Update integrated Node environment

Hello,

We have recently decided to begin transitioning of a big project to use auth0, however we have some concerns about integrated Node environment (webtask?).

In our tests when logging process.env.NODE_ENV in our custom rules and a custom connection configuration, it prints 4.8.7. This is unacceptable for us, since Node 4 has been in maintenance mode for almost a year, and is set to reach EOL at the end of April. Not only does this provide sub-par DX, but it’s also a security concern since this release won’t receive any security fixes or updates.

Our question is if it’s possible already today to configure the service to use the latest LTS release, or if there are plans in place to transition everyone to this version before Node 4 reaches EOL.

Another concern is the seemingly arbitrary linting rules in the editor, because they complain about features already supported by the existing Node runtime (like const assignments for example). Please let us know if it’s possible to turn these off or adjust them.

Thank you,
Simon.

Thanks for reaching out. You are correct that the Extensibility points of the Auth0 system (including Rules, Hooks, and Custom DB Connections) currently run in a Node v4 webtask environment. We are aware of the Node 4 EOL at the end of April and are actively reviewing and evaluating solutions regarding security risks for Node 4 topics.

Specifically, we are in the midst of a project to provide a Node LTS environment for all Extensibility points. While it is not possible to configure the node version for webtasks today, we understand the benefits and have been discussing such a feature. Linting rules will conform to the Node version when it is updated.