERR_CHILD_PROCESS_STDIO_MAXBUFFER##

Used when the main process is trying to read data from the child process's STDERR/STDOUT, and the data's length is longer than the maxBuffer option.

ERR_CONSOLE_WRITABLE_STREAM##

Console was instantiated without stdout stream, or Console has a non-writable stdout or stderr stream.

ERR_CONSTRUCT_CALL_REQUIRED##

A constructor for a class was called without new.

ERR_CONSTRUCT_CALL_INVALID##

A class constructor was called that is not callable.

ERR_CPU_USAGE##

The native call from process.cpuUsage could not be processed.

ERR_CRYPTO_CUSTOM_ENGINE_NOT_SUPPORTED##

A client certificate engine was requested that is not supported by the version of OpenSSL being used.

ERR_CRYPTO_ECDH_INVALID_FORMAT##

An invalid value for the format argument was passed to the crypto.ECDH() class getPublicKey() method.

ERR_CRYPTO_ECDH_INVALID_PUBLIC_KEY##

An invalid value for the key argument has been passed to the crypto.ECDH() class computeSecret() method. It means that the public key lies outside of the elliptic curve.

ERR_CRYPTO_ENGINE_UNKNOWN