Node.js 25 — V8 14.1, big JSON speedups and Web APIs enabled by default
Key update
Node.js 25 (Current) upgrades V8 to 14.1, delivers large JSON.stringify performance improvements, adds built-in Base64/Hex conversion helpers on Uint8Array, unflags Web Storage (localStorage/sessionStorage) so it’s enabled by default, exposes ErrorEvent globally, introduces a new permission flag (--allow-net), and finalizes removal of long-deprecated APIs such as SlowBuffer. These changes are bundled with quality-of-life runtime features like a portable compile cache and JSPI work for WebAssembly. (nodejs.org)
Why it matters
If your services are JSON-heavy (APIs, logging, telemetry) the V8 14.1 upgrades can yield measurable latency and CPU improvements without code changes; benchmark critical endpoints after upgrading. Enabling Web Storage and adding Web-like globals reduces the friction of running browser-oriented libraries in Node, but also means libraries relying on prior polyfills may behave differently — test integration and bundling. Native modules will still need attention: check ABI/N-API compatibility and rebuild native addons where necessary. The new permission flag and removal of legacy APIs tighten the runtime’s secure-by-default posture, which can affect CI, container images, serverless runtimes and tooling that assume older behavior — plan rollouts and CI tests before moving Node 25 into production. (nodejs.org)
Source
Read Next
TypeScript's native Go port (Project Corsa) delivers ~10× type-check speedups
November 29, 2025Microsoft's TypeScript team has ported the compiler and language service to Go (Project Corsa), producing large, real-world speed and memory improvements and shipping native previews for early testing.
Node.js marks built-in TypeScript type‑stripping stable (v25.2.0)
November 28, 2025Node.js v25.2.0 (Nov 11, 2025) promotes runtime TypeScript 'type stripping' to stable — run many .ts files with node directly, with important practical caveats.
Docker patches critical RCE in nested dependency, upstreams fix to LangChain.js
November 27, 2025Docker found and fixed a critical RCE (CVE-2025-12735) rooted in the expr-eval dependency, replaced it with a maintained alternative, and contributed the fix upstream to LangChain.js—affecting Kibana and many LLM apps.