Node.js Compatibility Requirements
Code Security capabilities
The following code security capabilities are supported in the Node.js library, for the specified tracer version:
Code Security capability | Minimum Node.js tracer version |
---|
Runtime Software Composition Analysis (SCA) | 4.0.0 |
Runtime Code Analysis (IAST) | 4.18.0 for Node.js 16+, or 5.0.0 for Node.js 18+ |
The minimum tracer version to get all supported application security capabilities is 4.18.0 for Node.js 16+ and 5.0.0 for Node.js 18+.
Supported deployment types
Type | Threat Detection support | Software Composition Analysis |
---|
Docker | | |
Kubernetes | | |
Amazon ECS | | |
AWS Fargate | | |
AWS Lambda | | |
Type | Runtime Software Composition Analysis (SCA) | Runtime Code Analysis (IAST) |
---|
Docker | | |
Kubernetes | | |
Amazon ECS | | |
AWS Fargate | | Preview (4.18.0 for Node.js 16+, or 5.0.0 for Node.js 18+) |
AWS Lambda | | |
Language and framework compatibility
Node.js Version Support
When the Node.js project drops support for an LTS major release line (when it goes End of Life), support for it is dropped in the next major version of dd-trace
.
The last major supporting release line of dd-trace
library supports that EOL version of Node.js for at least another year on a maintenance mode basis.
Some issues cannot be solved in dd-trace
and instead must be solved in Node.js. When this happens and the Node.js release in question is EOL, it’s not possible to solve the issue without moving to another non-EOL release.
Datadog does not make new releases of dd-trace
to provide specific support for non-LTS Node.js major release lines (odd numbered versions).
For the best level of support, always run the latest LTS release of Node.js, and the latest major version of dd-trace
. Whatever release line of Node.js you use, also use the latest version of Node.js on that release line, to ensure you have the latest security fixes.
For more information about Node.js release, see the official Node.js documentation.
Operating system support
The following operating systems are officially supported by dd-trace
. Any operating system not listed is still likely to work, but with some features missing, for example application security capabilities, profiling, and runtime metrics. Generally speaking, operating systems that are actively maintained at the time of initial release for a major version are supported.
Operating System | Architectures | Minimum Versions |
---|
Linux (glibc) | arm64, x64 | CentOS 7, Debian 9, RHEL 7, Ubuntu 14.04 |
Linux (musl) | arm64, x64 | Alpine 3.13 |
macOS | arm64, x64 | Catalina (10.15) |
Windows | x64 | Windows 8.1, Windows Server 2012 |
Web framework compatibility
- Tags for the HTTP request (status code, method, etc)
- Distributed Tracing to see attack flows through your applications
Code Security Capability Notes
- Runtime Software Composition Analysis (SCA) is supported on all frameworks
- If your framework is not listed below, Runtime Code Analysis (IAST) will still detect Weak Cipher, Weak Hashing, Insecure Cookie, Cookie without HttpOnly Flag, and Cookie without SameSite Flag vulnerabilities.
Framework | Versions | Runtime Code Analysis (IAST) |
---|
express | >=4 | |
nextjs | >=11.1 | |
If you would like to see support added for any of the unsupported capabilities or for your Node.js framework, let us know! Fill out
this short form to send details.
Networking framework compatibility
Networking tracing provides:
- Distributed tracing through your applications
- Request-based blocking
Code Security Capability Notes
- Runtime Software Composition Analysis (SCA) is supported on all frameworks
Framework | Runtime Code Analysis (IAST) |
---|
http | |
https | |
Data store compatibility
Datastore tracing provides:
- Query info (for example, a sanitized query string)
- Error and stacktrace capturing
Code Security Capability Notes
- Runtime Software Composition Analysis (SCA) is supported on all frameworks