I recently checked the Node.js version on my Homey Pro (Early 2019) and was quite surprised to see that it’s still running Node.js v12.22.11. Given that the latest official release is already Node.js v22.14, that’s a massive gap of ten major versions!
This makes me wonder:
Why is such an outdated version still being used?
Is it due to dependencies that Homey Pro relies on?
Does the system need major refactoring to support newer Node.js versions?
Could it be that certain libraries or integrations are incompatible with newer versions?
What are the security implications?
Node.js 12 reached end-of-life (EOL) in April 2022, meaning it no longer receives security updates.
Could this pose a potential risk to the system?
Are there mitigations in place to compensate for this outdated version?
I’d love to hear your thoughts on this. Has Athom (Homey’s manufacturer) ever addressed this, or is there any official roadmap for updating Node.js on Homey Pro devices?
A different version of Node.js is used for apps (v16.14.2). Still very much outdated, but if you want to know the exact reason, you should ask Athom directly and not here, on a community forum where we can only speculate about the reason why this is (my guess: “it works”, and nobody is interested in upgrading it, with possible backward compatibility issues with both the core software and all apps, at least not unless it turns out to contain major security implications).
I’m afraid you are asking about product, which is actively supported, but it’s kind of EOL. I’m not sure if upgrading to a higher NodeJS version would actually not increase memory and space requirements, causing additional troubles (module dependencies) on some of Homey 2019 running already on the edge. I would not expect upgrade of NodeJS soon, probably not for HP19… HP19 is not being sold for how long, 3-4 years ?
Just speculating here, but considering it’s closed ecosystem (eg. never have seen “root” on HP19 but maybe I missed it), I don’t think there is high risk, unless you would be targeted by NSA or some other institution.
Also “AI” view :
While Athom has not explicitly addressed Node.js upgrades for older Homey Pro models, the shift toward Docker and newer SDKs indicates a gradual modernization effort. For now, the 2019 model’s Node.js version reflects a balance between stability and legacy compatibility. Users prioritizing security should consider upgrading to newer Homey Pro hardware or exploring community-driven solutions cautiously.
As of Homey Pro (2016—2019) v7.4.0, Apps run on Node.js v16. Older versions of Homey Pro (2016—2019) run Homey Apps on Node.js v12. Homey Cloud Apps always run on Node.js v16. Homey Pro (Early 2023) Apps run on Node.js v18.
Here’s a brief rundown (as of now) of key Node.js releases and their end-of-life dates:
Node.js 10: EOL on April 30, 2021
Node.js 12: EOL on April 30, 2022
Node.js 14: EOL on April 30, 2023
Node.js 16: EOL on September 11, 2023
Node.js 18 (LTS): Active LTS until April 2025
Node.js 20 (LTS): Scheduled maintenance until April 2026
…let’s see if there will be any surprise with Node.js 18 EOL…
To wrap up - it’s not best practice, what Athom is showing here, but it is what it is - kind of overall compromise.
If anything wrong, feel free to comment/correct, I’m not security expert nor developer.
I’m deliberately asking in the community because I’ve found that you usually don’t get a lot of insights from the provider themselves, and they apparently always take quite a while to process inquiries.
I’m wondering about things like: Don’t different Node.js versions for the core system and for the apps potentially cause compatibility issues and increase testing efforts? Higher storage requirements, etc.?
Isn’t the Homey firmware the same for all Homey Pro devices? I mean for both the 2023 and the 2019 models, or are there different Node.js versions for the core system?
I do plan to buy a new Homey Pro at some point, but everything is currently running smoothly. So my question is more technical in nature, just to get more background information here and there. I’ve always noticed with Node.js that, for example, compared to Go, you need a lot of external packages, and having different versions could cause significant development efforts. Additionally, if a critical security vulnerability does occur (or maybe it already did), it’s usually not possible to rebuild everything overnight.
Interesting point here - Broken window theroy:
Core Idea: Small issues (e.g., poor code quality, unclear structure) are ignored, giving the impression that no one cares about the system.
Consequence: Further deterioration occurs as developers adopt bad practices (“If the rest is chaotic, I can follow suit too.”).
Impact: Decline in code quality, increased maintenance costs, and decreased team morale.
Prevention:
Immediate fixing of minor issues (refactoring).
Clear coding standards and regular code reviews.
Accountability for every developer to ensure the quality of their code.
Relevance in Software Development: Prevents technical debt and promotes a sustainable, high-quality codebase.
How do you expect community developers to answer? Nobody has to deal with those issues other than Athom developers. And unless there are pressing reasons to upgrade, they seem to much rather focus their efforts on LG’s Homey.
I’ve kind of described why I think it would be more economical for LG. The question would be whether you would subscribe to the argument or whether there are counter-theses?
I can’t subscribe to the argument because I’m not an Athom developer and I have no idea if having different Node.js versions is causing issues for them
