--- title: Node.js Compatibility Requirements description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: >- Docs > Datadog Security > App and API Protection > Enabling App and API Protection > Enabling App and API Protection for Node.js > Node.js Compatibility Requirements --- # Node.js Compatibility Requirements {% callout %} # Important note for users on the following Datadog sites: app.ddog-gov.com {% alert level="danger" %} This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site). (). {% /alert %} {% /callout %} ## App and API Protection capabilities{% #app-and-api-protection-capabilities %} The following App and API Protection capabilities are supported in the Node.js library, for the specified tracer version: | App and API Protection capability | Minimum Node.js tracer version | | -------------------------------------- | ------------------------------ | | Threat Detection | 4.0.0 | | Threat Protection | 4.0.0 | | Customize response to blocked requests | 4.1.0 | | Automatic user activity event tracking | 4.4.0 | | API Security | 4.30.0 | The minimum tracer version to get all supported App and API Protection capabilities for Node.js is 4.30.0. **Note**: - Threat Protection requires enabling [Remote Configuration](https://docs.datadoghq.com/agent/remote_config/#enabling-remote-configuration), which is included in the listed minimum tracer version. ### Supported deployment types{% #supported-deployment-types %} | Type | Threat Detection support | | ----------- | ------------------------ | | Docker | yes | | Kubernetes | yes | | Amazon ECS | yes | | AWS Fargate | yes | | AWS Lambda | yes | ## Language and framework compatibility{% #language-and-framework-compatibility %} ### Node.js Version Support{% #nodejs-version-support %} When the Node.js project drops support for an LTS major release line (when it goes End of Life), support for it is dropped in the next major version of `dd-trace`. The last major supporting release line of `dd-trace` library supports that EOL version of Node.js for at least another year on a maintenance mode basis. Some issues cannot be solved in `dd-trace` and instead must be solved in Node.js. When this happens and the Node.js release in question is EOL, it's not possible to solve the issue without moving to another non-EOL release. Datadog does not make new releases of `dd-trace` to provide specific support for non-LTS Node.js major release lines (odd numbered versions). For the best level of support, always run the latest LTS release of Node.js, and the latest major version of `dd-trace`. Whatever release line of Node.js you use, also use the latest version of Node.js on that release line, to ensure you have the latest security fixes. For more information about Node.js release, see the [official Node.js documentation](https://github.com/nodejs/release#release-schedule). ### Operating system support{% #operating-system-support %} The following operating systems are officially supported by `dd-trace`. Any operating system not listed is still likely to work, but with some features missing, for example App and API Protection capabilities, profiling, and runtime metrics. Generally speaking, operating systems that are actively maintained at the time of initial release for a major version are supported. | Operating System | Architectures | Minimum Versions | | ---------------- | ------------- | ---------------------------------------- | | Linux (glibc) | arm64, x64 | CentOS 7, Debian 9, RHEL 7, Ubuntu 14.04 | | Linux (musl) | arm64, x64 | Alpine 3.13 | | macOS | arm64, x64 | Sonoma (14.0) | | Windows | x64 | Windows 8.1, Windows Server 2012 | ### Web framework compatibility{% #web-framework-compatibility %} - Attacker source HTTP request details - Tags for the HTTP request (status code, method, etc) - Distributed Tracing to see attack flows through your applications ##### App and API Protection Capability Notes{% #app-and-api-protection-capability-notes %} Although Threat Protection is available for express >= 4 versions, the blocking of payloads on the body is only supported for applications using either the [`body-parser`](https://www.npmjs.com/package/body-parser) or [`multer`](https://www.npmjs.com/package/multer) libraries. | Framework | Versions | Threat Detection supported? | Threat Protection supported? | | --------- | -------- | --------------------------- | ---------------------------- | | express | `>=4` | yes | yes | | fastify | `>=2` | yes | yes | | nextjs | `>=11.1` | yes | {% alert level="info" %} If you would like to see support added for any of the unsupported capabilities or for your Node.js framework, let us know! Fill out [this short form to send details](https://forms.gle/gHrxGQMEnAobukfn7). {% /alert %} ### Networking framework compatibility{% #networking-framework-compatibility %} **Networking tracing provides:** - Distributed tracing through your applications - Request-based blocking ##### App and API Protection Capability Notes{% #app-and-api-protection-capability-notes-1 %} | Framework | Threat Detection supported? | Threat Protection supported? | | --------- | --------------------------- | ---------------------------- | | http | yes | yes | | https | yes | yes | {% alert level="info" %} If you don't see your framework of choice listed, let us know! Fill out [this short form to send details](https://forms.gle/gHrxGQMEnAobukfn7). {% /alert %} ### Data store compatibility{% #data-store-compatibility %} **Datastore tracing provides:** - Timing request to response - Query info (for example, a sanitized query string) - Error and stacktrace capturing ##### App and API Protection Capability Notes{% #app-and-api-protection-capability-notes-2 %} - **Threat Protection** also works at the HTTP request (input) layer, and so works for all databases by default, even those not listed in the table below. | Framework | Versions | Threat Detection supported? | Threat Protection supported? | | -------------------------------------------------------------------------- | -------- | --------------------------- | ---------------------------- | | [@apollo/server](https://github.com/apollographql/apollo-server) | `>=4` | yes | yes | | [apollo-server-core](https://www.npmjs.com/package/apollo-server-core) | `>=3` | yes | yes | | [cassandra-driver](https://github.com/datastax/nodejs-driver) | `>=3` | yes | yes | | [couchbase](https://github.com/couchbase/couchnode) | `^2.4.2` | yes | yes | | [elasticsearch](https://github.com/elastic/elasticsearch-js) | `>=10` | yes | yes | | [ioredis](https://github.com/luin/ioredis) | `>=2` | yes | yes | | [knex](https://knexjs.org) | `>=0.8` | yes | yes | | [mariadb](https://github.com/mariadb-corporation/mariadb-connector-nodejs) | `>=3` | yes | yes | | [memcached](https://github.com/3rd-Eden/memcached) | `>=2.2` | yes | yes | | [mongodb-core](https://www.mongodb.com/docs/drivers/node/current/) | `>=2` | yes | yes | | [mysql](https://github.com/mysqljs/mysql) | `>=2` | yes | yes | | [mysql2](https://github.com/sidorares/node-mysql2) | `>=1` | yes | yes | | [oracledb](https://oracle.github.io/node-oracledb/) | `>=5` | yes | yes | | [pg](https://node-postgres.com) | `>=4` | yes | yes | | [redis](https://github.com/NodeRedis/node_redis) | `>=0.12` | yes | yes | | [sharedb](https://share.github.io/sharedb/) | `>=1` | yes | yes | | [tedious](http://tediousjs.github.io/tedious) | `>=1` | yes | yes | | [sequelize](https://github.com/sequelize/sequelize) | `>=4` | yes | yes | ### User Authentication Frameworks compatibility{% #user-authentication-frameworks-compatibility %} **Integrations to User Authentication Frameworks provide:** - User login events, including the user IDs - The Account Takeover detection monitoring the user login events | Framework | Minimum Framework Version | | -------------- | ------------------------- | | passport-local | 1.0.0 | | passport-http | 0.3.0 |