5 Things Ryan Dahl Regrets About Node.js

5 Things Ryan Dahl Regrets About Node.js

Daily short news for you
  • Just a small change on the Node.js homepage has stirred the community. Specifically, when you visit the homepage nodejs.org, you will see a button "Get security support for Node.js 18 and below" right below the "Download" button. What’s notable is that it leads to an external website outside of Node.js, discussing a service that provides security solutions for older Node.js versions, which no longer receive security updates. It even stands out more than the Download button.

    The community has condemned this action, stating that it feels a bit "excessive," and suggested consulting them before making such decisions. On the Node side, they argue that this is appropriate as it is from a very significant sponsoring partner. As of now, the link still exists. Let's wait to see what happens next.

    » Read more
  • A rather interesting article analyzes the behavior between humans and bots to create a tool that distinguishes between humans and bots in cyberspace.

    Proof of Human. Creating the invisible Turing Test for the Internet

    » Read more
  • Not to be outdone, Google recently introduced Gemini CLI - a type of AI agent similar to Codex or Claude Code.

    What’s notable is that they offer up to... 1000 queries for free each day. That’s quite a lot. Additionally, they have open-sourced this project to ensure transparency, learning, and research 🤓

    » Read more

Introduction

Node.js was first introduced by Ryan Dahl in 2009. And 9 years later, it was also Ryan Dahl who brought another platform called Deno. Like Node, Deno provides a powerful server-side JavaScript runtime environment. In a 2018 video, Ryan Dahl gave a presentation on "10 Things I Regret About Node.js" just before announcing Deno.

So why was Deno created if Node.js was already good enough? In today's article, I would like to extract 5 things that Ryan Dahl regrets about doing/not doing with Node.js.

NPM and package.json

NPM & package.json

After going through many ups and downs, Node.js and npm are like a team that always goes together. npm is known as a repository of dependencies for Node. npm is a centralized and controlled repository.

Because of its centralization, npm has often become a target for attacks aimed at injecting malicious code into packages, such as the case of Popular NPM Package Hijacked to Publish Crypto-mining Malware or attacks aimed at deleting user data like Dev Sabotages Popular NPM Package to Protest Russian Invasion.

Npm came up with package.json, which is a file that records information such as the packages used, license information, repository, description, and many other seemingly unnecessary details.

node_modules

node_modules black hole

Have you ever heard the comparison of node_modules to a black hole in the universe? Or if you have about 10 Node.js projects on your machine, it means you're ready to have 10 more black holes.

node_modules is a directory created to store all the necessary packages for a project. It doesn't use a centralized storage called NODE_PATH, but instead stores them in each project. Even the father of Node.js admits that node_modules is an irreparable mistake and apologizes for it.

Promise

Javascript Promise

Node.js did not immediately embrace Promise from the beginning, as evidenced by many APIs in Node still using callbacks for handling asynchronous operations. Nowadays, Promise has become very powerful, especially when combined with async/await, and that is something the father of Node.js regrets but cannot easily fix.

Security

Node.js security

If you run a Node.js application, it will have full access to files/folders, networks, and environment variables. Obviously, this can be a security risk if you accidentally run a project that contains malicious code, or attackers can exploit this to compromise Node.js servers.

The Build System (GYP)

GYP

The father of Node.js shared that GYP is a very difficult tool to build with, but because V8 of Chrome initially used GYP, Chrome eventually removed it, leaving Node.js as the only user of GYP.

To perform tasks outside the Event Loop, we have to directly interact with V8 by building C++ Addons. Many people complained about this and suggested switching to a more user-friendly solution like the Foreign Function Interface (FFI), but unfortunately, he overlooked them.

He also shared that he didn't like libuv because it uses autotools!?

Conclusion

Some mistakes can be fixed, but some cannot. This article presents 5 mistakes that the father of Node.js shares with us to let us know what he regrets. But no matter what, Node.js has grown and has a solid position in the global community and industry.

References:

Premium
Hello

The secret stack of Blog

As a developer, are you curious about the technology secrets or the technical debts of this blog? All secrets will be revealed in the article below. What are you waiting for, click now!

As a developer, are you curious about the technology secrets or the technical debts of this blog? All secrets will be revealed in the article below. What are you waiting for, click now!

View all

Subscribe to receive new article notifications

or
* The summary newsletter is sent every 1-2 weeks, cancel anytime.

Comments (3)

Leave a comment...
Avatar
Thành Đỗ2 years ago

Có một sự thật là Ryan đã khắc phục tất cả vấn đề trên với Deno. Mà de-no <=> no-de 😁

Reply
Avatar
Long Domi2 years ago

Cái node gyp kia luôn là ác mộng, lúc build lỗi ấy

Reply
Avatar
Vũ Mạnh Đức2 years ago

Node_modules so sánh với black hole hài hước

Reply