5 Things Ryan Dahl Regrets About Node.js

Introduction

Node.js was first introduced by Ryan Dahl in 2009. And 9 years later, it was also Ryan Dahl who brought another platform called Deno. Like Node, Deno provides a powerful server-side JavaScript runtime environment. In a 2018 video, Ryan Dahl gave a presentation on "10 Things I Regret About Node.js" just before announcing Deno.

So why was Deno created if Node.js was already good enough? In today's article, I would like to extract 5 things that Ryan Dahl regrets about doing/not doing with Node.js.

NPM and package.json

After going through many ups and downs, Node.js and npm are like a team that always goes together. npm is known as a repository of dependencies for Node. npm is a centralized and controlled repository.

Because of its centralization, npm has often become a target for attacks aimed at injecting malicious code into packages, such as the case of Popular NPM Package Hijacked to Publish Crypto-mining Malware or attacks aimed at deleting user data like Dev Sabotages Popular NPM Package to Protest Russian Invasion.

Npm came up with package.json, which is a file that records information such as the packages used, license information, repository, description, and many other seemingly unnecessary details.

node_modules

Have you ever heard the comparison of node_modules to a black hole in the universe? Or if you have about 10 Node.js projects on your machine, it means you're ready to have 10 more black holes.

nodemodules is a directory created to store all the necessary packages for a project. It doesn't use a centralized storage called NODEPATH, but instead stores them in each project. Even the father of Node.js admits that node_modules is an irreparable mistake and apologizes for it.

Promise

Node.js did not immediately embrace Promise from the beginning, as evidenced by many APIs in Node still using callbacks for handling asynchronous operations. Nowadays, Promise has become very powerful, especially when combined with async/await, and that is something the father of Node.js regrets but cannot easily fix.

Security

If you run a Node.js application, it will have full access to files/folders, networks, and environment variables. Obviously, this can be a security risk if you accidentally run a project that contains malicious code, or attackers can exploit this to compromise Node.js servers.

The Build System (GYP)

The father of Node.js shared that GYP is a very difficult tool to build with, but because V8 of Chrome initially used GYP, Chrome eventually removed it, leaving Node.js as the only user of GYP.

To perform tasks outside the Event Loop, we have to directly interact with V8 by building C++ Addons. Many people complained about this and suggested switching to a more user-friendly solution like the Foreign Function Interface (FFI), but unfortunately, he overlooked them.

He also shared that he didn't like libuv because it uses autotools!?

Conclusion

Some mistakes can be fixed, but some cannot. This article presents 5 mistakes that the father of Node.js shares with us to let us know what he regrets. But no matter what, Node.js has grown and has a solid position in the global community and industry.

References: