Deno is a secure runtime for JavaScript and TypeScript(From the official website). A nice sentence isn’t it?
Then what is Node.js?
Node.js is also a JavaScript runtime built on Chrome's V8 JavaScript engine. (From the official Node.js website)
From the above statements can we say that both Deno and Node.js are the same? Yes it is.
So the developer who gave Node.js also developed Deno as an alternative.
Well Ryan Dhal the creator of Node.js has some regrets about it and Deno is simply the “better version of Node.js” with all the fixes.
So what did the developer of Node.js think was wrong with it?
What is wrong with Node.js?
The most important thing: nothing is wrong with Node.js and you should not switch just because Deno exists.
Node.js is used by thousands of developers and companies and it has a huge and stable ecosystem with a highly active community - Node.js isn’t going anywhere.
But there are a couple of weaknesses which could be improved but does not have much of an impact.
- Node.js focuses only on Javascript and does not use static types natively.
- The import syntax is very specific to Node.js and not what we know from the ES modules.
- It does not support modern Javascript features like Promises.
- It is not secure by default.
The last point is a tricky one and can be interpreted wrong.
Node.js allows you to build a secure application, there is no doubt in that.
But a node script doesn’t have a built-in security model. To be precise, by default, every Node script has full access to your file system, network and environment.
This makes Node.js very much flexible, but it also means tools like ESLint could anything with your files on your file system theoretically.
How does Deno fix these issues?
Deno can be used for the same things as Node.js. It can be used to build web servers as we did with Node.js and other utility scripts.
But Deno
- By default supports Typescript unlike Node.js - hence it is a Javascript and Typescript runtime.
- Uses ES modules import system instead of having its own.
- Embraces modern Javascript features like Promises.
- It is secure by default.
Let’s try this out
You can install Deno using
curl -fsSL https://deno.land/x/install/install.sh | sh
Typescript Support
You can write the usual Javascript script but can also switch to Typescript any point as Typescript compiler is provided by default.
let text: string;
text = “hello world”;
console.log(text);
This code would fail when executed with Node.js but works with Deno.
But this is totally optional, but if you want to use it, you don’t have to configure your custom Typescript project compilation flow.
ES Module Support
Node.js comes with its own module system
const http = require(‘http’);
But when it comes to modern web frameworks we are used to a different format
import {http} from ‘some_node_module’;
In addition, in Node projects we use npm to manage our project packages. This tool downloads them and stores them in node_modules directory.
This folder can easily become very large and it's already an important part of the Node.js design.
In Node.js when we create a web server we depend on Express.js and the web server would be something like
const express = require(‘express’);
const app = express();
Here the require imports the module from the node_modules directory.
But Deno simplifies it
import {serve} from ‘https://deno.land/std@0.50.0/http/server.ts’;
const server = serve({ port: 3000 });
This imports the serve function from the server.ts package from the web.
Deno automatically downloads and caches this package when it runs for the first time.
Modern Features
Deno supports modern Javascript features like Promises and async iterables out of the box.
To spin up a complete server
import {serve} from ‘https://deno.land/std@0.50.0/http/server.ts’;
const server = serve({ port: 3000 });
for await (const req of server) {
req.respond(“Hello world!!!”);
}
Also it eliminates the need to wrap await inside an async function.
Security
As mentioned, Deno has built-in security.
But this does not mean Deno applications are always secured.
This just means Deno application does not have control over your file system, network and environment.
For example when we run the application
deno run server.ts
Compile file:///home/sharein/Desktop/deno_samples/server.ts
Download https://deno.land/std@0.50.0/http/server.ts
.
.
.
Download https://deno.land/std@0.50.0/http/http_status.ts
Download https://deno.land/std@0.50.0/bytes/mod.ts
error: Uncaught PermissionDenied: network access to "0.0.0.0:3000", run again with the --allow-net flag
at unwrapResponse ($deno$/ops/dispatch_json.ts:43:11)
at Object.sendSync ($deno$/ops/dispatch_json.ts:72:10)
at Object.listen ($deno$/ops/net.ts:51:10)
at listen ($deno$/net.ts:152:22)
at serve (https://deno.land/std@0.50.0/http/server.ts:261:20)
at file:///home/sharein/Desktop/deno_samples/server.ts:3:16
The above error clearly specifies that we could not run our server without providing permission to access the network.
The scripts executes only when it is executed as
deno run --allow-net server.ts
In this case --allow-net
provides the permission to access the network, similarly you can provide permissions for read (--allow-read)
and write (--allow-write)
.
Conclusion
Should you switch to Deno, that’s totally up to you.
But Deno version 1.0 was released recently and just because it's a major release it does not mean it is production ready.
It is very new and under active development and now would be a time to dive into its package ecosystem.
We do not know if it would become a replacement of Node.js, only time can answer that.
Top comments (4)
Great post, the best part is this:
The most important thing: nothing is wrong with Node.js and you should not switch just because Deno exists.
That's gold :-) but OTOH deno does show promise and if you have a small and simple toy project to try it out then sure why not.
Nice article!
Just one tip for you
when you write the triple ticks you can add code highlighting by adding the language
like: ts, js, or bash
example:
I find it way easier to understand code when it is highlighted :)
Nice info!