Web technologies are growing so fast that we now have tons of modern tools and frameworks. Be it a choice of frontend, backend or database. Many developers have this big question - Which tech stack I should begin with?🤔
Sometimes we end up choosing the one we worked on before or language we are comfortable in. As human nature, we always stick to our comfort zone and that's where things start going wrong. This may include choosing a framework being overkill. Or, even worse, we pivot from our existing tech stack in the middle of a project and end up re-writing the code in a different language.🤦♂️
So, it's important to choose the right tech stack before starting a new project. With this post, I will help you with a thought process so that you could choose the best tech stack.
1. Getting the content
This is a three-part series. In this post, I will talk about various backend technologies such as Node.js, Java - Spring, Laravel - PHP and Python - Django. We will compare them on different aspects such as reliability, scalability, performance, security, developer's experience and most importantly cost of hosting. In the later posts, we will compare different frontend technologies and various databases. So, let's get going!
2. What is a backend?
In a nutshell, the backend has the code which runs on the server-side and is responsible for handling and managing storage, database and other resources. The backend is also called the data access layer of software.
One should always start with choosing the right backend. Because it acts as the backbone of your application. We have so many alternatives out there, we will cover some popular backend frameworks in this article and will see which one is appropriate for a given scenario.
Node.js uses asynchronous programming! Meaning, it is non-blocking. In other words, It does not wait for a resource to finish the job. It is immediately ready to take up the next request and gives a callback when it's done. Node.js runs like a rocket and it is very scalable.
When to use Node.js?
When your application is highly event-driven and performs lots of I/O operations. Also, when you have to make various API calls from the backend itself. Here in this scenario, you can leverage its non-blocking feature.
When NOT to use Node.js?
When you have a heavy algorithm or a job that consumes lots of CPU cycles. Because Node.js runs on a single thread just like client-side js, your application will be very inefficient for CPU intensive jobs.
4. Java - Spring Boot
Spring is a powerful, lightweight, and most popular framework which makes Java quicker, easier and safer to use. Spring boot helps you to build production-ready Spring-based applications. It serves 80% of everyone's needs for a modern web application. It is highly useful for creating stand-alone, production-grade applications with minimum effort.
When to use Spring Boot?
When your primary focus is security, maybe you want to write banking or financial applications. Where you cannot compromise with security, Spring boot will be the best option. As Java supports multithreading out of the box, it becomes a great choice for building complex and highly concurrent web applications.
When NOT to use Spring Boot?
Although, there are no limitations to the spring framework, it can serve all your needs. But, sometimes trivial apps which do not need heavy computation, spring as a backend will be an overkill. The only thing for saying no to Spring boot is that it's a bit complex and requires a lot of expertise.
5. PHP - Laravel
PHP is an old friend who introduced me to web development.🥺
Laravel is an open-source PHP framework. It follows an MVC (Model-View-Controller) architecture. Laravel makes life easier as it has so many developer-friendly features, one of them is query builder or ORM (Object-Relational Mapping). Before Laravel, it seemed like PHP is dying but now it is one of the competitive frameworks.
When to use Laravel?
When the time to market is the key, then Laravel is the best choice. Because it has so many salient features that make web development very fast as compared to other frameworks out there. Also, Laravel can be hosted on a shared hosting thus making it cheapest amongst all, so when time and cost is the key you should go with Laravel.
When NOT to use Laravel?
PHP is not considered much secure as compared to Spring and Node.js, however, Laravel prevents some of the basic attacks such as SQL injection and cross-site scripting attacks and adds an extra layer of security to it. But still, PHP is never recommended for applications where security is a must.
6. Python - Django
Django is a fast, secure and scalable high-level Python web framework. Django encourages rapid and clean application development. It takes care of much of the hassle of web development, so you can focus on writing your app without needing to reinvent the wheel.
When to use Django?
Since, Django is based on python it supports powerful machine learning libraries like PyTorch, NumPy, etc. Its computational and statistical capabilities make it the ideal platform for machine learning applications.
When NOT to use Django?
Django is not suitable for smaller projects with only a few features and requirements. Because it's a "Batteries included" framework, it has so much boilerplate code which small projects don't need. As a result, consuming unnecessary server processing time and bandwidth.
I hope you found the article insightful! We have discussed the four most popular backend frameworks and how to make the right choice.
And stay tuned for the next article of this series. In that, I will compare the most popular front-end frameworks so that you can make the right decision.
Please give your valuable feedback in the comment section, tell me what I missed about these frameworks.
Top comments (49)
Hello! can you link some article about PHP is insecure by default (not code, PHP as itself)?
PHP is not considered much secure as compared to Spring and Node.js. Thanks!
No hard feelings with PHP, I love it, but in order to make is secure we will have to add some extra code, which other frameworks already do out of the box. learnwebtutorials.com/php-is-insec...
Not about PHP! don't worry. I'm PHP, node and python developer and I think that all this problems are same on all languages (or very similar).
Java XSS - stackhawk.com/blog/java-xss/
Python/Django XSS - stackhawk.com/blog/django-xss-exam...
NodeJs XSS - stackhawk.com/blog/nodejs-xss-guid...
And PHP is a language, not a framework ;)
I'm really curious about security, and how can be PHP insecure as language it self, not with code examples of people that don't know how to code.
Hey! I think that statement can be actually true. Some time before some attacker hacked my server by uploading his php script and executing it by accessing it's url. I found out that this is a common scenario happening ofter with Wordpress plugins for example.
There is a reason why enterprise grade applications rely on spring framework.
This is silly, I think other languages/frameworks are equally prone to XSS etc. if you don't follow proper standards. Can't be used as an argument against PHP, especially not when you use a framework like Laravel.
Yes I agree, but PHP does not support security out of the box, a developer may need to write extra code in order to protect their applications. Happy to share that spring already has so many security features already built in.
Coming to Laravel, if you will compare libraries built for spring vs that built for Laravel are not that sophisticated and you can't rely on them in terms of application backdoor.
And just in case if there is a security findings there are active developers to fix for libraries in java as compared to that of PHP.
Composer dependency manager is relatively new. NPM shows warnings ans threats after installing any package aka 'npm audit'. Which is still work in progress for dependency management of PHP compaoser
Not sure if I agree, as far as I know Laravel has security features out of the box, I'm rarely hearing anyone complain that Laravel applications are unsafe. I've been a Java programmer in the past and yes, Spring and Spring Security are great, but complex, and arguably overkill for most web apps.
Not about Laravel, dependencies you use with PHP can be insecure, you must be using some extra libraries which are not built in with Laravel could be vulnerable however this is true for every framework which you said earlier. There is reason why enterprise grade applications use spring.
And that's what I mentioned in my article that spring could be overkill for trivial applications
Just for reference: cvedetails.com/vulnerability-list/...
And some vulnerabilities having no patch
Sorry, not convinced - the notion that PHP is insecure is based on outdated information, or on issues with WordPress plugins (WordPress does not equal PHP ...)
So what about the library that's responsible for one of the biggest security scares of the last decade? The name of that library is Log4J, a Java library that's being used in numerous Java applications, and within other Java libraries.
PHP or Laravel are in itself no less secure than any other programming language or framework, it all depends on knowledge of security basics and on common sense of the devs using it.
Thanks for the list - so it's immediately obvious that at least 95% of the vulnerabilities are in older versions (5.x or 6.x) - we're at version 8.x now. This also indicates that vulnerabilities are actively being addressed, as can be expected from a popular open source framework.
Conclusion is that PHP isn't in itself unsafe, and Java isn't by definition safe (and then I'm only talking about server side Java, of course client side Java is notorious for containing numerous security holes over the years).
You can write Crap code in a bunch of different languages, not just PHP. The Frameworks help with security and encourage best practices, but much is still left in the hands of the Dev. Also FYI, Symfony is more popular than Laravel in Europe.
PHP is not considered much secure as compared to Spring and Node.js
This statement is misleading and false, but thats ok. 💩
I think it's just for the click bait tbh 🙄
Knowing who to write secure native PHP is just part of knowing how to code.
Great job loved the article
p.s flask is also a pretty popular bavkend framework
Glad that you loved the article. Yes completely agree Flask is great!
Call me stupid but for me ASP MVC is my go to for backends. Since most of our customers are hosting their stuff on Azure I find this approach much easier. At least the Authentication and Authorization part is a no brainer. What do you think about it and what was the reason to not include it? :)
Yes I agree! I missed this, maybe in future articles I will mention
Not stupid at all. Maybe a bit of extra effort bc of the bloat of ASP/MVC environment but functionality speaking, I'd say your in a best spot
Golang + gorilla + docker is what I use. Small, light, fast and you get concurrency out of the box with goroutines.
What i like about this stack is that I can deploy it to the cloud (Google/AWS) or to my small foot print device (raspberry pi) so it's very flexible.
Thanks for sharing, I will surely give my hands on Golang
As some people mentioned in the comments, we need to talk more about ASP .NET 6 and Go. ASP is cross platform, running on Linux, and C# is getting much easier to write, I'd say it's as good as Kotlin. Go is relatively easy to write, I'd say as easy as Python, and you can get so much performance out of it. If you use Node.js, look up Fiber, an Express.js inspired framework that's among the top ranks of TechEmpower bench marks, right along with ASP .NET. We don't need to conform to using interpreted languages. We can build more powerful apps with newer languages.
That's great! I will check out ASP.net and Go surely.
how come no love for .net? it's one of the most performant and easy to work with backend technologies in the industry 😁
Tbh, I have no hands on .net, that's why I didn't mentioned it, maybe surely in future articles I will mention after trying on
thought as much. i have a
dotnet noobfriendly article on dev if you're interested in trying new things ;-)
Thanks for sharing, I will checkout definitely.
Sure thanks, I will
Loved it. I didn't see asp.net or C#. I want to learn C# for web dev but don't know if it's worth learning. So if you can include that in this post too then it will be very helpful.
Although it's an amazing post! ❤️
Sure, I will do my research and try to include.
Choosing the right framework is all about experience.
Just kidding, Nice article
I agree :)
The first article that says the truth about Spring, I love Java in the backend, Spring is the best but for things very big but I developed an small project based in the sales using Spring but I didn't think in the CPU... Thanks a lot... Great Article.
Glad you liked!
Yes Agree! However, there are various technologies good for different use case
Favorite part of this article 'cause 💯 relatable
So, in summary: Node if you want fast & simple operations, Spring if you need security, Laravel if you want a fast developement and Django if you want to add machine learning features (?)
Laravel actually has a slow deployment, I considered Laravel for cheap shared hosting, however it is recommended to host Laravel on VPS, but it he hosted on shared hosting with some patch.
Fun fact: Your non-PHP code may not secured compared to well-secured PHP code.
Do you know which framework DEV is using? Popular and extremely productive... DEV, GitHub, GitLab, Shopify, Codecademy, Exercism, CodePen, ... :)