> ## Documentation Index
> Fetch the complete documentation index at: https://auth0.com/llms.txt
> Use this file to discover all available pages before exploring further.
> Describes Auth0 Actions items affected by the Node.js v12+6 to Node.js v18 migration.
# Migrate from Node 12 and 16 to Node 18
Long-term support (LTS) for Node.js 12 and 16 ended in 2023, which means the Node.js development team no longer back-ports critical security fixes to these versions. Running with Node 12 or 16 runtimes could expose your extensibility code to security vulnerabilities.
Node 18 extensibility runtime is generally available (GA) across our entire suite of extensibility offerings. This includes Actions, Rules, Hooks, Database Scripts, and Custom Social Connections. We strongly encourage everyone to update to Node 18 as soon as possible to adhere to best code security practices.
## General considerations
### Migrate Rules and Hooks to Actions
If you are using a discontinued extensibility runtime, we recommend taking the review of your Rules and Hooks implementation as an opportunity for migrating them to (Node 18) Actions. Determine which Rules and Hooks you can migrate to Actions by visiting [Actions Limitations](/docs/customize/actions/limitations). To learn more about migrating your Rules and Hooks to Actions, see [Migrate to Actions](/docs/customize/actions/migrate).
### Marketplace integrations
#### Social Connections Integrations
Use the [Management API](https://auth0.com/docs/api/management/v2) to identify a complete list of social connections that a Node runtime version change may impact. In particular, all potentially impacted social connections, either explicitly created as a custom social connection or initially added through the Marketplace, have the `strategy` attribute with a value of either `oauth1` or `oauth2`.
You can then paginate through all the existing custom social connections in a given tenant using the `GET` connections Management API endpoint. For example, the following query options returns the names and identifiers of up to 100 custom social connections:
```http wrap lines theme={null}
/api/v2/connections?strategy=oauth1&strategy=oauth2&include_totals=true&fields=name&per_page=100
```
The Auth0 Dashboard does not allow updating the scripts for custom social connections added through the Marketplace. If a script change is required to be compatible with Node 18, you must use the Management API.
## Migration tasks
### Create new custom Actions
To create a new custom Action with Node 18 through the Auth0 Dashboard:
1. Navigate to [Auth0 Dashboard > Actions > Library](https://manage.auth0.com/#/dashboard/actions/library).
2. Select **Create Action > Build from scratch**.
3. In the **Runtime\*** field, select **Node 18 (Recommended)**.
4. Write your custom Actions in Node 18, test, and deploy when ready.
### Upgrade existing custom Actions
You can individually upgrade existing custom Actions built on Node 12 or 16 to Node 18 and [revert to the previous version](/docs/customize/actions/manage-versions#revert-actions) using the older runtime. Upgrade Actions to Node 18 by creating and deploying a new version of the existing implementation with any required changes and set to use Node 18 as the runtime.
### Choose Node 18 for other extensibility products
The runtime used for the remaining (non-Actions) extensibility offerings is defined globally at the tenant's advanced settings level. Changing this setting impacts the following functionality at the same time:
* rules
* hooks
* custom database scripts
* custom social connection scripts
To change the tenant extensibility runtime setting in the Auth0 Dashboard:
1. Navigate to **Dashboard > Settings > Advanced**.
2. Scroll to the **Extensibility** section.
3. For **Runtime**, select **Node 18**.
Given that this is a global setting that impacts multiple extensibility features simultaneously, we recommend that you perform this step in your development tenant first, complete testing of all applicable extensibility features, and proceed to your production tenant only when you see no issues in development.
Specifically for Custom DB scripts you can [follow the steps as explained on this page](/docs/authenticate/database-connections/custom-db/custom-database-connections-scripts/environment) to individually verify a script against a specific runtime version before proceeding to change the global runtime version.
## Known breaking changes
### Magic npm modules
The Node 12 extensibility runtime supports using specific `npm` modules without explicitly requiring them in the extensibility code. Starting with Node 16 runtime, we removed support for this type of usage for the following modules:
* \_
* async
* Auth0
* azure\_storage
* bcrypt
* crypto
* couchbase
* cql
* ip
* jwt
* Knex
* mongo
* mysql
* mysql\_pool
* ObjectID
* pbkdf2
* pg
* postgres
* Pubnub
* q
* querystring
* sqlserver
* uuid
* xml2js
* xmldom
* xpath
* xtend
If you still have extensibility running on Node 12, consider the above when updating the code directly to Node 18. Before using a module, you must ensure that it is explicitly required.
In the context of Rules, Custom Database Connections, and Custom Social Connections, you must explicitly require a version of the module that is [listed as available for Node 18](https://auth0-extensions.github.io/canirequire/).
In Hooks and Actions, you must add the intended target version as an explicit dependency before requiring the module.
### Can I Require module versions removed
We removed support for the specified versions of the modules listed below for the Node 18 runtime from [Can I Require](https://auth0-extensions.github.io/canirequire/). This change impacts the extensibility code associated with Rules, Custom Database Connection Scripts, and Custom Social Connection Scripts.
The fetch user profile script for the following custom social connections ([Indeed](https://marketplace.auth0.com/integrations/indeed-social-connection), [monday.com](https://marketplace.auth0.com/integrations/monday-com-monday-com-social-connection), [Snapchat](https://marketplace.auth0.com/integrations/snapchat-social-connection), and [Tumblr](https://marketplace.auth0.com/integrations/tumblr-social-connection)), available through the Marketplace, used version `0.22.0` of the `axios` module, which is not available in Node 18. If you at use one of these connections, review and update their scripts as necessary through the [Management API](https://auth0.com/docs/api/management/v2).
| Module | Versions |
| ------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| @analytics/google-analytics | 0.4.0 |
| @auth0/hapi | 13.5.1, 13.6.0 |
| @auth0/rule-utilities | 0.1.0 |
| @gitbeaker/node | 17.0.1 |
| @incognia/api | 1.0.0 |
| @octokit/rest | 15.8.2 |
| @sentry/node | 5.6.2, 5.15.5, 6.2.0 |
| acorn | 1.2.2 |
| airbrake | 1.0.2 |
| airgram | 3.1.1 |
| ajv | 6.10.1 |
| amazon-dax-client | 1.2.2 |
| amazon-mws-node | 1.0.3 |
| analytics | 0.5.1 |
| analytics-node | 2.0.1, 3.5.0 |
| applicationinsights | 0.15.8, 0.18.0, 1.5.0, 1.8.8 |
| async | 1.0.0, 0.9.0, 2.1.2, 2.6.1 |
| auth0 | 2.4.0, 2.1.0, 2.0.0, 0.8.2, 2.6.0, 2.7.0, 2.8.0, 2.9.1, 2.13.0, 2.17.0, 2.17.1, 2.19.0, 2.23.0, 2.27.0, 2.27.1, 2.30.0, 2.31.0, 2.32.0, 2.34.2, 2.35.0, 2.36.1, 2.36.2, 2.39.0, 3.0.1 |
| auth0-authz-rules-api | 4.0.0 |
| auth0-ext-template-renderers | 0.4.2 |
| auth0-extension-express-tools | 1.0.2, 1.1.5, 1.1.6, 2.0.0 |
| auth0-extension-hapi-tools | 1.0.0, 1.1.0, 1.2.0, 1.2.1, 1.2.2, 1.3.0 |
| auth0-extension-tools | 1.0.0, 1.2.1, 1.3.1, 1.3.2, 1.4.0 |
| auth0-magic | 3.1.0 |
| auth0-oauth2-express | 0.0.1, 0.0.3, 1.1.5 |
| auth0-source-control-extension-tools | 3.0.10, 3.0.9, 3.1.4, 3.4.0, 3.5.1, 4.0.3, 4.0.5, 4.0.6, 4.0.7, 4.1.1, 4.1.2, 4.1.3, 4.1.5, 4.1.7, 4.1.9 |
| aws-sdk | 2.2.30, 2.1.31, 2.1.13, 2.4.13, 2.5.3, 2.197.0, 2.291.0, 2.458.0, 2.593.0 |
| axios | 0.15.2, 0.18.0, 0.19.2, 0.21.1, 0.21.3, 0.22.0, 0.27.2 |
| azure | 0.10.6 |
| azure-storage | 0.4.4, 0.4.1, 0.9.0 |
| babel | 5.4.7, 5.1.9 |
| bcrypt | 4.0.0 |
| bluebird | 2.9.26, 3.4.6 |
| body-parser | 1.12.4 |
| boom | 2.7.2 |
| botbuilder | 0.9.0 |
| bson | 0.3.2, 4.4.0 |
| cookie-parser | 1.3.5 |
| datadog-metrics | 0.8.2, 0.9.0, 0.9.2, 0.9.3 |
| disposable-email-domains | 1.0.14, 1.0.15, 1.0.56 |
| dockerode | 2.1.4, 2.0.3 |
| dotenv | 0.4.0, 2.0.0 |
| easy-pbkdf2 | 0.0.2 |
| ejs | 2.3.1 |
| engine.io-client | 1.5.1 |
| express | 4.12.4, 4.14.0, 4.16.3 |
| express-jwt | 3.1.0, 5.1.0 |
| faunadb | 2.11.1, 4.1.1 |
| filter-object | 2.1.0 |
| firebase | 7.12.0 |
| firebase-admin | 4.0.4, 5.0.0, 6.0.0, 8.0.0, 8.12.1 |
| form-data | 0.2.0 |
| getstream | 3.4.1 |
| gitlab | 1.7.0 |
| google-auth-library | 1.0.0 |
| google-libphonenumber | 2.0.7, 3.2.8, 3.2.10 |
| googleapis | 2.1.6, 34.0.0 |
| got | 3.2.0, 9.2.1, 10.7.0, 11.3.0, 11.5.2 |
| hapi | 13.5.0 |
| hapi-auth-jwt2 | 7.0.1 |
| hapi-swagger | 7.4.0 |
| hoek | 2.14.0 |
| http-proxy | 1.11.1 |
| ibm\_db | 2.6.4 |
| ip | 0.3.2, 0.0.1 |
| ipaddr.js | 1.0.1 |
| joi | 6.10.1 |
| jose | 3.19.0 |
| jsforce | 1.6.0 |
| jsonwebtoken | 5.7.0, 5.0.1, 5.0.0, 7.1.9, 8.5.0 |
| jwks-rsa | 1.0.0, 1.1.1, 1.6.0 |
| ldapjs | 1.0.0 |
| lodash | 3.10.1, 3.9.3, 2.4.1, 4.8.2, 4.17.10, 4.17.19 |
| lru-cache | 2.6.4 |
| mixpanel | 0.4.0 |
| mkdirp | 0.5.1 |
| moment | 2.10.3, 2.11.2 |
| mongodb | 2.0.48, 2.0.33, 2.0.27, 2.2.11, 3.1.4, 4.1.0, 3.6.10, 3.5.11 |
| mongoose | 4.1.6 |
| morgan | 1.5.3 |
| mysql | 2.7.0, 2.6.2, 2.0.0-alpha8, 2.15.0 |
| mysql2 | 1.5.3 |
| nano | 6.2.0 |
| neo4j-driver | 1.7.1 |
| node-fetch | 2.6.0 |
| node-jose | 0.9.2 |
| node-rdkafka | 2.10.1 |
| nodemailer | 2.5.0 |
| nsp | 2.4.0 |
| oauth | 0.9.12 |
| passport-wsfed-saml2 | 2.11.4 |
| pg | 4.5.7, 4.3.0, 4.1.1, 6.1.2, 7.17.1 |
| postmark | 1.3.1 |
| q | 1.0.1 |
| qs | 3.1.0 |
| ramda | 0.18.0, 0.23.0 |
| range\_check | 0.0.1 |
| raw-body | 2.1.0 |
| react | 15.3.2 |
| redis | 0.12.1 |
| request | 2.56.0, 2.55.0, 2.27.0, 2.67.0, 2.73.0, 2.75.0, 2.81.0, 2.83.0, 2.88.0 |
| rethinkdb | 2.1.1, 2.0.0-1, 2.0.0 |
| rollbar | 0.6.2, 2.12.2 |
| semver | 4.3.4 |
| sendgrid | 1.8.0, 3.0.7 |
| sequelize | 3.1.1 |
| soap | 0.23.0 |
| socket.io | 1.3.5 |
| socket.io-client | 1.3.5 |
| splunk-bunyan-logger | 0.9.1 |
| ssh2 | 0.4.13 |
| stamplay | 1.0.6, 1.0.5, 1.0.3 |
| stripe | 3.3.4, 4.14.0, 4.24.0, 7.1.0, 7.4.0, 8.52.0 |
| sumo-logger | 1.5.5 |
| superagent | 1.2.0, 3.8.3, 4.1.0 |
| tedious | 6.6.2, 1.11.0, 0.1.4, 8.3.1, 9.2.1 |
| tough-cookie | 1.2.0 |
| twilio | 2.2.1, 3.6.0, 3.57.0 |
| twit | 1.1.20 |
| uuid | 2.0.3, 2.0.1, 3.1.0, 3.3.2, 7.0.3, 8.0.0 |
| vso-node-api | 3.1.1 |
| watson-developer-cloud | 2.0.1 |
| winston | 1.0.0, 0.8.1, 3.1.0 |
| xml2js | 0.4.8, 0.2.8 |
| xmlbuilder | 2.6.4 |
| xmldom | 0.1.19, 0.1.13 |
| xpath | 0.0.5 |
| xtend | 1.0.3 |
### Secure renegotiation required by default for TLS connections
Node.js 18 requires secure renegotiation (RFC 5746) for TLS connections by default, a consequence of the requirement being introduced in the underlying OpenSSL dependency.
If your extensibility code performs external network calls, the target servers must support secure renegotiation, or otherwise, the requests will fail, and you will receive an error similar to:
```text wrap lines theme={null}
Error: write EPROTO C0BAF076:error:0A000152:SSL routines:final_renegotiate:unsafe legacy renegotiation disabled:../deps/openssl/openssl/ssl/statem/extensions.c:922:
```
Given this security-related change, we recommend that you ensure that all target servers are updated to support secure renegotiation. If the servers in question are third-party servers that are not under your control, you can evaluate the possibility of opting into the previous behavior.
For example, for the `axios` library, the following code snippet illustrates how to opt-in to the legacy behavior:
```javascript lines theme={null}
const axios = require('axios');
const https = require('https');
const crypto = require('crypto');
axios.get(
'https://[LEGACY_SERVER]',
{
httpsAgent: new https.Agent(
{
secureOptions: crypto.constants.SSL_OP_LEGACY_SERVER_CONNECT
}
)
})
```