Let’s talk about Deno and why it may be the better alternative to Node.js.
Before we start, what is Deno?
Deno is a command-line runtime for executing JavaScript and TypeScript. It’s a framework around V8, uses Rust, and has the TypeScript compiler built into it.
Cool Deno features we will mention:
- Secure execution by default
- Single executable
- Import from URLs
- Simple and browser-compatible module system
- TypeScript out of the box
- Full development environment
- Full toolset
So why Deno?
If Node.js is working, why rewrite it? Well, first of all, JavaScript has changed considerably since Node.js was designed in 2009. For example, async/await and promises are now standard. JavaScript now also has a new module system (ES Modules), typed arrays (no concept of using binary data inside of JS when Node was originally designed), and TypeScript, which has been a very nice supplement to JavaScript.
Node.js has room for improvement
Secondly, Node.js has some problems, a few of which Ryan Dahl mentioned in a talk introducing Deno. With the package management system centralized in one location, the module system is poorly designed. Another issue is with regards to the topic of security. Although V8 itself is a secure sandbox, Node has compromised this sandbox in order to do things such as opening sockets and reading files, etc. When you’re running a Node program, you lose security.
Secure execution by default
Deno on the other hand is a secure execution by default, meaning when you run a program in Deno, you don’t need to trust it because, by default, you have no access to the system and can’t open files or sockets. Deno enables people to run untrusted third-party code safely.
For your app to be allowed to access the network, it must be given authorization with the command:
deno run --allow-net app.ts
To interact with the system, Deno allows the user to opt in to various permissions such as reading from files systems with the command
--allow-read=/temp.
Single executable
This is another perk of Deno and it has been told that it will always remain this way. Deno ships on Mac, Linux, and windows. It is aimed to be kept independent from system libraries.
Import from URLs
Now for the most obvious change.
import {serve} from “https://deno.land/std@0.50.0/http/server.ts”
In Deno, you can import from URLs, the idea being to replace the entire modules system. This enables more distribution, as code can now be served up from any URL. The module resolution scheme in Node is a bit more complicated, as there are node_modules and index.js to worry about, which is troublesome for a lot of systems including TypeScript.
Deno’s approach is more simple, using only relative or absolute URLs. Deno does not rely on NPM at all — instead, you can import libraries via the URL. In Deno, modules and files are regarded as the same concept, which simplifies the mental model for users.
Simple and browser-compatible module system
Deno has a module system that is not dependent on a centralized server. The runtime fetches, caches, and compiles code transparently. It can work offline using a download cache. This provides the possibility to work and fetch resources even when there is no access to the internet, simulating the same process as when you npm install something. On the first run, you can deno fetch to download and cache these dependencies.
TypeScript out of the box
Most importantly, Deno supports TypeScript out of the box, meaning that TS is compiled into Deno. The feature V8 Snapshots is used to start up the TS compiler quickly, with no need to recompile each time. It can also deal with JavaScript, without any problem, out of the box.
Full development environment
Since all dependencies are expressed as code, there is no need for package.json. deno info {url} gives you a dependency tree of all modules that were loaded in there. deno info also works on ES modules, even if there are random ES modules on the web nothing to do with Deno.
Full toolset
Deno’s vision is to provide a full toolset in a single binary.
With commands such as deno install, deno info, deno bundle, and deno fmt, Deno acts like a multi-functional tool to run programs without having anything else installed on your machine.
Final thoughts
So while Deno and Node.js both share the same origin, there are some strong arguments for why Deno may indeed be the easier and more efficient choice. But this, by far, does not mean that Node will be replaced, at the end of the day, it is up to user preference.
Let us know what you think about Deno and Node.js! Which one do you prefer?
One more thing to note is that Codesphere fully supports Node.js and TypeScript and we are happy to introduce Deno support out of the box as well if there is a demand for it within our community. :)
Top comments (34)
What’s up with the sandbox security problem ?
node was designed to ”leverage” javascript as a real language that can interact with the system.
By saying node opened a security breach, you re just saying every computer language is flawed.
It is not a thing that Node introduced, but it has been one of the most affected by far, with increasing numbers of malitious packages being published to NPM
The reality is that when using third party libraries nobody guarantees they are safe to use, so at least the sandbox gives you the option to debug these issues, something no other system (that I know of) has allowed you to do before
What I meant with the problem with node and security is that when we use NPM to install a package for our node app, we are not always aware of what is happening. It can in a sense do something unauthorized.
There has in the past been a scandal with NPM packages. If you want to read more on that: javascript.plainenglish.io/the-big....
Meanwhile, Deno does not rely on NPM at all.
Potentially you could say this is a problem with all modern languages that Deno at least partially fixes. I mean how do I know if I run some random Python thing from github on my machine that it won't just remove all my documents on my computer other than it never has happened to me personally? Bad things have happened in Node though I understand, whether it's their fault or it's the fault of open source software doesn't matter. I could read all the code thoroughly but that's still no guarantee I'll catch everything (or even anything). Maybe Deno is genuinely breaking new ground here as with Deno I could deny it the security required to do so. Just because none of the other languages have acknowledged it doesn't mean it isn't a problem.
I think it's less about criticizing Node.js or any other programming language, and more about highlighting a problem that Deno team addresses.
Deno.is cleaelt the better choice. I just hope that the community adopts it so that we can use in production
The community already adopted it.
Not quite. The node community is many times larger
That doesn't mean the community hasn't adopted it. What is your definition of community?
Stackoverflow questions, youtube videos, articles, etc
What is required is community parity, so everything node supports you want node to support as well, for example a Gulp alternative on deno.
But videos and stackoverflow questions on the core packages such as io and event system are necessary
Yeah, they are nesscarry but that isn't what people mean when they say they want community support, what they mean is that they want community parity between node and deno.
There's definitely room for growth in regards to spreading more awareness about the benefits of Deno!
I went through the syntax the base setup and while I like everything , I'm going to wait for a few more major releases before I start using it in prod.
The same applies for a lot of languages that I wish to try.
There's V , deno, even nim.
Though in case of nim , a lot of programmers already consider it a primary language, i think it'll get even more stable and i'm just waiting for that before I dive into it.
I've actually never tried nim, but now I'm very curious to give it a shot.
I wanted to try nim because of my requirement to build GUI apps and that's one languages that's kinda aiming towards being able to build customized native apps without configuring a lot.
As for V, the same reason applies and the developer has built a lot of things using V, there's a github alternative, there's a few compilers, tools, a package manager, the language's compiler itself is partially in V. So i'm rather impressed at the developer's work and wish to use it soon. Following that language quite closely, should probably help him but I really have 0 idea about actually writing compilers, could help him in the github alternative
That sounds like an interesting project to work on and contribute to. Best of luck in your efforts! Writing language compilers is interesting. I used to work with blockchain VMs and had to interact with their languages on the opcode level. Interesting stuff.
It definitely is.
Very interesting. May be we should write articles about V and nim.
I, personally, am waiting few more major releases for Deno. I also want to have stable standard libraries.
Hmm... Deno does sound interesting. Could you suggest any good resources to learn how to use Deno?
🦖🦖🦖🦖🦖🦕🦕🦕🦕
Their official documentation is on point. Check it out: deno.land/manual@v1.7.5/introduction
I personally have only watched videos on Youtube, and there's definitely a lot more to learn.
That was an interesting and well-written article. Thanks!
Now I'm curious to learn more about Deno.js 👍
Thank you, really glad you enjoyed it! Please share your experience when you do :)
Love the article!
thanks Christian!
The problem with Deno as I see it is that it's missing client side build tools, so I can't switch my current setup for Deno.
That's a very important point for so many of us.
I no longer even use node js for servers but the build tools collection node has is unmatched by every programming language.
Great article!
thanks Cong! :)
Amazing article, Saji. Bravo!
Thanks for sharing.
Means a lot, thanks Roman! :)