Node.js is not just a JavaScript runtime. It is a complete platform for building servers, command-line tools, build pipelines, and networked applications. At the heart of this platform are the built-in modules — APIs that ship with every Node.js installation and require no npm install. From reading files and handling HTTP requests to spawning processes and hashing passwords, the built-in modules cover the full spectrum of server-side programming.
Yet many developers reach for npm packages before they understand what Node.js provides out of the box. A file upload handler pulls in multer before checking if the stream module suffices. A configuration loader installs dotenv without knowing that process.env is already there. A hash generator imports bcrypt for simple use cases where crypto.createHash would work. Understanding the built-in modules saves dependencies, reduces attack surface, and deepens your mental model of how Node.js works.
Our free interactive Node.js built-in modules cheat sheet maps seventy-plus APIs across nine operational categories. Each entry includes a concise explanation, a copyable code example, and type badges that distinguish synchronous, asynchronous, promise-based, class-based, and global APIs. The Server Room Console aesthetic — deep rack-black background, LED status indicators, and industrial typography — turns API exploration into systems administration. Everything runs in your browser with no server interaction, no signup, and no data collection.
Why Built-in Modules Deserve a Dedicated Reference
The Node.js documentation is comprehensive but fragmented. Each module has its own page, and related APIs are scattered across the navigation tree. The fs module alone has over forty methods, spread across synchronous, callback, promise, and stream variants. The http module interleaves server and client APIs. The crypto module spans hashing, HMAC, ciphers, and key derivation without a clear learning path.
A unified cheat sheet provides three benefits. First, it reduces the time spent jumping between documentation pages. Second, it surfaces APIs you might not know exist. Many developers have never used perf_hooks for measuring execution time, worker_threads for CPU-bound parallelism, or zlib for compression. Third, it clarifies the relationship between related modules. Understanding that stream underlies fs, http, and zlib helps you compose pipelines that process data efficiently.
Node.js evolves constantly. New APIs like fs.promises, util.parseArgs, and crypto.randomUUID arrive regularly. Deprecated APIs like url.parse and querystring are still widely used in legacy code. A living cheat sheet keeps your mental model current without forcing you to read every changelog.
File System — fs and path
The fs module is the most frequently used built-in module. It provides every operation you need to interact with the file system: reading, writing, appending, deleting, renaming, copying, and watching files and directories.
Reading and Writing Files
Node.js offers three variants of most file operations: synchronous, callback-based, and promise-based. The synchronous variants block the event loop and should be avoided in request handlers. The callback variants are the historical standard. The promise variants, available under fs.promises since Node.js 10, are the modern default and work seamlessly with async/await.
{`const fs = require('fs');
const fsp = require('fs').promises;
// Synchronous — blocks the thread
const data = fs.readFileSync('config.json', 'utf8');
// Callback-based — traditional Node.js style
fs.readFile('config.json', 'utf8', (err, data) => {
if (err) throw err;
console.log(data);
});
// Promise-based — modern, composable
const data = await fsp.readFile('config.json', 'utf8');`}For large files, streams are the better choice. fs.createReadStream and fs.createWriteStream process data in chunks, keeping memory usage constant regardless of file size.
{`const readStream = fs.createReadStream('large-file.csv');
const writeStream = fs.createWriteStream('output.csv');
readStream.pipe(writeStream);`}Path Manipulation
The path module is essential for writing cross-platform code. Windows uses backslashes. POSIX uses forward slashes. path.join and path.resolve handle these differences automatically.
{`const path = require('path');
path.join('src', 'components', 'Button.js');
// 'src/components/Button.js' on POSIX
// 'src\\components\\Button.js' on Windows
path.resolve('src', 'components');
// '/home/user/project/src/components' on POSIX
// 'C:\\Users\\user\\project\\src\\components' on Windows
path.extname('image.png'); // '.png'
path.basename('/docs/readme.md'); // 'readme.md'
path.dirname('/docs/readme.md'); // '/docs'`}Network — http, https, net, and dgram
Node.js was created to build networked applications. The http and https modules let you create servers and make requests without external dependencies. The net module provides TCP sockets. The dgram module provides UDP sockets.
HTTP Server
The http.createServer function is the foundation of every Node.js web framework. Express, Fastify, and Koa all wrap this API.
{`const http = require('http');
const server = http.createServer((req, res) => {
res.writeHead(200, { 'Content-Type': 'application/json' });
res.end(JSON.stringify({ message: 'Hello from Node.js' }));
});
server.listen(3000, () => console.log('Server running on port 3000'));`}HTTP Client
Node.js also provides a built-in HTTP client. For simple requests, http.request is sufficient. For complex cases, the fetch API is available in Node.js 18+.
{`const https = require('https');
https.get('https://api.example.com/data', (res) => {
let data = '';
res.on('data', chunk => data += chunk);
res.on('end', () => console.log(JSON.parse(data)));
});`}TCP and UDP
For protocols other than HTTP, the net and dgram modules provide low-level socket access. net is used for TCP-based protocols like databases and message queues. dgram is used for DNS, video streaming, and gaming protocols that favor speed over reliability.
Crypto and Security — crypto and tls
The crypto module provides cryptographic primitives: hashing, HMAC, ciphers, key derivation, and random value generation. For HTTPS servers, the tls module provides TLS/SSL encryption.
Hashing
Hashing converts data into a fixed-length digest. It is used for password verification, file integrity checks, and cache keys.
{`const crypto = require('crypto');
const hash = crypto.createHash('sha256')
.update('password123')
.digest('hex');
console.log(hash);
// e.g., 'ef92b768b0...'`}Random Values
Never use Math.random for security-sensitive operations. The crypto module provides cryptographically secure random values.
{`const bytes = crypto.randomBytes(32); // Buffer of 32 random bytes
const uuid = crypto.randomUUID(); // RFC 4122 v4 UUID`}Password Hashing
For password storage, use scrypt or pbkdf2. These are key derivation functions designed to be computationally expensive, slowing down brute-force attacks.
{`const salt = crypto.randomBytes(16);
const key = crypto.scryptSync('userPassword', salt, 64);
// Store salt and key in database`}Process and OS — os, process, child_process, and cluster
These modules bridge JavaScript and the underlying operating system. They provide system information, environment access, process control, and multi-process scaling.
System Information
The os module returns static and dynamic information about the host system.
{`const os = require('os');
os.platform(); // 'linux', 'darwin', 'win32'
os.cpus().length; // Number of CPU cores
os.totalmem(); // Total RAM in bytes
os.freemem(); // Free RAM in bytes
os.homedir(); // User home directory
os.tmpdir(); // System temp directory`}Environment and Arguments
The process module is a global that provides the current process context. process.env contains environment variables. process.argv contains command-line arguments.
{`// .env loading (Node.js 20+ supports --env-file)
const dbHost = process.env.DB_HOST || 'localhost';
// CLI arguments
const args = process.argv.slice(2);
// node script.js --port 3000
// args = ['--port', '3000']`}Child Processes
The child_process module spawns new processes. exec runs shell commands and captures output. spawn streams output for long-running processes. fork creates new Node.js processes with an IPC channel.
{`const { exec, spawn } = require('child_process');
exec('ls -la', (err, stdout) => console.log(stdout));
const child = spawn('node', ['worker.js']);
child.stdout.on('data', data => console.log(data.toString()));`}Cluster
The cluster module creates multiple Node.js processes that share the same server port. This utilizes multi-core CPUs, since a single Node.js process runs on only one core.
{`const cluster = require('cluster');
const http = require('http');
const os = require('os');
if (cluster.isPrimary) {
for (let i = 0; i < os.cpus().length; i++) {
cluster.fork();
}
} else {
http.createServer((req, res) => res.end('OK')).listen(3000);
}`}Utilities — util, timers, and url
The util module provides helper functions that smooth over rough edges in Node.js APIs. promisify converts callback-based functions to promise-based ones. inspect formats objects for debugging.
Promisify
Before fs.promises existed, util.promisify was the standard way to use callback APIs with async/await.
{`const util = require('util');
const fs = require('fs');
const readFile = util.promisify(fs.readFile);
const data = await readFile('file.txt', 'utf8');`}Timers
The timers module provides setTimeout, setInterval, and setImmediate. Node.js also exports promisified versions under timers/promises.
{`const { setTimeout } = require('timers/promises');
await setTimeout(1000); // Promise-based sleep
console.log('1 second later');`}Streams and Buffers — stream, buffer, and zlib
Streams are one of Node.js's most powerful abstractions. They handle data incrementally, enabling pipelines that process gigabytes of data with minimal memory usage.
Buffers
Buffers are fixed-length sequences of bytes. They represent binary data in JavaScript, which has no native byte type.
{`const buf = Buffer.from('Hello', 'utf8');
console.log(buf.toString('hex')); // '48656c6c6f'
console.log(buf.length); // 5`}Stream Pipelines
The stream module provides four base classes: Readable, Writable, Duplex, and Transform. The stream.pipeline function safely connects streams and handles cleanup.
{`const { pipeline } = require('stream');
const fs = require('fs');
const zlib = require('zlib');
pipeline(
fs.createReadStream('input.txt'),
zlib.createGzip(),
fs.createWriteStream('input.txt.gz'),
(err) => {
if (err) console.error('Pipeline failed', err);
else console.log('Pipeline succeeded');
}
);`}Events and Async — events, async_hooks, and worker_threads
The events module provides the EventEmitter class, which is the backbone of Node.js's event-driven architecture. Streams, servers, and processes all inherit from EventEmitter.
{`const EventEmitter = require('events');
const emitter = new EventEmitter();
emitter.on('data', (msg) => console.log(msg));
emitter.emit('data', 'Hello');`}For CPU-intensive tasks, worker_threads creates threads that run JavaScript in parallel. Unlike child_process, worker_threads share memory and can exchange data efficiently.
Performance and Debugging — perf_hooks, v8, and vm
The perf_hooks module provides high-resolution timing and performance observation. Use it to measure function execution, database query latency, or HTTP response times.
{`const { performance } = require('perf_hooks');
const start = performance.now();
// ... some work
const duration = performance.now() - start;
console.log(\`Took \${duration.toFixed(2)}ms\`);`}Modules and Globals — require, module, __dirname, __filename
Node.js uses the CommonJS module system. require loads modules. module.exports defines what a module exports. __dirname and __filename provide the directory and file path of the current module.
{`console.log(__filename); // Absolute path to current file
console.log(__dirname); // Absolute path to current directory
module.exports = { greet: () => 'Hello' };
const lib = require('./lib');`}How to Use This Cheat Sheet Effectively
The interactive Node.js built-in modules cheat sheet is organized into nine categories that map to real backend workflows. Use the search bar to find a specific API by name or description. Use the category tabs to browse related APIs together. Every code example includes a one-click copy button so you can paste the snippet directly into your editor.
Start with the File System category if you are new to Node.js. fs and path are the most commonly used modules and provide immediate value for scripting and file processing. Move to Network once you need to build servers or make HTTP requests. The Crypto and Process & OS categories become essential as your applications handle security and deployment concerns.
The Streams & Buffers and Events & Async categories are where Node.js distinguishes itself from other runtimes. If you are building data pipelines, real-time systems, or high-throughput servers, these patterns will become your daily tools. The Performance & Debugging section is worth reviewing before you optimize. Knowing how to measure is as important as knowing what to optimize.
Related Resources
Node.js built-in modules do not exist in isolation. They combine with JavaScript language features and external tools to form a complete backend stack. If you are working with JavaScript arrays and objects, our JavaScript Array Methods Cheat Sheet and JavaScript Error Handling Patterns Cheat Sheet provide complementary runtime references. For TypeScript projects, the TypeScript Utility Types Cheat Sheet and TypeScript Types Cheat Sheet cover the type system. If you deploy with Docker or Kubernetes, the DevOps Commands Cheat Sheet covers the operational side.
Our interactive Node.js built-in modules cheat sheet is the fastest way to look up any API, copy a working example, and understand when to apply it. It is free, runs entirely in your browser, and requires no registration.