Security News
Deno 2.6 + Socket: Supply Chain Defense In Your CLI
Deno 2.6 introduces deno audit with a new --socket flag that plugs directly into Socket to bring supply chain security checks into the Deno CLI.
By Sarah Gooding - Dec 12, 2025
🚨 Shai-Hulud Strikes Again:834 Packages Compromised.Technical Analysis →
azure-pipelines-task-lib
Advanced tools
Azure Pipelines Task SDK
Libraries for writing Azure Pipelines tasks
Reference examples of our in the box tasks are here
TypeScript Tasks
Cross platform tasks are written in TypeScript. It is the preferred way to write tasks once.
Step by Step: Create Task
Documentation: TypeScript API, task JSON schema
Guidance: Finding Files, Minimum agent version, Proxy, Certificate
Node Runtime Support
Azure Pipelines supports multiple Node.js runtimes for task execution:
- Node 6 - Supported
- Node 10 - Supported
- Node 16 - Supported
- Node 20 - Current recommended version
- Node 24 - Latest version with modern JavaScript features
Node Version Selection
The Node runtime used depends on the execution handler specified in your task's task.json:
Node- Uses Node 6Node10- Uses Node 10Node16- Uses Node 16Node20_1- Uses Node 20 (Note: handler name includes _1 suffix)Node24- Uses Node 24
Upgrading to Newer Node Versions
When upgrading your tasks to newer Node versions:
- TypeScript: Ensure you're using a compatible TypeScript version (TS 4.0+ for Node 10+, TS 5.0+ for Node 20+, TS 5.7+ for Node 24)
- Dependencies: Review and update npm dependencies for compatibility with the target Node version
- Testing: Thoroughly test your tasks with the new Node runtime before publishing
- Breaking Changes: Review Node.js release notes for breaking changes between versions (especially
fsmodule changes)
Reference Examples
The ShellScript Task and the XCode Task are good examples.
Contributing
We are accepting contributions and we try to stay on top of issues.
Building the library
Once:
$ cd node
$ npm install
Build and Test:
$ npm test
Set environment variable TASK_TEST_TRACE=1 to display test output.
Powershell
We also maintain a PowerShell library for Windows task development.
Library: Powershell Library
Usage: Consuming the SDK
Third Party Notices
To generate/update third party notice file run:
$ node generate-third-party-notice.js
FAQs
Azure Pipelines Task SDK
The npm package azure-pipelines-task-lib receives a total of 29,407 weekly downloads. As such, azure-pipelines-task-lib popularity was classified as popular.
We found that azure-pipelines-task-lib demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 7 open source maintainers collaborating on the project.
Package last updated on 11 Dec 2025
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
New React Server Components Vulnerabilities: DoS and Source Code Exposure
New DoS and source code exposure bugs in React Server Components and Next.js: what’s affected and how to update safely.
By Sarah Gooding - Dec 12, 2025
Security News
Software Engineering Daily Podcast: Feross on AI, Open Source, and Supply Chain Risk
Socket CEO Feross Aboukhadijeh joins Software Engineering Daily to discuss modern software supply chain attacks and rising AI-driven security risks.
By Sarah Gooding - Dec 11, 2025