sksharein

Posted on May 18, 2020

Deno - NextGen Node.js

#deno #node #javascript #typescript

Deno is a secure runtime for JavaScript and TypeScript(From the official website). A nice sentence isn’t it?

Then what is Node.js?

Node.js is also a JavaScript runtime built on Chrome's V8 JavaScript engine. (From the official Node.js website)

From the above statements can we say that both Deno and Node.js are the same? Yes it is.

So the developer who gave Node.js also developed Deno as an alternative.

Well Ryan Dhal the creator of Node.js has some regrets about it and Deno is simply the “better version of Node.js” with all the fixes.

So what did the developer of Node.js think was wrong with it?

What is wrong with Node.js?

The most important thing: nothing is wrong with Node.js and you should not switch just because Deno exists.

Node.js is used by thousands of developers and companies and it has a huge and stable ecosystem with a highly active community - Node.js isn’t going anywhere.

But there are a couple of weaknesses which could be improved but does not have much of an impact.

Node.js focuses only on Javascript and does not use static types natively.
The import syntax is very specific to Node.js and not what we know from the ES modules.
It does not support modern Javascript features like Promises.
It is not secure by default.

The last point is a tricky one and can be interpreted wrong.

Node.js allows you to build a secure application, there is no doubt in that.

But a node script doesn’t have a built-in security model. To be precise, by default, every Node script has full access to your file system, network and environment.

This makes Node.js very much flexible, but it also means tools like ESLint could anything with your files on your file system theoretically.

How does Deno fix these issues?

Deno can be used for the same things as Node.js. It can be used to build web servers as we did with Node.js and other utility scripts.

But Deno

By default supports Typescript unlike Node.js - hence it is a Javascript and Typescript runtime.
Uses ES modules import system instead of having its own.
Embraces modern Javascript features like Promises.
It is secure by default.

Let’s try this out

You can install Deno using
curl -fsSL https://deno.land/x/install/install.sh | sh

Typescript Support

You can write the usual Javascript script but can also switch to Typescript any point as Typescript compiler is provided by default.

let text: string;
text = “hello world”;
console.log(text);

This code would fail when executed with Node.js but works with Deno.
But this is totally optional, but if you want to use it, you don’t have to configure your custom Typescript project compilation flow.

ES Module Support

Node.js comes with its own module system

const http = require(‘http’);

But when it comes to modern web frameworks we are used to a different format

import {http} from ‘some_node_module’;

In addition, in Node projects we use npm to manage our project packages. This tool downloads them and stores them in node_modules directory.

This folder can easily become very large and it's already an important part of the Node.js design.

In Node.js when we create a web server we depend on Express.js and the web server would be something like

const express = require(‘express’);
const app = express();

Here the require imports the module from the node_modules directory.

But Deno simplifies it

import {serve} from ‘https://deno.land/std@0.50.0/http/server.ts’;
const server = serve({ port: 3000 });

This imports the serve function from the server.ts package from the web.

Deno automatically downloads and caches this package when it runs for the first time.

Modern Features

Deno supports modern Javascript features like Promises and async iterables out of the box.

To spin up a complete server

import {serve} from ‘https://deno.land/std@0.50.0/http/server.ts’;
const server = serve({ port: 3000 });
for await (const req of server) {
    req.respond(“Hello world!!!”);
}

Also it eliminates the need to wrap await inside an async function.

Security

As mentioned, Deno has built-in security.

But this does not mean Deno applications are always secured.

This just means Deno application does not have control over your file system, network and environment.
For example when we run the application
deno run server.ts

Compile file:///home/sharein/Desktop/deno_samples/server.ts
Download https://deno.land/std@0.50.0/http/server.ts
.
.
.
Download https://deno.land/std@0.50.0/http/http_status.ts
Download https://deno.land/std@0.50.0/bytes/mod.ts
error: Uncaught PermissionDenied: network access to "0.0.0.0:3000", run again with the --allow-net flag
    at unwrapResponse ($deno$/ops/dispatch_json.ts:43:11)
    at Object.sendSync ($deno$/ops/dispatch_json.ts:72:10)
    at Object.listen ($deno$/ops/net.ts:51:10)
    at listen ($deno$/net.ts:152:22)
    at serve (https://deno.land/std@0.50.0/http/server.ts:261:20)
    at file:///home/sharein/Desktop/deno_samples/server.ts:3:16

The above error clearly specifies that we could not run our server without providing permission to access the network.

The scripts executes only when it is executed as

deno run --allow-net server.ts

In this case --allow-net provides the permission to access the network, similarly you can provide permissions for read (--allow-read) and write (--allow-write).