Node.js 25.5.0 Released Update Root Certificates and New

Node.js version 25.5.0 launched on January 26, 2026. This release delivers significant developer-focused enhancements and vital security updates.

The release prioritizes simplified application packaging through a new command-line flag while maintaining cryptographic security standards through updated certificate authorities.

The most significant developer improvement in this release is the introduction of the –build-sea command-line flag. This eliminates multiple manual steps previously required to create Single Executable Applications (SEA).

This consolidation represents a significant quality-of-life improvement for developers distributing Node.js applications as standalone binaries.

Previously, developers had to execute a three-step process:

The new workflow reduces this to a single command:

$ node --build-sea sea-config.json
$ ./sea

This streamlined process integrates the LIEF library (Library to Instrument Executable Formats) directly into Node.js core, eliminating external dependencies and simplifying distribution workflows.

The change maintains backward compatibility with the existing project-based approach and the experimental-sea-config flag, ensuring existing tooling continues functioning. At the same time, developers transition to the new method.

Enhanced File System Monitoring and SQLite Integration

Beyond SEA improvements, Node.js 25.5.0 introduces practical enhancements to file system operations.

The fs.watch() function now supports an ignore option, allowing developers to exclude specific files and directories from monitoring without implementing custom filtering logic.

This prevents unnecessary event processing and reduces computational overhead in applications that track file system changes.

SQLite integration receives two notable updates: defensive mode is now enabled by default, providing additional runtime safety checks.

The SQLite prepare options args enhancement enables more granular control over prepared statement behavior.

These changes reflect Node.js’s commitment to embedding SQLite as a reliable, production-ready data storage option within the runtime.

From a security operations perspective, Node.js 25.5.0 updates root certificates to NSS 3.119, the Mozilla Network Security Services version.

This update ensures that SSL/TLS connections are validated against the current set of trusted Certificate Authorities, maintaining cryptographic trust-chain integrity.

Regular root certificate updates are essential for preventing man-in-the-middle attacks and ensuring applications recognize newly deprecated or compromised CAs.

Additional Quality Improvements

The release includes fixes across multiple subsystems: improved HTTP header handling with rawHeaders validation.

HTTP/2 specification compliance for initialWindowSize validation, and performance optimizations in StringBytes encoding for UTF8 operations.

Thread naming now uses the “node-” prefix for improved debugging visibility, and the test runner supports expecting test cases to fail intentionally, enabling more comprehensive test coverage scenarios.

Infrastructure improvements include updated dependencies (npm 11.8.0, SQLite 3.51.2, ICU 78.2, and V8 cherry-picks), enhanced build system stability, and expanded WebAssembly error documentation.

The release includes over 150 commits that address stability, performance, and developer experience across the entire Node.js ecosystem.

Node.js 25.5.0 is available on all major platforms at nodejs.org/dist/v25.5.0/, with installers for Windows, macOS, and Linux.

Disclaimer: HackersRadar reports on cybersecurity threats and incidents for informational and awareness purposes only. We do not engage in hacking activities, data exfiltration, or the hosting or distribution of stolen or leaked information. All content is based on publicly available sources.