site summary: it is my intention to replace python with deno for many of programming needs. i will document how i go about doing that on this site.
what?
deno is a secure runtime for javascript and typescript. let’s pull this sentence apart and see why it’s exciting.
runtime: a runtime is a program that runs your code. like python3
for python programs, or node
for javascript programs. so, you might be thinking, when i already have node
, why do i need another runtime?
secure: node is a very popular javascript runtime, created by ryan dahl using v8
javascript runtime. v8
is the same javascript runtime that runs the javascript code on many browsers like chrome. however, as ry has said, there are a few issues with how node.js turned out.
Issues with node.js
that you may or may not have noticed:
node.js is not sandboxed. there is nothing stopping the code you downloaded off the internet wrecking havoc. eg: if you downloaded
even-more-left-pad
library from the internet and it ends up sending yourDocuments
folder to a nefarious actor, that would be a big “oops!” right. deno runtime prevents that by sandboxing any code it runs, and does not allow file, network access by default. if you think your program needs to connect to the network, you can say so by providing appropriate flags (eg:--allow-net
).node_modules
is great except where it is not- it almost sounds like a conspiracy to sell more hard disks. a 500mb directory of dependencies just for a tiny script to
_____
?. crazy! - so many transitive dependencies. who’s maintaining all of them? how can i trust them?
require()
isn’t standards based. it is a node weirdness. deno banishes therequire()
function.- node’s dependency management and resolution is a big mess (thankfully microsoft bought out npm in march of 2020. hopefully they can be better stewards of npm ecosystem than the old owners). deno throws this out and makes dependencies explicit. The import statement looks like this:
import { serve } from "https://deno.land/std@v0.36.0/http/server.ts";
.- we can import from a URL!
- it is clear what version we are using
- no
require()
. - the remote is retrieved and cached locally the first time it is used (
~/.deno/src
).
- it almost sounds like a conspiracy to sell more hard disks. a 500mb directory of dependencies just for a tiny script to
javascript is great, but typescript can be greater for some, especially if you are writing larger programs, and if you like the certainty of having stricter types and having a compiler take care of a certain class of errors for you. and since typescript is a superset of javascript, can we use ts and js together?
So what is deno?
- it is a binary ~15MB that is easy to install on most platforms eg:
brew install deno
- it is written in rust. the goal is to avoid certain classes of security holes introduced by undefined behavior in C and C++
- it can run both javascript and typescript out of the box
why?
- javascript has an actual standard
- v8 can run circles around python
- if you write code for browsers following the es6 modules syntax, the same would work with deno and vice-versa. it is possible to share code between server and client (.. that dreaded isomorphic code).
where?
wherever python is used today, especially:
- shell scripting
- scraping the web
- automation