DEV Community

.cult by Honeypot
.cult by Honeypot

Posted on

Deno vs. Node: No One is Ready for the Move

This article was originally published on .cult by Honeypot by _Piumi Liyana Gunawardhana. You can see the original article here, and check out some of our other stories!_

A lot can be said about Deno's modern design. But can it win the race against Node.js, the most popular JavaScript runtime environment?

Introduction

There is no argument in saying that Node.js is the world’s most popular and widely used JavaScript runtime environment. But, the arrival of Deno in 2018 created a big hype, and developers can now access a more secure framework with modern features.

Deno is introduced by the same author (Ryan Dahl) as Node.js. It's dubbed as its successor, here to fix some of the major design pitfalls in Node.js. Although, the announcement of Deno sparked a lot of speculation about whether or not Deno is replacing Node.js. So far, there haven't been any significant changes. Most developers remain satisfied with Node.js.

In this article, I'll try to explain why the adoption of Deno has become very slow, and why, people still prefer Node.js. I'll then attempt a comparison between Node.js and Deno.

What is Node.js?

Node.js is a prevalent server-side, open-source, cross-platform JavaScript runtime environment built on Google’s V8 JS engine. It's been dominating the web development world since 2009.

Node mainly focuses on event-driven HTTP servers. When it comes to handling requests, it runs a single-threaded event loop registered with the system, and each incoming request triggers a JavaScript callback function. The callback functions are capable of handling requests using non-blocking I/O calls.

Additionally, it can distribute the load among CPU cores by spawning threads from a pool to carry out blocking or CPU-intensive tasks. Unlike most rival frameworks that scale via threads, Node’s callback function-based scaling mechanism can accommodate more requests with minimal memory usage.

Node.js is lightweight and ideal for scalable, data-intensive, real-time web applications that can run on distributed devices thanks to its asynchronous I/O and event-driven architecture.

What is Deno?

Image description

As previously mentioned, Deno is a new JavaScript framework that seeks to address Node’s design shortcomings and provide a modern development environment. According to Dahl, the creator of both runtimes, Node.js has three significant drawbacks.:

A poorly designed module system that

relies on centralized distribution.

Unstable legacy APIs.

Lack of security.

Deno supposedly fixes all three problems and provides a better experience.

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults and no file, network, or environment access unless explicitly enabled. It’s built on V8 JS Engine, Rust, and Tokio. Deno adopts web platform standards, it's always distributed with a single executable file and has built-in development tooling to provide a productive, secure runtime. It has a set of reviewed (audited) standard modules that are ensured to function properly during the Deno runtime. Deno also supports native TypeScript file execution without the need for further configurations.

Related content for your soul and skill:

- TypeScript vs JavaScript? Is TypeScript a better JavaScript?

- The best JavaScript frameworks for frontend developers

- 7 ways ChatGPT can help developers

Deno vs. Node: Main Differences

Now, let’s look at a head-to-head comparison between Node and Deno.

Third-party package management

With Deno, developers can install packages straight from URLs without having a centralized registry like npm. Despite the risk of downloading packages directly from and URL -for example, if the server hosting the package is compromised, an attacker could modify the code to include malicious functionality- Deno offers a way to mitigate this by caching downloaded modules. Packages can be directly imported into the script as a library. By allowing scripts to run from any public URL, Deno eliminates the necessity for a package manager to import the modules. However, there is still a risk in importing modules from a third party. Package.json file and node_modules file is also removed.

In contrast, Node.js uses npm to handle all packages. It also has a vast ecosystem of libraries and packages.

Deno’s module import mechanism is more flexible than Node’s, allowing you to import code from anywhere, including GitHub and any CDN or registry you host. This enables seamless module imports without the need for downloading or installing.

APIs

Node.js was created before the concept of Promises, or async/await, was introduced in JavaScript. Hence, most APIs were designed to accept an error-first callback. This method frequently created wordy and complex code. Now that Node developers have access to this async/await syntax, they must also manage backward compatibility because APIs change frequently and are unstable.

In Deno, this is entirely different. There is no requirement to encapsulate in an async function since it already uses await and supports the latest JavaScript features. So, Deno facilitates binding future-based APIs into JavaScript promises by simplifying this process for developers. Deno is also intended to be compatible with the web platform APIs used by JavaScript code running in browsers. A number of the most popular advanced web APIs, such as Fetch, Web Storage, Web Workers, and Broadcast Channel are supported in a way that meets standards.

Security

Security was one of the main reasons Ryan Dahl created Deno.

Deno executes all the code in a secure sandbox environment that forbids access to the file system. Deno first asks for authorization before accessing the file system.

To get permission, you'd need to get it via a command-line argument that would prevent any file from being removed without the developer’s consent. Several command line flags in Deno can be used at runtime to enable particular functionalities for particular scripts. These functionalities are inactive by default; you must explicitly set a flag for any elements your script might require.

These flags consist of:

Image description
Node.js was never supposed to be a highly secure framework. For example, Node doesn't require granting access to read or write to the file system and it's not sandboxed. So, any third-party library can cause trouble with a little bit of negligence. Also, there are standard security measures that guard against threats like cross-site request forgery (CSRF) and cross-site scripting (XSS) advantageous to Node users. These mechanisms involve checking the logs, correctly managing errors and exceptions, and verifying user input.

So, despite getting used to the security module’s strictness, Deno is the best option for a more secure environment.

TypeScript Support

TypeScript is a superset of JavaScript that enables users to add optional static typing. Deno supports TypeScript out of the box by utilizing a TypeScript compiler with a caching technique. As a result, Deno can compile, type-check, and execute your code without translating it to JavaScript.

Although Node.js lacks inherent TypeScript support like Deno, TypeScript is a well-known and widespread language in the Node.js community thanks to the TypeScript package. As a result, TypeScript and Node can function along quickly with minimal effort. If you already have Node and npm installed, you just have to run npm install -g typescript to install TypeScript on your machine globally. Next, run tsc --init to create a TypeScript configuration file. The TypeScript compiler tsc can then be used to compile your .ts files.

Join Honeypot if you're looking for your next developer job

Top comments (1)

Collapse
 
nirjonnahuel1 profile image
Nirjon nahuel | Areon

🌐 Explore the future of tech with Areon Network's Hackathon! Dive into the coding adventure at hackathon.areon.network and stand a chance to win a share of the $500,000 prize pool. Let the innovation flow! 🚀💻 #TechFuture #AreonNetwork