What Angular versions does NES support?

NES for Angular supports various versions from v4 to v17. We provide ongoing support and patches to keep your applications secure and operational.

Does NES for Angular help with compliance?

NES for Angular helps maintain compliance by providing security patches and updates, even for older versions. Additionally, our enterprise-grade SLA stands up to HIPAA, SOC-2, PCI DSS, etc., and ensures your compliance with these standards. Many CVEs may affect older Angular versions, and we address those for you.

How does licensing work?

When you purchase Never-Ending Support, you acquire a commercial license for the support services. Our pricing model is based on the number of users who will be committing code to the project repo. Users are unnamed and transferable across team members.

I got an error like "EOL/Obsolete Software: Angular 12.x Detected." What can I do?

This means your application is running Angular 12.x, which has reached end-of-life and no longer receives security updates. NES for Angular provides a drop-in replacement to keep your application secure, compliant, and fully supported. Talk to our sales team to explore your options.

Does HeroDevs have an SLA for NES for Angular?

Yes. Our turn-around times vary based on the severity of the issues found or reported. Security-related issues and data corruption issues are top priority and will be resolved immediately (same day if possible). If required, we can provide our SLA for your team to review.

Which browsers does NES for Angular offer support for?

NES for Angular offers browser compatibility for Chrome, Firefox, Safari and Edge.

Why do I need NES for Angular?

Using an unsupported version of Angular exposes your applications to the risk of security vulnerabilities, incompatibilities, and client SLA violations. Sometimes upgrading to the latest version just isn’t affordable, or will take more time than you can spare, or might exceed the expertise your team can handle. Never-ending support (NES) for Angular means you can stay on your current version of Angular—no migration necessary!—and remain supported until you’re ready to move on.

Secure drop-in replacements for Angular versions v4 - v19

NEVER-ENDING SUPPORT FOR
Angular

Name: NES for Angular
Brand: HeroDevs
Rating: 5 (19 reviews)

Legacy Angular versions still function after support ends — but that's not good enough for internal SLAs, CVE disclosures, and security audits.

Never-Ending Support (NES) for Angular keeps you compliant, secure, and audit-ready without an unplanned migration or risky patchwork.

Patch CVEs, Meet Internal SLAs, Pass Audits — in Minutes.

Get Pricing

View Docs

NES for Angular

is a secure drop-in replacement for

Angular

and takes just a few minutes to set up.

Step 1

Update your package.json

Step 2

Set up token

Step 3

Install & Run!

CVE Protection

0 Security Issue Fixed in NES for Angular
(and always watching for more)

By purchasing Never-Ending Support for Angular from HeroDevs, you’re ensuring that your Angular application stays secure and these vulnerabilities are mitigated. As more CVEs are discovered, you can rest easy knowing HeroDevs has remediated those issues before they’re ever announced publicly.

If you’re currently using Angular in your application’s tech stack, your application is vulnerable to the CVEs listed below.

Switch to NES for Angular in minutes to immediately mitigate these vulnerabilities.

Severity

Technology

Libraries Affected

Breaking Changes Across Versions

Evaluating the effort of a migration can be difficult if you are stuck on a past version of Angular. The migration effort increases as the number of steps to migrate to latest does. If you are using a version of Angular that is out of support, extend your runway and stay secure with NES for Angular.

Version #

Date of Release

Google Support Status

HeroDevs Support Status

2016-09-14

Out of Support

Talk to Sales

HIGH

2017-03-23

Out of Support

Supported

HIGH

2017-11-01

Out of Support

Supported

HIGH

2018-05-04

Out of Support

Supported

HIGH

2018-10-18

Out of Support

Supported

HIGH

2019-05-28

Out of Support

Supported

HIGH

2020-02-06

Out of Support

Supported

HIGH

2020-06-24

Out of Support

Supported

HIGH

2020-11-11

Out of Support

Supported

MEDIUM

2021-04-13

Out of Support

Supported

MEDIUM

2021-11-03

Out of Support

Supported

MEDIUM

2022-06-02

Out of Support

Supported

LOW

2022-11-16

Out of Support

Supported

LOW

2023-05-03

Out of Support

Supported

LOW

2023-11-08

Out of Support

Supported

LOW

2024-05-22

Out of Support

Supported

LOW

2024-11-19

Out of Support

Supported

2025-05-28

LTS Ends 2026-11-28

Supported

2025-11-19

LTS Ends 2027-05-19

Supported

Get Pricing

What is Never-Ending Support?

Security Fixes

A new version of NES for Angular will be released each time we find, validate, and fix a security issue.

Compatibility Fixes

With NES for Angular your team is enabled to continue running in the latest versions of the most popular browsers: Chrome, Safari, Edge, and Firefox.

SLA Compliance

Our patch delivery SLA guarantees that your organization will be compliant with SOC 2, NIS2, PCI DSS, HIPAA, and other compliance standards and regulations.

Learn more.

Team of Experts

NES for Angular is built and maintained by core team members of Angular to ensure the same excellent quality of support you expect.

Easy to Install

Our simple drop-in replacement means all you have to do is change your package.json and rebuild your project. No code changes or find & replace required.

Commercial Contract Assurances

OSS NES is not only secure and compatible, but is offered with industry-standard commercial assurances for the use of HeroDevs Services.

Learn more.

Trusted Team

Rooted in the Angular Community

To ensure the highest quality of service for NES for Angular, we contract with core contributors of Angular. These experts helped build Angular, and know how to ensure that it is secure and compatible with critical platforms.

Miško Hevery

Creator of Angular & Qwik

Contributions

Misko serves as a Consultant Developer and Angular Expert at HeroDevs and architects security solutions for Never-Ending Support for Angular in conjunction with HeroDevs security team.

NES for Angular Essentials

Keep Support For the Libraries You Depend On

Never-Ending Support for Angular Essentials extends support to popular software packages that depend on Angular. With an Essentials subscription, patches to NES for Angular are tested for compatibility with these packages. Critical vulnerabilities or browser incompatibilities discovered in those packages are patched within 14 days.

NES for Angular Essentials includes continued support for these libraries:

Talk to Our Experts

Maintain Compliance

SLA & Regulatory Compliance

Do you have an SLA with your clients to not ship unsupported libraries?
‍
Do you have FedRAMP, PCI, HIPAA, or other compliance concerns?
‍
Our clients breeze past such concerns by having NES for Angular – a fully supported and secured software library.

Related Products

If you're leveraging this technology, chances are you're also using complementary systems that face similar end-of-life (EOL) challenges.

Explore our related NES products that offer proactive, comprehensive support for your entire tech stack to ensure continuity, security, and innovation across all your essential technologies.

View All Products

NestJS

Next.js

Vuetify

Express

ESLint

Nuxt

jQuery

Bootstrap

AngularJS

Protractor

Support

Frequently Asked Questions

Below are common questions our customers have. Of course, we’re happy to meet with you and answer these and other questions you might have.

HeroDevs Blog

Latest News

Security

May 15, 2026

Angular v19 Goes EOL May 19. Angular 22 Is Coming the Same Month. Here Is How to Navigate Both.

Angular v19 reaches end of life on May 19, 2026. Angular 22 is expected to ship around the same time. For enterprise teams, the overlap of an EOL deadline and a new major release is real pressure — and it is manageable if you plan for it correctly.

Security

May 14, 2026

Angular EOL Security in 2026: AI Tooling Is Widening the Gap

Why the gap between modern Angular AI tooling and EOL versions is becoming a critical security risk.

Security

May 12, 2026

CVE-2026-22610: XSS Vulnerability in Angular Template Compiler via Unsanitized SVG Script Attributes

A cross-site scripting vulnerability in Angular's Template Compiler allows attackers to inject and execute malicious scripts through SVG elements. Applications running Angular 18.x and earlier have no upstream patch available. NES for Angular delivers a remediated package for all affected EOL versions.

Contact Us

Got questions about Never-Ending Support for your open-source library? We're here to help!

Discover how HeroDevs NES Products can keep your systems secure and compliant.

Learn how our solutions can deliver value to your organization.

Get detailed pricing information tailored to your needs.

Trusted by industry leaders such as

Talk to an Expert

Thank you! Your submission has been received!

Please enter a company email.

Keep your Angular apps
‍secure after end-of-life
— without migrating.

Drop-in security patches for Angular v4 through v19. No code changes, no forced migrations — keep shipping while we keep you secure.

Get Pricing

View Docs

Browse CVEs

TRUSTED BY ENTERPRISE

Angular Support Status

v4-v17

Google Support

NES Available

v18

Google Support

NES Available

v19

Google Support

NES Available

v20

EOL Nov 2026

v21

EOL May 2027

20+

CVEs Remediated in EOL Angular

Updated as new vulnerabilities are disclosed

What you get from Never-Ending Support (NES) for Angular

Security Patches

A new NES release every time we find, validate, and fix a CVE that affects your version. Continuous coverage — not a one-time backport.

28 CVEs already mitigated

Updated as new vulnerabilities are disclosed.

24-hour critical-issue response

Security and application-breaking issues are top priority.

On-Demand EOL Risk Assessment

81,000+ packages have known CVEs and zero fix path. Your SCA flags the vulnerabilities, but our EOL Dataset (EOL DS) tells you which software is dead.

Try it Now →

Drop-In Compatibility

Point your registry at us, rebuild, ship. No migrations. No find-and-replace.

Versions 4 through 19

Works the same today as it did yesterday.

Works with NgRx, Angular Material, RxJS

Full Angular Essentials ecosystem covered too.

See How It Works →

Support Commitment

Engineered with the contractual and compliance commitments enterprise procurement teams require.

SLA Compliance

Our patch delivery SLA guarantees that your organization will be compliant with regulations like SOC 2, NIS2, PCI DSS, HIPAA, DORA, and CRA.
‍
Learn More →

Commercial Contract Assurances

OSS NES is not only secure and compatible, but is offered with industry-standard commercial assurances for the use of HeroDevs Services.

Learn More →

One command. Your existing setup. Minutes to install.

package.json

"dependencies": {

"@angular/core": "npm:@neverendingsupport/angular-core@19.2.21-angular-19.2.22",

"@angular/compiler": "npm:@neverendingsupport/angular-compiler@19.2.21-angular-19.2.22",

"@angular/router": "npm:@neverendingsupport/angular-router@19.2.21-angular-19.2.22"

}

↳ Same APIs. Same versions. Just patched.

View Documentation →

Update package.json to point at @neverendingsupport/angular-*
add your token to .npmrc
run npm install

Works with Artifactory, Nexus, and your existing CI.

Works with

NPM

Angular CLI

GitHub Actions

Artifactory

Nexus

0 CVEs Remediated

Switch to NES for Anuglar in minutes to fix these vulnerabilities immediately.

Severity

CVE

Built by the people who built Angular

We Partner With Core Contributors

NES for Angular is built and maintained by core team members of Angular to ensure the same excellent quality of support you expect.

We Give Back to Open Source

Open source maintainers do critical work, but rarely get paid for it.

HeroDevs is putting $20 million toward changing that — funding the creators and projects that keep the ecosystem running, with grants from $2,500 to $250,000.

We’ve written patches for unmaintained codebases, tracked down vulnerabilities where no one else was looking, and kept critical systems running safely without rushed rewrites. This fund builds on that work, so maintainers can keep doing what they do best.

Learn More →