7.0.0 (2025-11-06)
The MongoDB Node.js team is pleased to announce version 7.0.0 of the mongodb package!
Release Notes
The following is a detailed collection of the changes in the major v7 release of the mongodb package for Node.js.
The main focus of this release was usability improvements and a streamlined API. Read on for details!
Important
This is a list of changes relative to v6.21.0 of the driver. ALL changes listed below are BREAKING unless indicated otherwise.
Users migrating from an older version of the driver are advised to upgrade to at least v6.21.0 before adopting v7.
🛠️ Runtime and dependency updates
Minimum Node.js version is now v20.19.0
The minimum supported Node.js version is now v20.19.0 and our TypeScript target has been updated to ES2023. We strive to keep our minimum supported Node.js version in sync with the runtime's release cadence to keep up with the latest security updates and modern language features.
Notably, the driver now offers native support for explicit resource management. Symbol.asyncDispose implementations are available on the MongoClient, ClientSession, ChangeStream and on cursors.
Note
Explicit resource management is considered experimental in the driver and will be until the TC39 explicit resource management proposal is completed.
bson and mongodb-connection-string-url versions 7.0.0
This driver version has been updated to use bson@7.0.0 and mongodb-connection-string-url@7.0.0, which match the driver's Node.js runtime version support. BSON functionality re-exported from the driver is furthermore subject to the changes outlined in the BSON V7 release notes.
Optional peer dependency releases and version bumps
@mongodb-js/zstdoptional peer dependency minimum version raised to7.0.0, dropped support for1.xand2.x(note that@mongodb-js/zstddoes not have3.x-6.xversion releases)kerberosoptional peer dependency minimum version raised to7.0.0, dropped support for2.x(note thatkerberosdoes not have3.x-6.xversion releases)mongodb-client-encryptionoptional peer dependency minimum version raised to7.0.0, dropped support for6.x
Additionally, the driver is now compatible with the following packages:
| Dependency | Previous Range | New Allowed Range |
|---|---|---|
| @aws-sdk/credential-providers | ^3.188.0 | ^3.806.0 |
| gcp-metadata | ^5.2.0 | ^7.0.1 |
| socks | ^2.7.1 | ^2.8.6 |
🔐 AWS authentication
To improve long-term maintainability and ensure compatibility with AWS updates, we’ve standardized AWS auth to use the official SDK in all cases and made a number of supporting changes outlined below.
@aws-sdk/credential-providers is now required for MONGODB-AWS authentication
Previous versions of the driver contained two implementations for AWS authentication and could run the risk of the custom driver implementation not supporting all AWS authentication features as well as not being correct when AWS makes changes. Using the official AWS SDK in all cases alleviates these issues.
npm install @aws-sdk/credential-providersCustom AWS credential provider takes highest precedence
When providing a custom AWS credential provider via the auth mechanism property AWS_CREDENTIAL_PROVIDER, it will now take the highest precedence over any other AWS auth method.
Explicitly provided credentials no longer accepted with MONGODB-AWS authentication
AWS environments (such as AWS Lambda) do not have credentials that are permanent and expire within a set amount of time. Providing credentials in the URI or options would mandate that those credentials would be valid for the life of the MongoClient, which is problematic. With this change, the fetching of credentials is fully handled by the installed required AWS SDK.
This means that for AWS authentication, all client URIs MUST now be specified as:
import { MongoClient } from 'mongodb';
const client = new MongoClient('mongodb<+srv>://<host>:<port>/?authMechanism=MONGODB-AWS');The previous method of providing URI encoded credentials based on the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY directly in the connection string will no longer work.
⚙️ Error handling improvements
Dropping a collection returns false instead of throwing when NS not found
This change has been made for consistency with the common drivers specifications.
Aggregate with write concern and explain no longer throws client-side
This will now throw a MongoServerError instead.
All encryption-related errors now subclass MongoError
The driver aims to ensure that all errors it throws are subclasses of MongoError. However, when using CSFLE or QE, the driver's encryption implementation could sometimes throw errors that were not instances of MongoError.
Now, all errors thrown during encryption are subclasses of MongoError.
'PoolRequstedRetry' error label renamed to 'PoolRequestedRetry'
The PoolClearedError thrown in cases where the connection pool was cleared now fixes the typo in the error label.
💥 Misc breaking improvements
Change streams no longer filter $changeStream stage options
Users can now pass any option to collection.watch(). If an option is invalid for the $changeStream stage of the pipeline, the server will return an error. This change makes it possible to use newly introduced server options without waiting for them to become available in our public type definitions and eliminates the risk of valid but unrecognized options being silently ignored.
Cursors no longer provide a default batchSize of 1000 for getMores
In driver versions <7.0, the driver provides a default batchSize of 1000 for each getMore when iterating a cursor. This behavior is not ideal because the default is set regardless of the documents being fetched. For example, if a cursor fetches many small documents, the driver's default of 1000 can result in many round-trips to fetch all documents, when the server could fit all documents inside a single getMore if no batchSize were set.
Now, cursors no longer provide a default batchSize when executing a getMore. A batchSize will only be set on getMore commands if a batchSize has been explicitly configured for the cursor.
Auto encryption options now include default filenames in TS
A common source of confusion for people configuring auto encryption is where to specify the path to mongocryptd and where to specify the path to crypt_shared. We've now made this clearer in our Typescript users. Typescript now reports errors if the specified filename doesn't match the default name of the file. Some examples:
var path: AutoEncryptionOptions['extraOptions']['mongocryptdSpawnPath'] = 'some path'; // ERROR
var path: AutoEncryptionOptions['extraOptions']['mongocryptdSpawnPath'] = 'mongocryptd'; // OK
var path: AutoEncryptionOptions['extraOptions']['mongocryptdSpawnPath'] =
'/usr/local/bin/mongocryptd'; // OK
var path: AutoEncryptionOptions['extraOptions']['mongocryptdSpawnPath'] = 'mongocryptd.exe'; // OK
var path: AutoEncryptionOptions['extraOptions']['cryptSharedLibPath'] = 'some path'; // ERROR
var path: AutoEncryptionOptions['extraOptions']['cryptSharedLibPath'] = 'mongo_crypt_v1.so'; // OK
var path: AutoEncryptionOptions['extraOptions']['cryptSharedLibPath'] = 'mongo_crypt_v1.dll'; // OK
var path: AutoEncryptionOptions['extraOptions']['cryptSharedLibPath'] = 'mongo_crypt_v1.dylib'; // OK☀️ Misc non-breaking improvements
Improve MongoClient.connect() consistency across environments
The MongoClient connect function will now run a handshake regardless of credentials being defined. The upshot of this change is that connect is more consistent at verifying some fail-fast preconditions regardless of environment. For example, previously, if connecting to a loadBalanced=true cluster without authentication there would not have been an error until a command was attempted.
MongoClient.close() no longer sends endSessions if the topology does not have session support
MongoClient.close() attempts to free up any server resources that the client has instantiated, including sessions. Previously, MongoClient.close() unconditionally attempted to kill all sessions, regardless of whether or not the topology actually supports sessions.
Now, MongoClient.close() only attempts to clean up sessions if the topology supports sessions.
Wrap socket write in a try/catch to ensure errors can be properly wrapped
One socket.write call was not correctly wrapped in a try/catch block and network errors could bubble up to the driver. This call is now properly wrapped and will result in a retry.
ClientEncryption.rewrapManyDataKey() options now correctly marked as optional
The options parameter for the ClientEncryption.rewrapManyDataKey() method is now correctly marked as optional in its TypeScript definition. This change aligns the type signature with the method's implementation and documentation, resolving a type mismatch for TypeScript users.
📜 Removal of deprecated functionality
Cursor and ChangeStream stream() method no longer accepts a transform
Cursors and ChangeStreams no longer accept a transform function. ReadableStream.map() can be used instead:
// before
const stream = cursor.stream({ transform: JSON.stringify });
// after
const stream = cursor.stream().map(JSON.stringify);MONGODB-CR AuthMechanism has been removed
This mechanism has been unsupported as of MongoDB 4.0 and attempting to use it will still raise an error.
Internal ClientMetadata properties have been removed from the public API
Previous versions of the driver unintentionally exposed the following properties that have now been made internal:
MongoClient.options.additionalDriverInfo
MongoClient.options.metadata
MongoClient.options.extendedMetadata
MongoOptions.additionalDriverInfo
MongoOptions.metadata
MongoOptions.extendedMetadata
ConnectionOptions.metadata
ConnectionOptions.extendedMetadata
CommandOptions.noResponse option removed
This option was never intended to be public, and never worked properly for user-facing APIs. It has now been removed.
Assorted deprecated type, class, and option removals
GridFSFile.contentType;
GridFSFile.aliases;
GridFSBucketWriteStreamOptions.contentType;
GridFSBucketWriteStreamOptions.aliases;
CloseOptions;
ResumeOptions;
MongoClientOptions.useNewUrlParser;
MongoClientOptions.useUnifiedTopology;
CreateCollectionOptions.autoIndexId;
FindOptions<TSchema>; // now no generic type
ClientMetadataOptions;
FindOneOptions.batchSize;
FindOneOptions.limit;
FindOneOptions.noCursorTimeout;
ReadPreference.minWireVersion;
ServerCapabilities;
CommandOperationOptions.retryWrites; // is a global option on the MongoClient
ClientSession.transaction;
Transaction;
CancellationToken;⚠️ ALL BREAKING CHANGES
- NODE-7286: Update dependencies to v7 (#4780)
- NODE-5510: dont filter change stream options (#4723)
- NODE-6296: remove cursor default batch size of 1000 (#4729)
- NODE-7150: update peer dependency matrix for 3rd party peer deps (#4720)
- NODE-7046: remove AWS uri/options support (#4689)
- NODE-4808: remove support for stream() transform on cursors and change streams (#4728)
- NODE-6377: remove noResponse option (#4724)
- NODE-6473: remove MONGODB-CR auth (#4717)
- NODE-5994: Remove metadata-related properties from public driver API (#4716)
- NODE-7016: remove
betanamespace and move resource management into driver (#4719) - NODE-4184: don't throw on aggregate with write concern and explain (#4718)
- NODE-7043, NODE-7217: adopt mongodb-client-encryption v7 (#4705)
- NODE-6065: throw MongoRuntimeError instead of MissingDependencyError in crypto connection (#4711)
- NODE-6584: improve typing for filepaths in AutoEncryptionOptions (#4341)
- NODE-6334: rename PoolRequstedRetry to PoolRequestedRetry (#4696)
- NODE-7174: drop support for Node16 and Node18 (#4668)
- NODE-7047: use custom credential provider first after URI (#4656)
- NODE-6988: require aws sdk for aws auth (#4659)
- NODE-5545: remove deprecated objects (#4704) (cfbada6)
Non-breaking
- NODE-4243: drop collection checks ns not found (#4742) (a8d7c5f)
- NODE-7223: run checkout on connect regardless of credentials (#4715) (c5f74ab)
- NODE-7232: only send endSessions during client close if the topology supports sessions (#4722) (cc85ebf)
- NODE-7067: Wrap socket write in a try/catch to ensure errors can be properly wrapped (#4759) (66c18b7)