Server Fault is a question and answer site for system and network administrators. It only takes a minute to sign up.
Sign up to join this community
I am running an application on my server with the help of Nodejs, and it has many dependencies such as Chrome.
I have not updated my server for two years. I am afraid that if I do, my code will fail and I have no means of reverting it back to before the updates.
Is it bad practice to not update the server? What is the appropriate thing to do in production env?
Yes, it is always a bad idea to ignore updates, as this will make your server vulnerable to known exploits / zero-days (And by the way, it is possible to revert an update in linux).
Your considerations are exactly the reason why the choice of the linux distribution is important in the first place. If you stay at a specific version (lets say ubuntu 22 LTS for example), the updates available to this distribution are only bugfixes and security updates, so that it is guaranteed (more or less), that any call to a function published by any library will do the same before and after the update.
Choosing a LTS version (Long-Term Support) will ensure that your version will receive updates for a longer time-span, because doing a distribution update can be cumbersome. Every Distributor publishes its release plan, which gives you the EOL date for that distribution (after this date, you have to perform a distro-upgrade to continue receiving updates).
