The Pace of Change Creates a Need
To create predictability for developers, the Node team releases major versions with even whole numbers every April. These versions often include cutting-edge capabilities and carry Current status for six months. In October, an odd-numbered Current release rolls out, and April’s Current release moves to Long-Term Stable status. A Node version enjoys LTS for 30 months, and this status matters. The Node.js team recommends that all commercial applications exclusively rely on Long-Term Stable versions.
Along with developing new application features, programmers typically need to maintain code for existing products. Naturally, coders used earlier Node.js versions with these projects. Keeping existing products inside Node’s commercially viable LTS window is another necessity. Therefore, a typical work week will require programmers to code with different Node.js versions.
Releasing a brand-new concept creates another can of programming worms. Before deploying an application, developers must provide customers with a range of compatible Node.js versions. Ensuring that compatibility means testing the product with many Node iterations. The early solutions to these demands were either time-consuming or messy. The simple solution developers needed would face a slow evolution.
nvm Emerges as an Answer
Developer Tim Caswell posted the first iteration of his Node Version Manager to GitHub in 2010. nvm works with Linux and Apple’s macOS, two widely used operating systems with UNIX ancestry. With incremental upgrades, nvm began to gather momentum by 2014. In the same year, nvm-Windows, a parallel project, launched and opened the door to the massive Windows user base. A series of user-friendly upgrades in 2018 added to nvm’s momentum.
Within two more years, the nvm and nvm-Windows tandem established itself as a de facto standard. Indeed, some Node.js online learning courses direct their students to install nvm before installing Node itself. With that ubiquity, it is worth looking at how to install and use nvm.
Installing nvm begins with clicking on nvm’s GitHub home page. From there, copying and pasting the installation script in the terminal is the next step. Allowing for changing version numbers, the script should closely resemble this format:
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.38.0/install.sh | bash
Pressing return sets the process in motion. If the user’s machine needs additional files to enable nvm, the installer displays instructions and template commands to paste into the terminal. With installation complete, closing the terminal window and opening a new window makes nvm ready for action.
nvm-Windows’ installation is even more straightforward. From the nvm-Windows’ GitHub page, users need to download the .zip installation file. Double-clicking the .zip file expands the installation package. Double-clicking the expanded package icon launches the installation wizard. After stepping through the wizard’s instructions, nvm-Windows is ready to roll with commands from the Windows shell.
nvm ingeniously downloads and installs Node.js versions in individual folders. The install command works this magic, and here are some syntax examples with comments following the pound sign:
nvm install node # Installs the most recent version of the Current release
nvm install --lts # Installs the most recent Long-Term Stable version
nvm install lts/fermium # Installs the latest version of Node.js v14, code-named Fermian
nvm install 12.2 # installs the most recent patch in the 12.2 series
The install command does not make the specified version the active Node edition. nvm’s use command sets the active Node version in a shell, and this command follows the install command’s syntax. If a user specifies an uninstalled Node version, an error message results. To avoid that embarrassment, nvm’s ls command serves up a color-coded version list. Here are some examples:
nvm ls # Lists all downloaded versions
nvm ls-remote # Lists all Node versions available for download
What if an over-caffeinated coder forgets the nvm command syntax? Typing
nvm --help will bring up a helpful glossary but will not relieve jitters.
nvm’s commands make for straightforward and nimble navigation, but juggling multi-digit numbers can present a challenge with a long list of versions. Happily, nvm has a solution: the alias command. With alias, coders can tag Node.js versions with understandable names and use these names in place of version numbers. Here are ways to take advantage of this feature:
alias esm-trial 16.9.1 # assigns Node version for a project testing a Current release
alias our-app_stable 12.22.6 # assigns this Node version for a publicly released application
alias our-app_alpha 14.16.2 # assigns Node version for an app undergoing alpha testing
Once named, aliases can replace version numbers with nvm’s use command:
Users can further enhance aliases with
color-coding. The nvm GitHub homepage documentation spells out how to achieve persistent colors with the
NVM_COLORS variable. While aliases add user-friendliness to version switching, they fall short of automation. Fortunately, an nvm technique makes that goal a reality.
nvm Project Management Techniques
When switching projects, developers must take care to work in the appropriate Node version for each project. Failing this task can waste hours. Memorable alias names can help. nvm’s current command spits out the active Node version, serving as another aid. Nonetheless, it would be mighty handy to have the correct Node.js version toggled by simply navigating to a project folder. A single-line .nvmrc file achieves that goal.
When given a run or execute command, nvm checks the current folder for a
.nvmrc file. If the file exists, nvm activates the specified Node version before continuing the run sequence. Creating a
.nvmrc file in a project’s root folder is straightforward, as this example shows:
echo "14.17.2" > .nvmrc # Assures that this node version always runs with the parent project
It is infuriatingly common for new versions of programming tools to break an older project. Having compatible versions of software tools matched to each project would certainly relieve maintenance headaches. nvm’s file structure makes this arrangement possible. If the globally installed version of TypeScript breaks with an older project, it’s a simple matter to head to Microsoft’s website, download an earlier version and install the tool locally in the appropriate Node.js version folder.
Clever use of nvm and nvm-Windows have carried developers a long distance over the past half-decade. Nonetheless, the use of both utilities still requires extraordinary care as developers hop from project to project. The worldwide coding community would welcome more automatic version management, and applications to meet that need may be close at hand.
Rival Managers Stake Their Claim
While nvm and nvm-Windows have been widely adopted by the developer community, neither is an official part of the Node.js standard. The OpenJS Foundation has indicated a preference for letting the open-source development community drive the decision making process and allowing the software cream to rise to the top. Two alternatives have recently gained developer attention, and a third contender is in the pipeline.
The “vs” in nvs stands for Visual Studio Code, Microsoft’s cross-platform integrated development environment. Introduced in 2016, nvs gained little traction from developers outside of the Microsoft ecosystem. Recent praise from developers in the Angular community raised nvm’s profile. Used in tandem with Visual Studio and Microsoft’s PowerShell extension, nvs closely follows nvm syntax while adding handy capabilities:
- An Interactive Menu: When invoked with no parameters, the nvs command displays an interactive menu of Node.js versions on the local machine or available on the web.
- Configurable Remotes: The nvs remote command eases life for developers on the cutting edge by streamlining downloads of Node.js nightly builds.
With Visual Studio Code projects, developers can skip .nvmrc files and enable automatic selection of the correct Node.js version by adding a line to the project’s launch.json file. Adding the
"runtimeArgs" attribute and a valid Node.js version reference ensures the desired Node version on launch. Here are a few examples:
"runtimeArgs": [ "node/lts" ] # Launch with the most recent LTS Node version
"runtimeArgs": [ "erbium/lts" ] # Launch with the latest version of Node.js v12, code-named “Erbium”
"runtimeArgs": [ "10.12.1" ] # Launch with Node.js v10.12.1
Posting its initial stable version in January 2021, Volta has won favorable reviews from Node.js developers. This open-source newcomer aims to simplify Node version-switching and speed developers’ workflow. Volta ships as a single binary file with no other dependencies. With macOS, Linux, or Git for Windows, Volta installs with a single command:
curl https://get.volta.sh | bash. To use Volta in the native Windows environment, the vendor provides a downloadable installer.
With the pin command, Volta’s developers aimed to one-up the capabilities of the nvm and nvs managers. Volta’s pin command allows developers to set a global preferred Node version for their programming environment and individual versions for each project. The pin command thus eliminates the need to create
.nvmrc files or develop in Visual Studio.
The utility of pin extends beyond Node selection. Developers can pin a version of the npm or Yarn package managers to a project. Better still, Volta can pin individual editions of tools such as TypeScript or webpack to a project. This ability addresses a longtime aggravation in team development settings: the subtle differences among programmers’ tool setups provoking hard-to-track breakages. By invoking a handful of pin commands across a team, developers can ascertain that all members use identical toolchains across a project.
As for developers working with large corporate repositories, Volta offers rudimentary support for workspaces. Unlike the intuitive pin command, coders will need to study their hierarchy trees and edit package.json files with this early Volta edition.
A replacement for nvm-Windows is also on the horizon. In the summer of 2020, creator Corey Butler announced that he was developing a successor to his six-year-old utility. Currently code-named “rt”, the new product will be cross-platform and include both a free-to-download open-source version and a commercial edition with proprietary code. Butler stated that the commercial version will have enhanced collaboration and team management features. With the release of nvm-Windows’ final version in September 2021, Butler shifted his focus to his successor product.
So that’s a few different ways to change to an older version of Node.
Versions Change and the Need for Security Remains
nvm and its new competitors demonstrate the value of tools that bring simplicity and efficiency to software development. SOOS brings the same value to software composition analysis. SOOS integrates with Node.js and a host of other frameworks and tools. A SOOS scan compares every package and dependency against nearly 150,000 known vulnerabilities. Once detected, the SOOS dashboard highlights issues and prioritizes trouble spots.
SOOS handles compliance with equal ease. Whether it’s licenses, trademarks, copyrights, or patents, a SOOS scan keeps developers on the right side of compliance at all times.
Security, compliance, governance, and productivity — SOOS is the security analyzing tool for the job.