Node LTS vs current: pros and cons

[arkid15r]

Based on this dependabot PR -- Bump node from 22-alpine to 23-alpine in /cspell

Curious to hear your thoughts -- why might we want to use 23-alpine instead of the LTS version for OWASP Nest or vice versa?

[Dishant1804]

Here are my thoughts, this is purely based on my understanding about the node LTS and latest node versions

PROS of LTS

• LTS prioritizes stability and long-term support for production, whereas current versions of node prioritize delivering the latest features quickly
• Latest node images have higher potential for changes that may affect compatibility, whereas LTS aims for minimal breaking changes
• There are very minimal changes in the LTS versions as they have been for a while and are quite stable, however the latest node images may have frequent updated and breaking changes

CONS of LTS

• LTS images are usually very large in size which leads of increase in build time and are generally used for stable environments like production, latest versions can be used in development and testing for faster build time and smaller image size
• LTS in some cases might lack new features or some dependency support -- probability of this happening is less but still we can consider it
• LTS releases are not too often and are usually released after years, so we will not get any new js features until there is new LTS release

[yashgoyal0110]

For OWASP Nest, using the LTS version is good over the Current version (Node 23). as LTS guarantees long-term stability and security patches, which are main for security-focused applications and production environments. Node 23 offers the latest features but has a very short support window, making it risky for applications needing reliability and security updates.

[harsh3dev]

while LTS is for long term support and will provide long term stability to our systems, Alpine versions are light weight and best suited for the production usecase. Alpine has enhanced security due to its slim size and less packages. However I have seen some people facing problems and compatibility issues in build using 23-alpine.

[harsh3dev]

Since we are already using the Alpine version and have not encountered any significant issues so far, it seems reasonable to consider moving to 23-alpine. However, if long-term stability is concerned, the LTS version could be a more suitable option. Ultimately, 23-alpine appears to be a good choice, provided it aligns well with our current requirements.
This is my thought and I am eager to know contributors and mentors thoughts on this.

[arkid15r]

My understanding is that alpine is a flavor while the question here is current vs LTS Node version.

For the backend we use the most recent Python 3.13 so I'm trying to figure out if we should apply the same approach for the frontend.

[harsh3dev]

Sure, I understand the points here.
From my perspective, it might be worth considering the use of the current LTS version for the frontend, considering its stability. The newer version might not be thoroughly tested yet and could potentially require additional time to reach a stable state.
With stability in mind, I believe sticking with the current LTS version could be a more reliable choice for now.
What do you think?
Please correct me if I'm mistaken.

[arkid15r]

We're staying on LTS version.