DEV Community

Kaushik Thirthappa for Spike.sh

Posted on

Excerpt of 7 regrets from creator of Deno about Node.js

This post has been copied from the YouTube comment with some edits.

1. 🤷‍♂️ No Promises

  • Promises were added in June 2009 but removed "foolishly" in Feb 2010
  • Promises are the necessary abstraction for async/await.
  • It's possible unified usage of promises in Node would have sped the delivery of the eventual standardization and async/await.

2. 👮‍♀️ Security

  • V8 by itself is a very good security sandbox
  • Node apps outside of the browser shouldn't need to have all the permissions like writing to disk and network.
  • Example: Your linter shouldn't get complete access to your computer and network.

3. 👷‍♀️ The Build System (GYP)

  • Build systems are very difficult and very important.
  • V8 (via Chrome) started using GYP and Node uses the same.
  • Later Chrome dropped GYP for GN. Leaving Node the sole GYP user.
  • GYP is not an ugly internal interface either - it is exposed to anyone who's trying to bind to V8.
  • It's an awful experience for users. It's this non-JSON, Python adaptation of JSON.
  • The continued usage of GYP is the probably largest failure of Node core because there are just too many wrappers to make it work.
  • Instead of guiding users to write C++ bindings to V8, I should have provided a core foreign function interface (FFI)

4. 🗄 Package.json

  • Isaac, in NPM, invented package.json (for the most part)
  • But I sanctioned it by allowing Node's require() to inspect package.json files for "main"
  • NPM in node distribution means it is the de-facto standard now. Also remember, NPM, a centralized repository is now privately controlled.
  • package.json now includes all sorts of unnecessary information. License? Repository? Description? It's boilerplate noise.
  • If only relative files and URLs were used when importing, the path defines the version. There is no need to list dependencies.

Too much boilerplate noise

5. 🗃 node_modules

  • Complicated module resolution algorithm.
  • vendored-by-default has good intentions, but in practice just using $NODE_PATH wouldn't have precluded that.
  • Deviates greatly from browser semantics. can't undo now

Node modules is so freaking heavy

6. 🧩 require("module") without ".js" extension

  • Needlessly less explicit.
  • Not how browser javascript works. You cannot omit the ".js" in a script tag src attribute.
  • The module loader has to query the file system at multiple locations trying to guess what the user intended.

7. 🧟‍♂️ index.js

  • Inspired from index.html and though index.js is cute. A default file to be loaded might reduce complexity but...
  • It needlessly complicated the module loading system.
  • It became especially unnecessary after require supported package.json

If you think something is kinda cute and not completely necessary then don't add it. This comes with experience.

Ryan Dahl created Deno with all the above things kept in mind. Deno is focused on security without having to give access to everything, kept simple, comes with Typescript enabled.

This is Ryan's talk 👉

Top comments (0)