DEV Community

Samuel Willows
Samuel Willows

Posted on

The Problems with Modern Web Development

Before I critique modern web development, I want to make some points:

  • I'm not discouraging anybody from web development.
  • This is only my opinion and my experience of the story.
  • Everyone has their own story.

Part 1. Javascript

JavaScript is known for being the web's language. It's used everywhere in the web, and can also be used to make external applications outside of web development. JavaScript has many flaws in its language, such as its comparison logic. JavaScript uses the "strict equality operator" that tries to solve its weird type coercions (e.g [] == ![] being true). Another flaw is that JavaScript has poor maintainability. JavaScript has a poorly managed type system that introduces errors without proper error handling. You cannot explicitly define what error you're trying to catch in the try-catch statement.

try {
    functionThatThrowsError()
} catch (error) {
    console.error(error);
    if (error instanceof MyError) {
        doSomething();
    }
}
Enter fullscreen mode Exit fullscreen mode

instead of modern languages:

try {
    functionThatThrowsError()
} catch (e: MyError) {
    print!("error: ${e.message}")
}
Enter fullscreen mode Exit fullscreen mode

This adds complexity to try-catch statements and makes it almost impossible to handle errors in a robust manner. Another issue with JavaScript's maintainability is the wording of the language. JavaScript has two keywords called undefined and null. In practice these should mean the same thing but it doesn't. An undefined variable is an uninitialized variable, or a function that doesn't return anything.

Undefined:

// Returns undefined
function getName() {}

// syntactically correct in JavaScript
// but will cause undefined 
console.log(getName());

const myCoolObject = {};
console.log(myCoolObject.property); // still syntactically correct in JavaScript even though the property doesn't exist.
Enter fullscreen mode Exit fullscreen mode

Null:

// Returns a null name
function getName() {
   return null;
}

// output: null
console.log(getName());

const myCoolObject = {
   property: null
};
console.log(myCoolObject.property); //output: null
Enter fullscreen mode Exit fullscreen mode

Relying on these behaviors can cause your application or library to return unexpected results, leaving the code's true intent implicit.

I'm not going to cover all the flaws of JavaScript into this one post, see more at Geeksforgeeks.

Part 2. Ecosystem & Frameworks

JavaScript is most notably known for having one of the largest ecosystems in the entire world. This ecosystem does come with a couple of concerns. One major concern is the severity of CVEs (Common Vulnerabilities and Exposures) JavaScript produces. One great example is CVE-2025-55182 which is:

"A pre-authentication remote code execution vulnerability exists in React Server Components versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 including the following packages: react-server-dom-parcel, react-server-dom-turbopack, and react-server-dom-webpack. The vulnerable code unsafely deserializes payloads from HTTP requests to Server Function endpoints."

credit: opencve

Updating packages can solve this issue but on large enterprise applications, doing so could break code.
Besides the ecosystem's security flaws, there are some awesome frameworks such as:

  • React (as mentioned)
  • Vue
  • Astro
  • Svelte

Personally, I use Vue because I like how fast and minimal it is. Vue brings other tools such as sass, postcss, typescript without reducing performance. But these other options are respected in the community.

Runtime & Package managers

Runtime is a critical part of web development. Depending on what runtime or framework you use, you may experience less performance or more. But even with optimized code, JavaScript has to painfully compile itself through a runtime like NodeJS. With lots of libraries and bad unoptimized DOM manipulation JavaScript can become really slow very fast.

A JavaScript package manager is how you can install dependencies in your application. Some examples may include:

  • NPM
  • Yarn
  • Deno (w/ cross-compatibility)

NPM (Node package manager) is the flagship package manager for Node applications. Yarn is an alternative to NPM which offers faster speed & load times. Deno is a runtime but can still be a package manager since 2.0 that provides NPM integration. Deno allows you to store cache globally, not utilizing a node_modules directory. When using any alternative package manager you are not dodging NPM vulnerabilities; you are still able to get affected.

Conclusion

Critiquing Javascript (and it's tools) isn’t about tearing them down, it’s about understanding their limitations so we can write better & more secure software.

What about you? What has your experience been like dealing with JavaScript's quirks or ecosystem vulnerabilities? Let me know in the comments below—I'd love to hear your story!

Top comments (0)