Simon Pfeiffer for Codesphere Inc.

Posted on Feb 26, 2021

Say yes to Deno?

#typescript #javascript #codequality #webdev

Let’s talk about Deno and why it may be the better alternative to Node.js.

Before we start, what is Deno?

Deno is a command-line runtime for executing JavaScript and TypeScript. It’s a framework around V8, uses Rust, and has the TypeScript compiler built into it.

Cool Deno features we will mention:

Secure execution by default
Single executable
Import from URLs
Simple and browser-compatible module system
TypeScript out of the box
Full development environment
Full toolset

So why Deno?

If Node.js is working, why rewrite it? Well, first of all, JavaScript has changed considerably since Node.js was designed in 2009. For example, async/await and promises are now standard. JavaScript now also has a new module system (ES Modules), typed arrays (no concept of using binary data inside of JS when Node was originally designed), and TypeScript, which has been a very nice supplement to JavaScript.

Node.js has room for improvement

Secondly, Node.js has some problems, a few of which Ryan Dahl mentioned in a talk introducing Deno. With the package management system centralized in one location, the module system is poorly designed. Another issue is with regards to the topic of security. Although V8 itself is a secure sandbox, Node has compromised this sandbox in order to do things such as opening sockets and reading files, etc. When you’re running a Node program, you lose security.

Secure execution by default

Deno on the other hand is a secure execution by default, meaning when you run a program in Deno, you don’t need to trust it because, by default, you have no access to the system and can’t open files or sockets. Deno enables people to run untrusted third-party code safely.
For your app to be allowed to access the network, it must be given authorization with the command:
deno run --allow-net app.ts

To interact with the system, Deno allows the user to opt in to various permissions such as reading from files systems with the command
--allow-read=/temp.

Single executable

This is another perk of Deno and it has been told that it will always remain this way. Deno ships on Mac, Linux, and windows. It is aimed to be kept independent from system libraries.

Import from URLs

Now for the most obvious change.
import {serve} from “https://deno.land/std@0.50.0/http/server.ts”
In Deno, you can import from URLs, the idea being to replace the entire modules system. This enables more distribution, as code can now be served up from any URL. The module resolution scheme in Node is a bit more complicated, as there are node_modules and index.js to worry about, which is troublesome for a lot of systems including TypeScript.

Deno’s approach is more simple, using only relative or absolute URLs. Deno does not rely on NPM at all — instead, you can import libraries via the URL. In Deno, modules and files are regarded as the same concept, which simplifies the mental model for users.

Simple and browser-compatible module system

Deno has a module system that is not dependent on a centralized server. The runtime fetches, caches, and compiles code transparently. It can work offline using a download cache. This provides the possibility to work and fetch resources even when there is no access to the internet, simulating the same process as when you npm install something. On the first run, you can deno fetch to download and cache these dependencies.

TypeScript out of the box

Most importantly, Deno supports TypeScript out of the box, meaning that TS is compiled into Deno. The feature V8 Snapshots is used to start up the TS compiler quickly, with no need to recompile each time. It can also deal with JavaScript, without any problem, out of the box.

Full development environment

Since all dependencies are expressed as code, there is no need for package.json. deno info {url} gives you a dependency tree of all modules that were loaded in there. deno info also works on ES modules, even if there are random ES modules on the web nothing to do with Deno.

Full toolset

Deno’s vision is to provide a full toolset in a single binary.
With commands such as deno install, deno info, deno bundle, and deno fmt, Deno acts like a multi-functional tool to run programs without having anything else installed on your machine.

Final thoughts

So while Deno and Node.js both share the same origin, there are some strong arguments for why Deno may indeed be the easier and more efficient choice. But this, by far, does not mean that Node will be replaced, at the end of the day, it is up to user preference.

Let us know what you think about Deno and Node.js! Which one do you prefer?

One more thing to note is that Codesphere fully supports Node.js and TypeScript and we are happy to introduce Deno support out of the box as well if there is a demand for it within our community. :)

Top comments (34)

Vincent Ha Vinh • Feb 26 '21

What’s up with the sandbox security problem ?

node was designed to ”leverage” javascript as a real language that can interact with the system.

By saying node opened a security breach, you re just saying every computer language is flawed.

Steven Guerrero • Feb 26 '21

It is not a thing that Node introduced, but it has been one of the most affected by far, with increasing numbers of malitious packages being published to NPM

The reality is that when using third party libraries nobody guarantees they are safe to use, so at least the sandbox gives you the option to debug these issues, something no other system (that I know of) has allowed you to do before

Simon Pfeiffer • Feb 27 '21

What I meant with the problem with node and security is that when we use NPM to install a package for our node app, we are not always aware of what is happening. It can in a sense do something unauthorized.
There has in the past been a scandal with NPM packages. If you want to read more on that: javascript.plainenglish.io/the-big....

Meanwhile, Deno does not rely on NPM at all.

Steven Trotter • Feb 28 '21

Potentially you could say this is a problem with all modern languages that Deno at least partially fixes. I mean how do I know if I run some random Python thing from github on my machine that it won't just remove all my documents on my computer other than it never has happened to me personally? Bad things have happened in Node though I understand, whether it's their fault or it's the fault of open source software doesn't matter. I could read all the code thoroughly but that's still no guarantee I'll catch everything (or even anything). Maybe Deno is genuinely breaking new ground here as with Deno I could deny it the security required to do so. Just because none of the other languages have acknowledged it doesn't mean it isn't a problem.

Roman Frolov • Mar 2 '21

I think it's less about criticizing Node.js or any other programming language, and more about highlighting a problem that Deno team addresses.

ProMikeCoder2020 • Feb 26 '21

Deno.is cleaelt the better choice. I just hope that the community adopts it so that we can use in production

Arthur Zhuk • Feb 27 '21

The community already adopted it.

ProMikeCoder2020 • Feb 27 '21

Not quite. The node community is many times larger

Arthur Zhuk • Feb 27 '21

That doesn't mean the community hasn't adopted it. What is your definition of community?

ProMikeCoder2020 • Feb 28 '21

Stackoverflow questions, youtube videos, articles, etc

Okiki Ojo • Mar 10 '21

What is required is community parity, so everything node supports you want node to support as well, for example a Gulp alternative on deno.

ProMikeCoder2020 • Mar 10 '21

But videos and stackoverflow questions on the core packages such as io and event system are necessary

Okiki Ojo • Mar 10 '21

Yeah, they are nesscarry but that isn't what people mean when they say they want community support, what they mean is that they want community parity between node and deno.

Simon Pfeiffer • Feb 27 '21

There's definitely room for growth in regards to spreading more awareness about the benefits of Deno!

Reaper • Feb 28 '21

I went through the syntax the base setup and while I like everything , I'm going to wait for a few more major releases before I start using it in prod.

The same applies for a lot of languages that I wish to try.
There's V , deno, even nim.

Though in case of nim , a lot of programmers already consider it a primary language, i think it'll get even more stable and i'm just waiting for that before I dive into it.

Roman Frolov • Mar 2 '21 • Edited

I've actually never tried nim, but now I'm very curious to give it a shot.

Reaper • Mar 2 '21

I wanted to try nim because of my requirement to build GUI apps and that's one languages that's kinda aiming towards being able to build customized native apps without configuring a lot.

As for V, the same reason applies and the developer has built a lot of things using V, there's a github alternative, there's a few compilers, tools, a package manager, the language's compiler itself is partially in V. So i'm rather impressed at the developer's work and wish to use it soon. Following that language quite closely, should probably help him but I really have 0 idea about actually writing compilers, could help him in the github alternative

Roman Frolov • Mar 2 '21

That sounds like an interesting project to work on and contribute to. Best of luck in your efforts! Writing language compilers is interesting. I used to work with blockchain VMs and had to interact with their languages on the opcode level. Interesting stuff.