Idea: Add a node.js LTS check to Node-RED?

Was thinking recently about node.js version management for Node-RED. While it is pinned to a particular major version, that is really only the "minimum" version that should be used.

This may leave users thinking that their old, no longer supported installed version of node.js is still OK when it really isn't.

So I checked to see if there is an easy way to check whether the running node.js version is an LTS version and it seems there is indeed.

Hence the question - do people feel that it would be a good idea to add a check to Node-RED?

And if so, just on start-up or periodically - since many of us run Node-RED continuously for months or even years at a time.

For reference, process.release.lts tells you whether you are running an LTS version.

And I've not tried this but it was AI suggested regarding more detailed checks:

const https = require('https');

https.get('https://nodejs.org/dist/index.json', (res) => {
  let data = '';

  res.on('data', (chunk) => {
    data += chunk;
  });

  res.on('end', () => {
    const releases = JSON.parse(data);
    const latestLTS = releases.find((release) => release.lts);
    const installedVersion = process.version;

    console.log(`Latest LTS version: ${latestLTS.version}`);
    console.log(`Installed version: ${installedVersion}`);

    if (latestLTS.version === installedVersion) {
      console.log('The installed version is an LTS version.');
    } else {
      console.log('The installed version is not an LTS version.');
    }
  });
}).on('error', (err) => {
  console.error(`Error: ${err.message}`);
});

Well yes - I wouldn't want something like a popup nagging me every time I start the editor - and I bet a lot of people don't look at the logs often if at all unless there is a problem. so wouldn't see a simple log message - and if they did would they then "panic", upgrade and possibly break their working system ? Also I run quite a few systems not connected to the internet so the test would fail.
I guess it's good to know but what do we actually want to do with the information...

And a quick test flow:

[{"id":"3aba606e3d187d8b","type":"group","z":"d0860be6.7951b8","name":"Check node.js versions","style":{"fill":"#e3f3d3","fill-opacity":"0.47","label":true,"color":"#000000"},"nodes":["fb54ce55d98d7d34","6413c730059274c2","8adc5a6b529afeeb","f9f5e3edbfdb44a7"],"x":94,"y":3639,"w":972,"h":82,"info":"NB: AI Generated.\r\n\r\n## Check Node LTS Version\r\n\r\nTo programmatically check whether the installed version of Node.js is an LTS version, you can use\r\nthe process.release.lts property within a Node.js script. This property will be undefined for\r\nnon-LTS versions and will contain the name of the LTS line for LTS versions.\r\n\r\nHere is an example of how you can check this in a Node.js script:\r\n\r\n```js\r\nconsole.log(process.release.lts);\r\n```\r\n\r\nIf the installed version is an LTS version, the script will output the name of the LTS line,\r\nsuch as Argon or Gallium. If it is not an LTS version, the output will be undefined.\r\n\r\nAdditionally, you can fetch the latest LTS version details from the Node.js release API and\r\ncompare it with the installed version. Here is a more detailed script that does this:\r\n\r\n```js\r\nconst https = require('https');\r\n\r\nhttps.get('https://nodejs.org/dist/index.json', (res) => {\r\n  let data = '';\r\n\r\n  res.on('data', (chunk) => {\r\n    data += chunk;\r\n  });\r\n\r\n  res.on('end', () => {\r\n    const releases = JSON.parse(data);\r\n    const latestLTS = releases.find((release) => release.lts);\r\n    const installedVersion = process.version;\r\n\r\n    console.log(`Latest LTS version: ${latestLTS.version}`);\r\n    console.log(`Installed version: ${installedVersion}`);\r\n\r\n    if (latestLTS.version === installedVersion) {\r\n      console.log('The installed version is an LTS version.');\r\n    } else {\r\n      console.log('The installed version is not an LTS version.');\r\n    }\r\n  });\r\n}).on('error', (err) => {\r\n  console.error(`Error: ${err.message}`);\r\n});\r\n```\r\n\r\nThis script fetches the latest LTS version from the Node.js release API and compares it with the\r\ninstalled version to determine if the installed version is an LTS version."},{"id":"fb54ce55d98d7d34","type":"inject","z":"d0860be6.7951b8","g":"3aba606e3d187d8b","name":"","props":[{"p":"topic","vt":"str"}],"repeat":"2142000","crontab":"","once":true,"onceDelay":"10","topic":"check-nodejs-version","x":155,"y":3680,"wires":[["8adc5a6b529afeeb"]],"l":false},{"id":"6413c730059274c2","type":"debug","z":"d0860be6.7951b8","g":"3aba606e3d187d8b","name":"debug 37","active":true,"tosidebar":true,"console":false,"tostatus":false,"complete":"true","targetType":"full","statusVal":"","statusType":"auto","x":960,"y":3680,"wires":[]},{"id":"8adc5a6b529afeeb","type":"http request","z":"d0860be6.7951b8","g":"3aba606e3d187d8b","name":"Get node.js versions","method":"GET","ret":"obj","paytoqs":"ignore","url":"https://nodejs.org/dist/index.json","tls":"","persist":false,"proxy":"","insecureHTTPParser":false,"authType":"","senderr":false,"headers":[],"x":300,"y":3680,"wires":[["f9f5e3edbfdb44a7"]]},{"id":"f9f5e3edbfdb44a7","type":"function","z":"d0860be6.7951b8","g":"3aba606e3d187d8b","name":"function 4","func":"const releases = msg.payload\n\nconst latestLTS = releases.find((release) => release.lts)\n\nconst installedVersion = process.version\n\nconst installedDetails = releases.find((release) => release.version === installedVersion)\n\nconst isIninstalledLTS = installedDetails.lts !== false\n\nconsole.log(`Latest LTS version: ${latestLTS.version}, LTS: ${latestLTS.lts}`)\nconsole.log(`Installed version: ${installedVersion}. From details: ${installedDetails.version}, LTS ${installedDetails.lts}`);\n\nif (isIninstalledLTS === true) {\n    console.log('The installed version is an LTS version.');\n} else {\n    console.log('The installed version is not an LTS version.');\n}\n\nreturn {\n    isInstalledLTS: isIninstalledLTS,\n    installed: installedVersion,\n    installedDetails: installedDetails,\n    latestLTS: latestLTS,\n    releases: releases,\n}","outputs":1,"timeout":0,"noerr":0,"initialize":"","finalize":"","libs":[{"var":"process","module":"process"}],"x":500,"y":3680,"wires":[["6413c730059274c2"]]}]

image305×269 5.07 KB

It would be to encourage people to not fall too far behind with their node.js installs.

I do get the issues you've raised which is why I posed it as a question rather than a request.

Perhaps a monthly background check that output's to the Node-RED log. While most people probably won't regularly check the log, it would be usable in production environments if people are doing log aggregation or other checks.

It would perhaps log an error message if the running version of node.js is no longer an LTS version.

On of the proposed features for 4.1 is an update check for Node-RED itself. The runtime will ping back to an endpoint we provide with the current versions (and a couple other bits of useful info around OS type and version). The response from that will include the latest Node-RED version available - and could include node.js information as well.

Longer term, the plan is to also include any known security alerts associated with the current versions - so the user can be made aware of there being more than just a new version available.

As this is essentially sharing data with the project, I'm working on the consent mechanism for it at the moment.

This is what you'll see in the editor:

image646×430 21.2 KB

Clicking on the Node-RED available button currently takes you to the release notes for the release on GitHub.

The '14 updates available' refers to nodes in your palette that have updates - clicking it opens the Palette Editor, with the view filtered to those that have updates available.

Cool! A Node-RED version check was my next recommendation. Great to hear that you already have it in hand.

Initially, I had planned an icon in the statusbar for this kind of packet (necessary for NR without being a node or module - it's another icon) but Nick's current work (Telemetry) uses it only for the NR core.

An alternative would be... Ah Nick just answered that - use the telemetry endpoint response which contains these versions.

Nice, a good balance. If the node.js check could also be included, that would do it I think?

However, can I also suggest outputting something to the log so that production environments running things like Splunk for log aggregation and reporting can monitor for it? Doesn't need to be an error message, just an info log message.

Already there... don't have an example of the output to screenshot, but...

runtime.log.info(`A new version of Node-RED is available: ${latest}`)

If the system starts checking then the community better be making packages more backwards compatible than they currently are. I have to say that I’m stable and behind a firewall and not happy with the state of backwards compatibility across the ecosystem.

Hi, might be a good idea to start a new thread on this so that it can be examined. It is a tricky area for JavaScript based apps.