Gerson

Gerson

Passionate developer specializing in web development, cloud architecture, and system design.

TypeScriptReactNext.jsPythonFastAPISQLNode.jsAWS

What's New in Node.js 24: Native TypeScript, Permissions, and Performance

Node.js 24 shipped native TypeScript support, a permissions model for runtime security, npm v11 with 65% faster installs, and V8 engine updates. Here's everything you need to know to upgrade.

Gersonhttps://nodejs.org/en/blog/announcements/v24-release-announce
Server infrastructure representing Node.js runtime environment

Node.js 24 launched on May 6, 2025, and entered LTS in October 2025. This is a significant release that addresses several long-standing pain points: you can now run TypeScript files directly, restrict what your process can access at runtime, and benefit from substantially faster npm installs. Let's break down everything that changed.

Native TypeScript Support (Stable)

The headline feature is that TypeScript type-stripping is now stable. You can run .ts files directly without any build step or additional tooling:

Terminal

# No ts-node, no tsx, no build step
node index.ts

Node.js strips the type annotations at startup and executes the resulting JavaScript. This is type-stripping only — it removes type annotations but doesn't perform type checking or transform TypeScript-specific syntax like enum or namespace. For those features, you still need tsc or a bundler.

What this means in practice: for scripts, CLIs, and simple applications where you were using tsx or ts-node as a convenience, you can now drop that dependency entirely. For larger projects with build pipelines, the workflow doesn't change much, but it's nice that node file.ts just works during development.

server.ts — runs directly with node

import { createServer, IncomingMessage, ServerResponse } from "node:http";

const port: number = 3000;

const server = createServer((req: IncomingMessage, res: ServerResponse) => {
  res.writeHead(200, { "Content-Type": "application/json" });
  res.end(JSON.stringify({ message: "Hello from Node.js 24!" }));
});

server.listen(port, () => {
  console.log(`Server running on port ${port}`);
});

Permissions Model

Node.js 24 promotes the experimental permissions model to a more mature state. You can now restrict what your Node process is allowed to do using --allow-* flags:

Terminal — Running with restricted permissions

# Only allow reading from ./data and network access to api.example.com
node --allow-fs-read=./data --allow-net=api.example.com app.js

# Allow all filesystem reads but no writes
node --allow-fs-read=* app.js

# Allow child process spawning only for specific commands
node --allow-child-process app.js

This is a meaningful security improvement for production deployments. If a dependency is compromised and tries to read /etc/passwd or phone home to an unauthorized server, the permissions model blocks it at the runtime level. It's defense in depth — not a replacement for proper dependency auditing, but a valuable additional layer.

npm v11

Node.js 24 ships with npm v11, which delivers 65% faster installs compared to npm v10. The performance improvement comes from better parallelization of network requests, smarter caching, and reduced overhead in the dependency resolution algorithm.

For most projects, the upgrade is transparent — npm install just runs faster. The one breaking change to watch for: npm v11 is stricter about peer dependency conflicts. Projects that relied on npm v10's more lenient behavior may need to add explicit --legacy-peer-deps or fix their dependency tree.

V8 Engine Updates

The updated V8 engine brings several new JavaScript features:

  • Float16Array — A new typed array for 16-bit floating point numbers. Useful for machine learning inference, WebGPU interop, and anywhere you need compact floating-point storage.
  • RegExp.escape() — Finally, a built-in way to escape special characters in strings before using them in regular expressions. No more hand-rolling escape functions or pulling in a library for this.
  • Improved fetch() compliance — The built-in fetch() implementation is now more compliant with the WHATWG specification, reducing edge cases where Node's fetch behaved differently from browser fetch.

New V8 features in action

// Float16Array for compact numeric storage
const weights = new Float16Array([0.5, -1.2, 3.14]);
console.log(weights.byteLength); // 6 (vs 12 for Float32Array)

// RegExp.escape — no more custom escape functions
const userInput = "price is $10.00 (USD)";
const escaped = RegExp.escape(userInput);
// "price\\ is\\ \\$10\\.00\\ \\(USD\\)"
const regex = new RegExp(escaped);

Deprecations and Breaking Changes

A few things to watch for when upgrading:

  • url.parse() is deprecated — Use the WHATWG URL constructor instead. url.parse() has had known security issues with URL parsing inconsistencies, and the WHATWG URL API is the correct replacement.
  • TLS method deprecationstls.createSecurePair() and related legacy TLS methods are deprecated. Use tls.TLSSocket directly.
  • Stricter ESM resolution — Some edge cases in ESM module resolution that were previously lenient now throw errors. If your imports worked in Node 22 but fail in 24, check for missing file extensions in import paths.

Should You Upgrade?

If you're on Node.js 22 LTS, the upgrade path is smooth for most applications. The native TypeScript support and npm v11 performance are immediately tangible benefits. Test your application thoroughly (especially around ESM imports and peer dependencies), but there are no major architectural changes that would require rewrites.

If you're on Node.js 20 or earlier, upgrade to 22 LTS first, then to 24 — jumping multiple major versions at once increases the risk of hitting multiple breaking changes simultaneously.

Resources