node 16 EOL ended 7 months and 3 weeks ago

[Enase]

FYI:
https://nodejs.org/en/about/previous-releases#release-schedule

npm WARN EBADENGINE Unsupported engine {
npm WARN EBADENGINE   package: 'heroku@8.11.5',
npm WARN EBADENGINE   required: { node: '~16.20.0' },
npm WARN EBADENGINE   current: { node: ....... }
npm WARN EBADENGINE }

[justinwilaby]

Hi @Enase -

The Heroku team has plans to update to Node LTS sometime later this year. If you need to run the cli using a newer version of Node, most commands prepackaged with the default install should work. Of course, you would also have to use npm i -g heroku which it looks like you are already doing. :)

[wolkyura]

Hey @justinwilaby

The v8.8.0 release introduced this change 7ba13da which forces node16, do you think it was done by mistake and it should be >=16.20.0 and not ~16.20.0?

[justinwilaby]

Hi @wolkyura -

TL;DR: This is intentional and not a mistake, however a newer version of Node is very likely to work just fine. I have tested Node 22 and the commands I tested worked without issue.

For full transparency, we are working to remedy several issues around the node version used for the CLI and the @oclif/plugin-plugins version we are using.

1. There is currently no way to verify that an installed plugin will work with the node version or the CLI version used by the host. Ref this issue. This means that oclif allows potentially incompatible plugins to be installed without warning the user.
2. There is currently no officially supported way to update Node independently of the original install for the CLI. That is, if you install the CLI and it uses Node 16.20.1 and later on this version is found to contain a vulnerability, you must wait for a release from the Heroku team and reinstall the CLI using the installer to get the patched Node version. There are workarounds to this such as using npm i -g heroku@latest but this is not officially supported.
3. @oclif/plugin-plugins uses Yarn to install plugins. Yarn installs all devDependencies that are found in the package.json and fails the install if one of the devDependencies has an engine mismatch. Of course this is bad since a local dev environment can sometimes require Node 22 while the production build targets Node > 16. Plus, there is the added overhead of installing packages that are never used. This has been fixed and we'll be adopting the new version as part of our updates.

These are the items we're aware of and are discussing solutions for. Part of the discussion is maintaining Node LTS compatibility so our CLI will never require a version of Node that is no longer maintained.

A Note about item 3 in the above list: The workaround I am recommending for plugin authors is to omit devDependencies in the package.json and either remove yarn.lock altogether or rebuild it from the package.json that excludes devDependencies before publishing to NPM. This is the 100% reliable way to prevent issues until we can adopt the fix by the oclif team.

[wolkyura]

Thanks @justinwilaby for the detailed reply! Using npm to install heroku works just fine.