Deno — A Node.JS Killer?
Is Deno is an anagram of Node , or acronym of Destroy Node ??
Deno is a secure runtime for JavaScript and TypeScript introduced by Ryan Dahl — the creator of the Node.JS.
“Deno is a secure TypeScript runtime built on V8”
― Ryan Dahl
Deno is supposed to fix all the inherent problems of Node which Ryan Dahl in JSConf called “10 Things I Regret About Node.js”, where he regrets about the several design decisions he took over Node.js. As a decade after Node.js was first announced, JavaScript and the web platform have evolved, and TypeScript has changed the way JS applications are developed. It is an attempt to re-imagine Node.js.
Deno is built with :
- Rust (Deno’s core was written in Rust, Node’s in C++)
- Tokio (the event loop written in Rust)
- TypeScript (Deno supports both JavaScript and TypeScript out of the box)
- V8 (Google’s JavaScript runtime used in Chrome and Node, among others)
It is an attempt to fix the issues with Node.js
Main Issues with Node , Resolved by Deno:
Security :
V8 by itself is a very good security sandbox .Unfortunately in Node everything is just bounced and there is a zero security. When you run a node program , it has access to all sorts of system calls. On the other hand ;
Deno is Secure by default. No file, network, or environment access (unless explicitly enabled) , scripts can’t access files, the environment, or the network.
Not sticking with Promises:
Promises were added very early in Node.js (June 2009) , but removed not very long after (February 2010) with the idea to keep node minimal and promises introduced an extra object into every callback. Promises are the necessary abstraction for async/await and it might have made async/await faster . Today Node’s many async APIs are aging badly due to this.
Package.json:
Allowing package.json gave rise to the concept of a “module” as a directory of files, this is not a strictly necessary abstraction — and one that doesn’t exist on the web. Package.json has all the unnecessary noise in it like license, repository, description.
Deno does not use
npmIt uses modules referenced as URLs or file paths.
The Build System (GYP):
Ryan Dahl addressed this as his biggest regret. Build systems are very difficult and very important for building projects. Using GYP to build a module that links to a C library is a big pain. Chrome dropped GYP for GN. Leaving Node the sole GYP user and the continued usage of GYP is the probably largest failure of Node core.
How Deno is coping with the Node’s Shortcomings:
For security reasons, Deno does not allow programs to access the network without explicit permission eliminating the security threat.. To allow accessing the network, use a command-line flag:
$ deno --allow-net https://deno.land/std/examples/echo_server.tsNo to node modules and Package.json:
No package.json, no node_modules.Deno can import libraries directly from URLs. Deno explicitly takes on the role of both runtime and package manager. It uses a standard browser-compatible protocol for loading modules: URLs This example uses a URL to import an assertion library:
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";Deno.test(function t1() {
assertEquals("hello", "hello");
});Deno.test(function t2() {
assertEquals("world", "world");
});await Deno.runTests();
Deno supports TypeScript out of the box.
Among other things, Deno is a great replacement for utility scripts that may have been historically written with bash or python.
A word of caution: Deno is very much under development.
