5 Things Ryan Dahl Regrets About Node.js

Daily short news for you

Privacy Guides is a non-profit project aimed at providing users with insights into privacy rights, while also recommending best practices or tools to help reclaim privacy in the world of the Internet.

There are many great articles here, and I will take the example of three concepts that are often confused or misrepresented: Privacy, Security, and Anonymity. While many people who oppose privacy argue that a person does not need privacy if they have 'nothing to hide.' 'This is a dangerous misconception, as it creates the impression that those who demand privacy must be deviant, criminal, or wrongdoers.' - Why Privacy Matters.

» Read more
There is a wonderful place to learn, or if you're stuck in the thought that there's nothing left to learn, then the comments over at Hacker News are just for you.

Y Combinator - the company behind Hacker News focuses on venture capital investments for startups in Silicon Valley, so it’s no surprise that there are many brilliant minds commenting here. But their casual discussions provide us with keywords that can open up many new insights.

Don't believe it? Just scroll a bit, click on a post that matches your interests, check out the comments, and don’t forget to grab a cup of coffee next to you ☕️

» Read more
Just got played by my buddy Turso. The server suddenly crashed, and checking the logs revealed a lot of errors:

Operation was blocked LibsqlError: PROXY_ERROR: error executing a request on the primary
Suspicious, I went to the Turso admin panel and saw the statistics showing that I had executed over 500 million write commands!? At that moment, I was like, "What the heck? Am I being DDoSed? But there's no way I could have written 500 million."

Turso offers users free monthly limits of 1 billion read requests and 25 million write requests, yet I had written over 500 million. Does that seem unreasonable to everyone? 😆. But the server was down, and should I really spend money to get it back online? Roughly calculating, 500M would cost about $500.

After that, I went to the Discord channel seeking help, and very quickly someone came in to assist me, and just a few minutes later they informed me that the error was on their side and had restored the service for me. Truly, in the midst of misfortune, there’s good fortune; what I love most about this service is the quick support like this 🙏

» Read more

Introduction

Node.js was first introduced by Ryan Dahl in 2009. And 9 years later, it was also Ryan Dahl who brought another platform called Deno. Like Node, Deno provides a powerful server-side JavaScript runtime environment. In a 2018 video, Ryan Dahl gave a presentation on "10 Things I Regret About Node.js" just before announcing Deno.

So why was Deno created if Node.js was already good enough? In today's article, I would like to extract 5 things that Ryan Dahl regrets about doing/not doing with Node.js.

NPM and package.json

After going through many ups and downs, Node.js and npm are like a team that always goes together. npm is known as a repository of dependencies for Node. npm is a centralized and controlled repository.

Because of its centralization, npm has often become a target for attacks aimed at injecting malicious code into packages, such as the case of Popular NPM Package Hijacked to Publish Crypto-mining Malware or attacks aimed at deleting user data like Dev Sabotages Popular NPM Package to Protest Russian Invasion.

Npm came up with package.json, which is a file that records information such as the packages used, license information, repository, description, and many other seemingly unnecessary details.

node_modules

Have you ever heard the comparison of node_modules to a black hole in the universe? Or if you have about 10 Node.js projects on your machine, it means you're ready to have 10 more black holes.

node_modules is a directory created to store all the necessary packages for a project. It doesn't use a centralized storage called NODE_PATH, but instead stores them in each project. Even the father of Node.js admits that node_modules is an irreparable mistake and apologizes for it.

Promise

Node.js did not immediately embrace Promise from the beginning, as evidenced by many APIs in Node still using callbacks for handling asynchronous operations. Nowadays, Promise has become very powerful, especially when combined with async/await, and that is something the father of Node.js regrets but cannot easily fix.

Security

If you run a Node.js application, it will have full access to files/folders, networks, and environment variables. Obviously, this can be a security risk if you accidentally run a project that contains malicious code, or attackers can exploit this to compromise Node.js servers.

The Build System (GYP)

The father of Node.js shared that GYP is a very difficult tool to build with, but because V8 of Chrome initially used GYP, Chrome eventually removed it, leaving Node.js as the only user of GYP.

To perform tasks outside the Event Loop, we have to directly interact with V8 by building C++ Addons. Many people complained about this and suggested switching to a more user-friendly solution like the Foreign Function Interface (FFI), but unfortunately, he overlooked them.

He also shared that he didn't like libuv because it uses autotools!?

Conclusion

Some mistakes can be fixed, but some cannot. This article presents 5 mistakes that the father of Node.js shares with us to let us know what he regrets. But no matter what, Node.js has grown and has a solid position in the global community and industry.

References:

Premium

5 profound lessons

Every product comes with stories. The success of others is an inspiration for many to follow. 5 lessons learned have changed me forever. How about you? Click now!

View all