DEV Community

Explain Deno Like I'm Five

Ben Halpern on May 11, 2020

Deno just hit 1.0, for anyone out of the loop can we summarize what it is and what it means?

Collapse
 
rehmatfalcon profile image
Kushal Niroula

A javascript runtime that essentially restricts all access unless explicitly provided by the user. Also, it has typescript support out of the box. Also, it essentially decentralizes package sharing by using URLs for retrieving javascript codes (just like we do by using script tags in the browser).

It seems, and apparently is (based on Ryan Dahl's presentations), like a do-over of Node by learning from its mistake.

However, there are large code bases written in Node, and since Deno does not try to be compatible with node, it would be interesting to see how or if the transition will happen.

Collapse
 
jsn1nj4 profile image
Elliot Derhay • Edited

I wondered about that last point myself. No doubt there will be projects that can take advantage of Deno, but the Node ecosystem and market share are huge. It would take a long time for this kind of transition to happen.

Collapse
 
rehmatfalcon profile image
Kushal Niroula

Among other things, Deno is a great replacement for utility scripts that may have been historically written with bash or python.

The above is from the introduction page of Deno. So, maybe Node and Deno won't compete but co-exist. Deno seems, at the moment, focused to make CLI apps generation easier, or at least that is what I gather from the above quote.

Thread Thread
 
jsn1nj4 profile image
Elliot Derhay

That sounds interesting.

Also, I realize you have to explicitly give Deno certain permissions at runtime, but I'm skeptical of the idea of using ES module imports with third-party URLs for server-side code. Maybe I just need to read up on that...

Thread Thread
 
rehmatfalcon profile image
Kushal Niroula

Yes, I think that will be addressed in some way as the platform matures. However, researching before using a third party package/URL is a must. So, we need to ensure that we only use those packages that we absolutely trust.

The other issues have been solved by the Deno team already. Mainly, importing the packages and exporting them; this ensures that we know the packages that we are using and that we use only single version of any library/package. Next, the Deno automatically caches code the first time we install dependencies, so our software won't break because of change in code from the URL. We could also version control our dependency if we want.

Collapse
 
v6 profile image
🦄N B🛡

A javascript runtime that essentially restricts all access unless explicitly provided by the user.

Chill.

Collapse
 
buzzedison profile image
Edison Ade

Yeah. Interesting times. Can’t wait to see how it all plays out.

Collapse
 
ryansmith profile image
Ryan Smith

Ryan Dahl (the creator of Node.js) did a talk about thing he regrets about Node.js. The post and comment below summarize the talk.

Deno was created to help address those issues. Since Ryan Dahl is a proven creator and the issues it is trying to address are things that have caused problems in the Node ecosystem, it has organic word-of-mouth around it as a real successor to Node.js.

The goal of Node was event driven HTTP servers.

5:04
1 Regret: Not sticking with Promises.
* I added promises to Node in June 2009 but foolishly removed them in February 2010.
* Promises are the necessary abstraction for async/await.
* It's possible unified usage of promises in Node would have sped the delivery of the eventual standartization and async/await.
* Today Node's many async APIs are aging baldly due to this.

6:02
2 Regret: Security
* V8 by itself is a very good security sandbox
* Had I put more thought into how that could be maintained for certain applications, Node could have had some nice security guarantees not available in any other language.
* Example: Your linter shouldn't get complete access to your computer and network.

7:01
3 Regret: The Build System (GYP)
* Build systems are very difficult and very important.
* V8 (via Chrome) started using GYP and I switched Node over in tow.
* Later Chrome dropped GYP for GN. Leaving Node the sole GYP user.
* GYP is not an ugly internal interface either - it is exposed to anyone who's trying to bind to V8.
* It's an awful experience for users. It's this non-JSON, Python adaptation of JSON.
* The continued usage of GYP is the probably largest failure of Node core.
* Instead of guiding users to write C++ bindings to V8, I should have provided a core foreign function interface (FFI)
* Many people, early on, suggested moving to an FFI (namely Cantrill) and regrettably I ignored them.
* (And I am extremely displeased that libuv adopted autotools.)

9:52
4 Regret: package.json
* Isaac, in NPM, invented package.json (for the most part)
* But I sanctioned it by allowing Nod's require() to inspect package.json files for "main"
* Ultimately I included NPM in the Node distribution, which much made it the defacto standard.
* It's unfortunate that there is centralized (privately controlled even) repository for modules.
* Allowing package.json gave rise to the concept of a "module" as a directory of files.
* This is no a stictly necessary abstraction - and one that doesn't exist on the web.
* package.json now includes all sorts of unnecessary information. License? Repository? Description? It's boilerplate noise.
* If only relative files and URLs were used when importing, the path defines the version. There is no need to list dependencies.

12:35
5 Regret: node_modules
* It massively complicates the module resolution algorithm.
* vendored-by-default has good intentios, but in practice just using $NODE_PATH wouldn't have precluded that.
* Deviates greatly from browser semantics
* It's my fault and I'm very sorry.
* Unfortunately it's impossible to undo now.

14:00
6 Regret: require("module") without the extension ".js"
* Needlessly less explicit.
* Not how browser javascript works. You cannot omit the ".js" in a script tag src attribute.
* The module loader has to query the file system at multiple locations trying to guess what the user intended.

14:40
7 Regret: index.js
* I thought it was cute, because there was index.html
* It needlessly complicated the module loading system.
* It became especially unnecessary after require supported package.json

15:28 Talks about Deno.

Collapse
 
wuz profile image
Conlin Durbin

I wrote this a while back, but I think it needs to be said:

I can't support Deno until the project adds an explicit Code of Conduct and address the problems they seem to be having with diversity and inclusion.

Collapse
 
dak425 profile image
Donald Feury

What are these problems you speak of?

Collapse
 
wuz profile image
Conlin Durbin

There have been multiple attempts to add a Code of Conduct to the deno core repo.

This one, in particular, has some incredibly egregious anti-diversity rhetoric. The core maintainer (Ryan Dahl) has basically taken the approach that a CoC isn't needed outside of a link to what "being professional" means, where the README links to the Rust CoC. The general lack of enthusiasm for a CoC and the attitude that "unnecessary" files clutter the core repo (with a CoC being unnecessary) does not inspire confidence that they would be willing to enforce a CoC at any point.

Until there is a serious change in that policy and clear examples of them enforcing a CoC, I can't recommend the project in good faith.

Thread Thread
 
dak425 profile image
Donald Feury

My lack of experience with an open source project may be a handicap for me here but what does having a CoC have to do with a piece of software being good and a good fit for someone's project?

If a piece of software solves a problem well, what does any of this other stuff matter?

Thread Thread
 
wuz profile image
Conlin Durbin

This is common anti-diversity rhetoric and a common point of confusion for a lot of folks. Let me try to explain it.

There is a real, tangible question as to whether a piece of software can solve a problem well if the people who built it are a homogenous group. Diversity breeds innovation and lack of diversity leads to products that usually cause more harm than good.

Having a CoC protects people who are typically minoritized and abused by the majoritized group. Enforcing a CoC ensures that everyone can contribute to a piece of software, which in turn creates better software.

In the same way a linter is essential to keep up code quality standards, a CoC is essential for enforcing quality standards on human interactions.

Thread Thread
 
mosfetish profile image
mosfetish

This is goobledygook.

There are no "real, tangible" questions about the ability of software to solve problems aside from the software actually solving the problem. The software offered either provides a solution or it doesn't. Being an all-female software team, say, developing a framework like Deno has no bearing on whether it can be used by men.

What exactly would be the code paradigms used in such a framework, written by an homogeneous group like women, that would prevent men from fully implementing the framework?

Thread Thread
 
dak425 profile image
Donald Feury

I'm going to admit I'm not following the logic with that.

Now, if when you say "homogeneous" you're talking about the whole team having very similar thoughts and ideas, I could see the logic. However, unless you got very good evidence to validate the claim that the whole team has the same train of thought and values, this sounds like baseless assumptions.

If you mean "homogeneous" in the sense of arbitrary physical and personal traits (gender, romantic preferences, etc), I don't get what that would have to do with the team having a diverse spectrum of views and values.

I'm still not sure I understand the real significance of a CoC. Its not like its law, nothing holds ANYBODY to uphold it.

I don't really see what would be wrong with, I guess, a simple CoC that just says something like:

Treat each other like human beings

Thread Thread
 
mihaisavezi profile image
Mihai

Yes. Some common sense.

Thread Thread
 
mihaisavezi profile image
Mihai

It's a pity that we bring our own personal hurt and pain, and cover it in pretend help.

Collapse
 
v6 profile image
🦄N B🛡 • Edited

Not to get too meta here, but is there, like, a Code of Conduct for Codes of Conduct?

Collapse
 
mihaisavezi profile image
Mihai

Oh boy, oh boy. I explicitly signed up, just to say, that I support this project BECAUSE it doesn't add that seed of political correctness, that can infect a project.

Collapse
 
wuz profile image
Conlin Durbin

I mean, you're wrong and this comment proves exactly why a CoC is important.

Thread Thread
 
aybee5 profile image
Ibrahim Abdullahi Aliyu

I'm unfamiliar with the CoC in OSS. Please explain why it's needed

Collapse
 
hellovietduc profile image
Duc Nguyen • Edited

Some guy made a toy for kids who like playing in the "back". It became so popular and widely played that when he realized the flaws in the first version of his toy, he moved on to make another toy instead. This one is more secured so kids don't get hurt while playing. It uses the same mechanism used in toys for kids who like playing in the "front" yard, to connect toys together. It comes with other cool features and now kids who have the first version are questioning themselves should they move on too.

Collapse
 
aybee5 profile image
Ibrahim Abdullahi Aliyu

Now, this is someone explaining it like he's doing so to a 5 year old.

Collapse
 
anuraghazra profile image
Anurag Hazra

None of the explanations are 5 years old kid friendly 😆

Collapse
 
gregfletcher profile image
Greg Fletcher

Browser Compatibility

Deno's API is built to follow the browser's API. This means that developers can easily go between the two. It's also a big gesture to align with the Web Standards. Rather than invent something different. Deno supports the web community by building on top of it

Decentralized Packages
Using URLs for packages also aligns with the web. URLs are what the web is built upon. So it makes sense to align with that also. Plus the GoLang community uses this method. So it's battle-tested.

Breaking Change From Node
Deno offers a similar development experience but with the opportunity to start fresh. The community has matured a lot since Node.js was created. All that experience can be brought into Deno to make better decisions for the future.

Mascot
Deno the Dinosaur is cute. That's +1 over Node.js ;)

Also, just to be clear. I love using Node.js. Just excited that Deno builds on what was amazing about Node.js and makes it even better.

Collapse
 
k4ml profile image
Kamal Mustafa

One problem with using url for importing package is that it mix the concept of package location and package name (where it being referenced in the code). You'll start discover this problem when you want to change where the package come from (for example you have to fork some package into your own repo) but don't want to change the source code to refer to the new location.

In Python for example, where package name and package location is distinct, I just need to tell the package manager the new location of the package. In the code that referencing the package I don't have to change anything as it still the same package name.

Go has been suffering this since the beginning and only recently came out with mechanism on how to handle this.

Collapse
 
k4ml profile image
Kamal Mustafa

This seem to be solved with import map but for now it still unstable feature.

deno.land/manual/linking_to_extern...

Collapse
 
benyou1324 profile image
Mansour Benyoucef ☕ • Edited
  • is a software, built on top of V8 JavaScript engine.
  • Easy to get started with.
  • Typescript support out of the box.
  • Security: when using others code(library), it's your responsibility to give access to use network, read/write files, etc...
  • You don't need folder that contains +999999 folders/files in it
Collapse
 
v6 profile image
🦄N B🛡

"OK Johnny we all had a talk and decided to take the bullets out of your toy gun. Because they are sharp and you were hurting the other kids with them, you see? Now please hand it over. Johnny, no, don't point it that way. You put that down right now."

Collapse
 
vonheikemen profile image
Heiker • Edited

I like to think Deno is the answer to the question "what if new versions of node didn't have to be backward compatible?" and just a tiny pinch of the "let's rewrite it in Rust" trend.

Collapse
 
jeikabu profile image
jeikabu • Edited

And it was done in Rust. As should be considered for all performance sensitive green-field "system" software.

Collapse
 
5422m4n profile image
Sven Kanoldt

The race to build yet another eco system has started. Typescript only this time. Great times ahead IMHO.

Collapse
 
belhassen07 profile image
Belhassen Chelbi

It's something you do when you create something great but it turns out you wanna do better.

Collapse
 
menaiala profile image
Menai Ala Eddine

I tried to read Deno but I did not find a motivation to learn it. I found the documentation a little complicated.

Collapse
 
rubiin profile image
Rubin

For those of you starting to use deno, i have just created dotenv package which is a port of the nodejs dotenv package. Try it here deno.land/x/denoenv/

Collapse
 
aybee5 profile image
Ibrahim Abdullahi Aliyu

You also 😂