Background
Here is a quick introduction to some of the most promising features in Deno. Before we get started, let's make sure we're on the same page. πβ
Q: What is Deno?
A: A place to run JavaScript or TypeScript (like Node, or a browser (kinda)).
Q: Who made Deno?
A: Ryan Dahl the original developer of Node.js.
Q: Why should I care about Deno?
A: Let's save this answer for the end π.
Overview
π Secure by Default
You may or may not know, but Node is not secure. When you run code in Node that code is able to access your computer and your network. This isn't a concern when you are running your own code, but when you are running someone else's code this is a HUGE security concern.
Deno solves this issue by not allowing code to access anything, unless you allow it to. For example, if you wanted to run a script that is allowed to read files you could write something like this
deno run --allow-read readFiles.ts
The --allow-read flag allows readFiles.ts to read files in the filesystem. However, readFiles.ts is not allowed to write files to the system, to do that we would also need to add the flag --allow-write. Deno offers more than just file access security, you can restrict network access, subroutines, and more. You can learn more about Deno's permissions access here
This practice makes for a much more secure environment where our code can run.
𧩠Uses Modern Code
Deno does a handful of things that are just no brainers to a modern developer. First, are its use of modern ES Modules.
Anyone that has used Node.js (so any web developer), has written some version of the following:
// CommonJS Syntax (Node)
const config = require('/path/to/file');
Deno is built using ES Modules by default, so its imports look something like this:
// ES Module Syntax (Deno)
import config from '/path/to/file';
The reason I like like this is, because it looks more like English. There are some differences between how the two function, but that is explained much better in its own post. Here is an excellent article that does just that!
In addition to modern modules, Deno also comes with some build in web APIs like fetch and setTimeOut. While we would need to import these into Node with a package like node-fetch, in Deno you just type fetch(url) to fetch your data.
π₯‘ TypeScript Out of the Box
TypeScript is a tool that lets us write JavaScript using types. Let's see an example:
// JavaScript
let count = 10;
// TypeScript
let count: number = 6;
While TypeScript is a little more typing, it will make your code less likely to have bugs down the road. The use of this language has been growing for the past couple years. Usually you would need to install TypeScript to use it. Deno takes care of this for you and comes with TypeScript built right in.
π οΈ Built in Tooling
One of the things I think is coolest about Deno are the built in tools. Deno comes with a build-in formatting system, bundling, and testing! Why this is so great is it takes a lot of the tedious configuration out of our hands and takes care of it for us.
In addition, Deno also offers standard modules. These are packages that solve common tasks. These tasks are vetted by the Deno team and guaranteed to work well with Deno.
This is a major aspect Deno gets right. Developers should be writing more code and spending less time configuring files, and deciding between packages.
π§Ό No node_modules!
Deno rethinks how we use code from the community. Rather than having a package manager that manages a million different versions of your modules, Deno allows us to link programs to our code as simple as you would use a script tag in HTML.
Rather than having a massive node_modules folder, Deno's approach to using a module looks like this:
import { serve } from "https://deno.land/std@0.88.0/http/server.ts";
Why Should I Care?
Deno is a new runtime for JavaScript and TypeScript. It streamlines a lot of the ugly parts of Node.js. While it is still in its very early stages it does a lot of things right to make our lives and code better and easier. Keep your eye on Deno and try it out on your next scripting project.
If you are interested in trying Deno out, I recommend this playlist by The Net Ninja
Want to hear more about the motivation for Deno?
Watch 10 Things I Regret About Node.js - by Ryan Dahl
Links to stay in touch with me
Thanks so much for reading and let me know your thoughts below!
Discussion (4)
I feel
node_moduleswas safer approach when user needed to explicitly install modules and are aware of what is being installed.Directly downloading module from web isn't secure. Deep down nested module, what if one module is running malicious code. It is not only about the file access security.
There are other permissions that Deno gives you control over, not just file access. I should have mentioned that! You can read more about those here if you'd like.
npmornode_modulesbecome safer when you are using packages that thousands of other people use. In that case, you can feel pretty safe that those packages are tested and safe.At the end of the day, in both environments you are running someone else's code which can be a security risk. The fact that Deno comes with these security features make it more safe on paper. In reality, you are right, using a stable tested npm package will probably for the time being. Thanks for the comment!
I checked it already,
allow-netdoesn't say anything about hosted modules, it means if I allow modules over net, I am also exposing code to same domain. In installed modules I can run code without giving net access.You are right. I was confusing permissions with installed modules. However, Deno also run code in a sandbox which is more secure than node.