🎉 Node-RED 4.0 Beta 4 (the final one) released

:tada: The fourth and final beta release of Node-RED 4.0 is now available!

Node-RED 4.x requires at least Node 18.x. We recommend using Node 20

We weren't going to do another beta release, but some churn in our dependencies over the last few days means we've had to make some bigger dependency updates than we were planning. In particular the mqtt module has had a major version update. Whilst it all looks good in our local testing, it felt sensible to do one more beta refresh. I know this delays getting to the final release, but we want to make sure we don't rush out anything at the last minute.

There have been a number of other fixes and small enhancements made alongside the dependency updates.

The Change Log has the full list of changes.

Note: if any issues are reported against the beta, we'll update this post to list them here. If you hit a problem, please do check back here before adding a comment.

Known Issues

  • none

Updated Proxy Handling

@Steve-Mcl has done a good job tidying up our support for proxies with the HTTP Request node. Our existing behaviour had a number of issues and didn't fully support the various standard environment variables used to configure proxies.

Details are in the original issue and the pull request that fixed it.

Better feedback for read-only users

Previously if a user had read-only access to the editor, they could make changes and click the deploy button - only to be told at that point they cannot make changes.

With this release, the Deploy button now shows a lock icon if the current user doesn't have permission to deploy changes. They can still make changes in the workspace, but the deploy button won't become enabled.


Other updates

  • Middle mouse clicking now pans the workspace properly on Windows - thanks corentin-sodebo-voile
  • node-red --version now reports the node-red, node.js and os information without starting Node-RED.
  • A new httpAdminCookieOptions option can be used to customise the options set on cookies as part of the authentication system
  • Various code hygiene fixes from Rotzbua
  • Various tooltips and TypedInput fixes from @GogoVega

Be sure to read through the Change Log to see what else is in there.

Installing the beta

If you want to try out the beta, you will need specify node-red@next when you use npm to update. Without the @next you'll still get 3.x

So on a Pi you'd do:

sudo npm install -g --unsafe-perm node-red@next

Docker images

The beta images are available under nodered/node-red-dev:v4.0.0-beta.4 - with the default image being based on node 20.

Reporting problems

If you hit any problems, please report them either as a reply on this topic, or in the #core-dev slack channel. Please do not post new topics to the forum regarding the beta as that could confuse users who are not using the beta.

Outstanding work

This would have been the full release if it weren't for the dependency updates we've had to make. So expect the full release in the next 2 weeks.... which is what I said last time, but there is barely anything left to do at this point.


When I install it I get these warnings

 deprecated inflight@1.0.6: This module is not supported, and leaks memory. Do not use it. Check out lru-cache if you want a good and tested way to coalesce async requests by a key value, which is much more comprehensive and powerful.
npm WARN deprecated npmlog@5.0.1: This package is no longer supported.
npm WARN deprecated rimraf@3.0.2: Rimraf versions prior to v4 are no longer supported
npm WARN deprecated are-we-there-yet@2.0.0: This package is no longer supported.
npm WARN deprecated glob@7.2.3: Glob versions prior to v9 are no longer supported
npm WARN deprecated gauge@3.0.2: This package is no longer supported.

Are any of these from the core modules just installed or all from contrib nodes?
Especially, is inflight@1.0.6 part of the core?

They are a few layers down in the core dependencies and there aren't currently updates available to eliminate them. The inflight deprecation only happened last week and it's going to take a bit of time to filter down the dependency tree.

This is one of the motivations for the mqtt module update I mentioned.

Also worth adding, none of those deprecated modules are on functional code paths used by Node-RED. Unfortunately we don't have any way to suppress the warnings. I'm hoping updates filter their way through in the next week or two. The inflight module was deprecated despite having 43 million weekly downloads - it is going to impact lots of people.

I don't see anything on security in the changelog for v4.0?

True. Still not got a clear plan for core changes (rather than changes that could be made in the installer at any time).

Excellent work regardless.

A post was split to a new topic: Dashboard2 sub-groups disappeared