What API development services do you offer?

We offer REST API development, GraphQL APIs, third-party API integration, Laravel API development, and API security implementation. We also provide DevOps services including AWS infrastructure and CI/CD pipelines.

Where are you based and do you work with clients across the UK?

We're based in Leeds, West Yorkshire, but we work with clients across the entire United Kingdom including London, Manchester, Birmingham, and beyond. We work remotely with businesses throughout Britain.

What technologies do you specialise in?

We specialise in Laravel and PHP for backend development, along with RESTful APIs, GraphQL, Node.js, AWS, Docker, Kubernetes, and CloudFlare. We also work with MySQL and PostgreSQL databases.

Do you provide ongoing support after project completion?

Yes, we offer ongoing support and maintenance packages to ensure your APIs and applications continue running smoothly. This includes monitoring, updates, security patches, and performance optimisation.

Node.js 18 Has Reached End of Life - Why You Need to Upgrade Now

As of 30 April 2025, Node.js 18 has officially reached its end of life. That means no more security patches, no more bug fixes, and no more updates of any kind. If your applications are still running on Node.js 18, they are now exposed to every vulnerability discovered from this point forward - and they will never be patched.

This is not a hypothetical risk. The Node.js project has been clear that end-of-life versions are always affected when a security release occurs. The next time a vulnerability is disclosed and patched across active release lines, Node.js 18 will have the same vulnerability but will never receive the fix. That is the reality from this point forward.

The Scale of the Problem

What makes this particularly concerning is the sheer number of projects still running on Node.js 18. Download statistics show that it still accounted for roughly 50 million monthly downloads around the time it reached EOL. That is a staggering number of applications running on a runtime that will never be patched again.

If you are running a Next.js application, a React-based dashboard, or any API service built on Node.js 18 in production, you will begin accumulating unpatched vulnerabilities with every passing month. Platforms like Vercel have already announced deprecation timelines for Node.js 18 support, and others are likely to follow.

Where Should You Upgrade To?

You have two sensible options right now. Node.js 20 is in maintenance LTS and will be supported until April 2026. Node.js 22 is in active LTS and will be supported until April 2027, giving you the longest runway. If you are going to invest the effort in upgrading, we would recommend going straight to Node.js 22 to future-proof your applications and avoid another major upgrade cycle in just a year's time.

Node.js 24 is also expected to land very soon as the new "Current" release, bringing V8 13.6, npm 11, and significant performance improvements. It will enter LTS in October 2025 for those who want the very latest, though for most production applications, Node.js 22 remains the safest bet right now.

How to Check if You Are Affected

Run node --version in your terminal. If it starts with v18, you need to upgrade. Do not just check your local development environment - check your CI/CD pipelines, your Docker base images, your staging servers, and your production infrastructure. It is common for teams to have updated locally but still be deploying on an older version.

The Node.js project also provides a handy tool called is-my-node-vulnerable that checks your installation against known security vulnerabilities. Run npx is-my-node-vulnerable to get an immediate assessment.

This Is Not Just About Node.js

This is a reminder that applies to every piece of software in your stack. Whether it is your Node.js runtime, your PHP version powering Laravel, your CMS platform, or your frontend framework - running end-of-life software in production is a risk that compounds over time. Every day you delay an upgrade, the gap between where you are and where you need to be grows wider, and the eventual migration becomes harder.

Security updates are not optional. They are maintenance. Treat them like you would servicing a vehicle - skip it long enough and something will eventually break, usually at the worst possible time.

What We Recommend

If you are running Node.js 18 in production, prioritise the upgrade to Node.js 22 LTS. Update your Docker base images, your CI/CD configurations, your package.json engines field, and your deployment pipelines. Test thoroughly, but do not delay. The longer you wait, the more unpatched vulnerabilities you accumulate.

If you need help assessing your current stack or planning an upgrade path, get in touch with us. We help teams modernise their infrastructure and keep their software secure and up to date.