Node.js creator delivers Deno 1.0, a new runtime that fixes 'design mistakes in Node'

Please help us rewrite the TypeScript compiler in Rust

36 Reg comments Got Tips?

Ryan Dahl, Bert Belder and Bartek Iwańczuk have slid open the doors to Deno 1.0, the first production release of a new runtime for running TypeScript and JavaScript outside a web browser.

Dahl was the original creator of Node, which was focused on event-driven HTTP servers. Deno is not a fork of node but a new runtime. “Due to the large number of users that Node has, it is difficult and slow to evolve the system,” the team explained this week.

In June 2018, Dahl spoke about design mistakes in Node. He said that Node seemed in good shape when he stepped away from the project in 2012, but this was “so wrong.” He added: “I see the bugs that I made, design mistakes made that just cannot be corrected now.”

Among his regrets were not using JavaScript Promises, which were added to Node in 2009 but removed in 2010. “I foolishly removed them,” he said, and as a result many Node async APIs are “aging badly.” Another regret is security and the lack of a Node sandbox. The build system using GYP (Generate Your Projects) is “an awful experience for users,” he said.

Node wraps GYP and this introduces unnecessary complexity. Baking NPM (Node Package Manager) into Node was another issue. Node modules were a mistake, he said, and become too big and complex. “It’s my fault, and unfortunately it’s impossible to undo now,” he said.

These frustrations led to the new effort, called Deno (if you shuffle the letters about you get something familiar), based on “what would be a nice server side JavaScript runtime these days.” It is built on V8 (the JavaScript engine used by Chromium and Node.js) but unlike Node, takes advantage of the V8 sandbox for security. There is no file, network or environment access unless explicitly enabled.

A Deno web server in three lines of code (well, with a hefty import)

A Deno web server in three lines of code (well, with a hefty import)

Deno also uses Rust. Deno_core is a Rust crate that anyone can use to embed a JavaScript runtime into Rust, and Deno is built on deno_core. Another crate, rusty_v8, provides Rust bindings to the V8 C++ API; it “attempts to be a safe interface” but is not yet 100 per cent safe. “Being able to interact with a VM as complex as V8 in a safe way is quite amazing and has allowed us to discover many difficult bugs in Deno itself,” the release post explained.

Scheduling is handled by Tokio, an asynchronous runtime for Rust. Another key component is TypeScript, which is the primary language in Deno. You can run a TypeScript file directly; there is no need to compile it to JavaScript, as we demonstrated by slightly adapting the demo in the post and running a Deno webserver in three lines of code.

Deno architecture

Deno architecture

Deno is not compatible with Node packages, though there is a “nascent compatibility layer,” and the authors expect many Node applications to run out of the box eventually. Performance is currently both better and worse than Node. A Node program can do more requests per second, but with “erratic max latency,” said the team, whereas a hello world Deno server has a max latency of 1.3 milliseconds (on some unspecified hardware), for example. Unlike Node, Deno's asynchronous sockets are "fundamentally tied to promises" even at the lowest layer, said the team.

Although labelled 1.0, this is early days, and some parts of Deno’s API are marked unstable. In addition, Deno’s standard modules are not yet stable, according to the docs. The team also says that the TypeScript compiler, used internally, is very slow. The intention is to port the TypeScript compiler to Rust, though this is a big project. If done, it would be helpful for all TypeScript developers; and the Deno team is appealing for help.

It's early days, but there is plenty of interest in Deno. “Deno solves many Node.js problems,” said consultant Amine Ait Aazizi on Twitter. “TypeScript bult-in, more complete standard library, no package manager, secure by default.”

Node is not going anywhere, but this should do well. ®


Biting the hand that feeds IT © 1998–2020