node-sass is end-of-life and you should migrate off it — the package reached EOL in 2024, receives no further releases or security fixes, and does not support Node.js versions beyond 20. If you still have node-sass in a package.json, it is a deprecated dependency sitting in your build, and the node-sass latest version will be the last one there ever is. The good news is that the migration to its supported successor is one of the easiest dependency swaps you will ever do.
Let me walk through what happened, why it matters even for a build-time-only tool, and the exact steps to move to Dart Sass.
What node-sass was, and what happened to it
node-sass was for years the default way to compile Sass in a JavaScript project. It was a native binding around LibSass, the C/C++ implementation of the Sass compiler. Native bindings are fast, but they carry a cost: every new Node.js major release needs a freshly compiled binary, and the binary has to be built and distributed for every platform.
The Sass team deprecated LibSass back in October 2020. Their reasoning was straightforward: LibSass had not kept pace with the Sass language, could not support newer CSS features like calc() in the way the language wanted, and there was not enough engineering bandwidth to keep it current. Because node-sass wraps LibSass, node-sass inherited that deprecation.
In July 2024, node-sass was formally declared end-of-life. The maintainers have said LibSass and node-sass will get best-effort major-bug and security fixes and compatibility patches for a while, but no new features — and critically, node-sass does not support Node.js greater than 20, and each new Node major would require a native binary that will never be built.
Why a build-time dependency still matters for security
A common objection: "node-sass only runs at build time, it never ships to production, so who cares if it is unmaintained." That reasoning is half right and dangerously incomplete.
Your build environment is part of your attack surface. Build-time dependencies execute on your CI runners and developer machines, often with access to source code, environment secrets, and signing credentials. An unmaintained package that has stopped receiving security fixes is exactly the kind of thing that accumulates unpatched vulnerabilities over time, and node-sass drags in a native compilation step and its own transitive tree.
There is also the practical rot: an EOL package that does not support current Node.js versions will eventually block your Node upgrade. You will hit a wall where you cannot move to a supported Node runtime because a CSS compiler you forgot about won't build against it. That is a self-inflicted supply-chain constraint, and a dependency scanner like an SCA tool will flag node-sass as deprecated and unmaintained precisely so it doesn't ambush you at upgrade time.
The migration: node-sass to Dart Sass
Dart Sass is the primary, actively maintained implementation of Sass and the reference for the language today. Migrating is mostly a package swap.
Step 1 — remove node-sass, add sass.
npm uninstall node-sass
npm install --save-dev sass
The sass package on npm is Dart Sass, distributed as pure JavaScript (compiled from Dart), so there is no native binary to build and no per-Node-version binary problem. That alone removes a whole class of "it won't install on this platform" pain.
Step 2 — update your build config. Most build tools reference the compiler by package name. In a webpack sass-loader setup, point it at the new package:
// webpack.config.js
{
test: /\.scss$/,
use: [
"style-loader",
"css-loader",
{
loader: "sass-loader",
options: {
implementation: require("sass"), // was require("node-sass")
},
},
],
}
Vite, Angular CLI, and Next.js pick up the sass package automatically once node-sass is gone; in most modern toolchains removing node-sass and installing sass is the entire config change.
Step 3 — fix syntax differences. Dart Sass is stricter and has deprecated some LibSass-era behavior. The ones you are most likely to hit:
- Division with
/. LibSass treated/as division in many contexts. Dart Sass moved tomath.div()and warns on/as division. Replace$a / $bwithmath.div($a, $b)and add@use "sass:math";. @importis deprecated in favor of@useand@forward.@importstill works for now but throws deprecation warnings; migrating to the module system is worthwhile but not required to unblock the build.- Color and unit strictness. Dart Sass rejects some invalid operations LibSass silently allowed. Fix the warnings as they appear.
The official sass-migrator tool can automate much of the @import-to-@use and division rewrites:
npm install -g sass-migrator
sass-migrator module --migrate-deps your-entrypoint.scss
Verifying the migration
After swapping, do a clean build and diff the output CSS. Because Dart Sass is the reference implementation, the compiled CSS should be functionally equivalent, but the strictness changes mean you want to confirm nothing silently changed. Run your visual regression tests if you have them, or at minimum spot-check the pages that use the most complex Sass math.
Then delete any lingering node_modules/.cache and rebuild from scratch on CI to make sure the native-binary step is truly gone. A successful cold build on a current Node.js version is your proof that you are off node-sass for good.
The takeaway
node-sass had a good run as the default Sass compiler, but it is done — deprecated since 2020, end-of-life since 2024, and a blocker for Node.js upgrades. Keeping it is taking on unmaintained-dependency risk for no benefit, since Dart Sass is faster to install, actively maintained, and the language reference. Swap it, fix the handful of strictness warnings, and remove one deprecated package from your build. If you want to catch the next one automatically, wire dependency scanning into CI so EOL packages get flagged the day they are declared.
FAQ
Is node-sass still maintained?
No. node-sass reached end-of-life in July 2024 and receives no new features. LibSass, which it wraps, was deprecated in October 2020. Only best-effort major-bug and security fixes are promised, and node-sass does not support Node.js versions above 20.
What is the node-sass latest version and should I upgrade to it?
Whatever the last published release is, it is effectively the final one — there is no forward path on node-sass. Rather than pinning to the latest node-sass, migrate to the sass package (Dart Sass), which is actively maintained.
How hard is it to migrate from node-sass to Dart Sass?
For most projects it is an afternoon: uninstall node-sass, install sass, update the build config to reference the new implementation, and fix a handful of strictness warnings like / division becoming math.div(). The sass-migrator tool automates much of the syntax cleanup.
Does node-sass being unmaintained actually matter if it only runs at build time?
Yes. Build-time dependencies execute on CI runners and dev machines with access to secrets and source. An EOL package stops getting security fixes and will eventually block your Node.js upgrades, so it is real supply-chain and operational risk despite never shipping to production.