The Node Version Dilemma

If you are using node for years or just starting, you are probably trying to figure out which version and distribution to use moving forward. The official Joyent distribution has two version 0.10 and 0.12, and the new community effort io.js has an active, almost weekly release schedule.

0.10 is the Current Safe Bet

If your production is running 0.10, keep it for now. If you are using node in production with a version older than 0.10, you should upgrade to the latest 0.10. Version 0.10 is by far the most stable, reliable, and well-understood release available today. We have been running 0.10 under heavy production load with extreme spikes for over 2 years. We started developing our production stack on 0.10.0 but it took until 0.10.21 for it to be production ready.

If you are not yet running node in production but are planning to go live in the next three months, use 0.10 for now. Upgrading to other versions later is going to be pretty simple (especially if you use a well maintained framework and published modules). It is unlikely that 0.12 or io.js are going to be production ready within that time-frame, and moving from 0.12 or io.js back to 0.10 is going to be painful (if at all possible).

If you are starting now, or if you are not planning on a significant load anytime soon (e.g. next three months), go ahead and start with the latest io.js. However, make sure to fully appreciate the risks associated. I consider building with io.js today similar to betting on node in the 0.2-0.4 days. It was clearly the future, but it was also experimental and unstable.

0.12 is DOA

The long awaited 0.12 release came about a year after it was originally expected. It represents significant improvements and is clearly the foundation of a future stable node release. However, given our experience with both 0.8 and 0.10, 0.12 will take about six months of active usage and development to reach similar levels of stability of the current 0.10 release.

I have already started seeing issues reported with 0.12 (and io.js which shares much of the code). Some of these issues are complex and involve changes in timing and event emitters that only appear in specific edge cases (these are no necessarily bugs, just very fine breaking changes). However, it is these edge cases that you should be most worried about when going to production since statistically, the larger your scale the higher the risk of hitting them.

I am skeptical about 0.12 reaching the required levels of stability given the resources available to work on it today (with the majority of core contributors focused on io.js). If 0.12 has a chance of moving forward, it is only once the foundation work is done and ready to support it, or via a merge with the io.js distribution. Either way, it is not a move worth making at this time.

io.js and the Future

There is little doubt that io.js represents the future of node. If you look at the work, people, and culture around it, it is pretty obviously heading in the right direction. I expect there to be only one prominent version of node within 6 to 9 months, either by making the official distribution obsolete or by merging with it. The question is when to make the switch.

The problem is that for most people, keeping track of what is going on with io.js right now is practically impossible. There is just so much activity going on. I would not call it noise because it is clearly well thought, well executed, and well communicated. Given that io.js was born out of the lack of progress on the official distribution, I am certainly not advocating slowing down or artificially blocking progress. What I am looking for is the organic maturity that is evident by the project naturally slowing itself down. And that can take a while.

Over the next few weeks and months, companies will come out and share their io.js deployment stories. What is important to remember is that just the fact someone deployed io.js in production doesn’t really means it is ready. The more meaningful story is when these companies share their experiences 3 months later, 6 months later, and a year later. When Walmart deployed 0.10 to production, it was extremely unstable, but the risk was very low given the overall architecture and mitigation available. It would have been a mistake to use that initial deployment announcement as an indication that your environment is equally risk tolerant and ready.

If you are in a position to take a measured risk and put io.js through the load of a production environment, you certainly should. We all depend on those early adopters. But when sharing that information with the community, make sure to provide the full picture, the technical details, and the reasons why you felt it was a low risk decision.