chore: bump node and npm versions

[fredericoo]

WHY are these changes introduced?

Node v20 will reach end of life on 30 Apr 2026

This PR bumps the node version to the current LTS and npm to the version that comes bundled with that given node version (https://nodejs.org/en/blog/release/v24.11.1)

WHAT is this pull request doing?

• Updates Node.js version from v20 to v24.11.1 in .nvmrc
• Updates npm version requirement to v11.6.2 in package.json
• Updates engine requirements in package.json to specify minimum Node.js v24.11.1 and npm v11.6.2

HOW to test your changes?

1. Install Node.js v24.11.1 (using nvm: nvm install && nvm use)
2. Update npm to v11.6.2 (npm install -g npm@11.6.2)
3. Run npm install
4. Verify the project builds and runs correctly with the new Node.js and npm versions
5. Run tests to ensure compatibility

Checklist

• I've read the Contributing Guidelines
• I've considered possible cross-platform impacts (Mac, Linux, Windows)
• I've added a changeset if this PR contains user-facing or noteworthy changes
• I've added tests to cover my changes
• I've added or updated the documentation

[fredericoo]

• chore: bump node and npm versions #3404 👈 (View in Graphite)
• main

This stack of pull requests is managed by Graphite. Learn more about stacking.

[shopify]

Oxygen deployed a preview of your 01-23-chore_use_node_lts_for_monorepo branch. Details:

Storefront	Status	Preview link	Deployment details	Last update (UTC)
Skeleton (skeleton.hydrogen.shop)	✅ Successful (Logs)	Preview deployment	Inspect deployment	January 26, 2026 2:20 PM

Learn more about Hydrogen's GitHub integration.

[fredericoo]

we don’t have to bump this, if you have strong feelings to keep using npm v10 im happy to revert

the more important part is that all devs use corepack enable so we don’t have lockfile conflicts between npm 10 and 11 (look at the changes in this PR, those were lockfile v11 upgrades)

[frandiox]

It seems the lockfileVersion in package-lock didn't change so it's probably OK to bump this

[github-actions]

We detected some changes in packages/*/package.json or packages/*/src, and there are no updates in the .changeset.
If the changes are user-facing and should cause a version bump, run npm run changeset add to track your changes and include them in the next release CHANGELOG.
If you are making simple updates to examples or documentation, you do not need to add a changeset.

[graygilmore]

If we're going to use multiple versions we will probably want to update our CI workflows to run tests on both, too, instead of leveraging the .nvmrc https://github.com/Shopify/hydrogen/blob/main/.github/workflows/ci.yml#L19

We'd need to set up a matrix kind of like the CLI: https://github.com/Shopify/cli/blob/main/.github/workflows/tests-main.yml#L34

(or we could just roll with v22 for now)

[fredericoo]

• 22 only makes more practical sense (or 24 only even)
• this is only the monorepo, e2e tests run against the dev app which runs on workerd so no need to run those again
• unit tests already have low parity with prod, as our app runs on node/workerd at a number of versions (you can fully pass a unit test and fail to build in oxygen by using node:fs in a function)

[frandiox]

Devs will test locally with v24, let's keep v22 covered on CI at least 🤔

[frandiox]

Just a comment on CLI versioning, otherwise I think it's good to bump this for the next major release, thanks!

[frandiox]

Oof, it seems Shopify's CLI relies on Node v20. Perhaps we should add ^20 || ^22 || ^24 here as well to ensure our plugin works with the global CLI bundling?

I don't think they require v20 for "running" the CLI, but at least during the bundling process they will install our plugin and use v20 to do things 🤔

[frandiox]

It seems the lockfileVersion in package-lock didn't change so it's probably OK to bump this

[kdaviduik]

The node version in dev.yml also needs a bump. We have a CI check for this but this PR was put up before this was added