Node.js Digest #12: State of JavaScript 2023, Node.js vs Bun, NPM under attack
Hello, Node.js community! Here is Oleksandr Zinevych, Engineering Director at Avenga, with a new digest. The heat outside is incredible, so let's dive into the latest news from the Node.js world.??
Highlights
?? Traditional updates: Node.js v22.4.1, Node.js v20.15.1, Node.js v18.20.4, which can sometimes be hard to keep up with.
?? The pnpm team has added their version of Yarn Workspace called Catalogues in the new 9.5 version.
?? Vercel is adding default streaming support for all Node.js Vercel Functions.
?? Updates for Deno v1.45.0. You can check out all the changes here.
Finally, Here – State of JavaScript 2023
Six months – enough time to hold elections in France, organize the Olympic Games, or develop a COVID-19 vaccine (and then recall it a couple of years later, haha). That's how long it took the authors of State of JavaScript 2023 to summarize, create beautiful charts, and share with the community that (SPOILER) JS is more alive than ever, but the excitement is weakening.
Since JavaScript is still primarily used for frontend development, many questions focused on that experience, but the server side was also covered. You can check out the full results here.
Interesting and Expected Insights:
Among hosting services, AWS remains the leader, slowly being caught up by Vercel and GitHub Pages.
On the backend, Express is still the leader among all frameworks used. This could be because a lot of code is written using this framework, which is suitable for small applications. Express is flexible and has a long-standing community that has done an exceptional job stabilizing and optimizing it.
Node.js remains the primary JavaScript runtime environment, surpassing even the browser, which is expected given the trend towards various server-side architectural solutions. Bun has surpassed Deno due to hype or because it's a better tool – we'll see in the next survey. For now, Bun is the most interesting environment in the community, with the most mentions in respondents' detailed answers.
TypeScript is extremely popular and used much more frequently than pure JavaScript, an expected observation many in the community see on their projects today.
These are just some of the facts that caught my attention. Also on the same topic, you can see a brief overview of the results from Theo Browne:
SQLite Built-in
As I mentioned in previous digests, all new server-side JavaScript environments may not capture significant market share or achieve Node.js' long-standing popularity. Still, they will bring new ideas and solutions to server-side JavaScript, which others, including Node.js, will potentially adopt. A discussion started on the official Node.js GitHub repository about whether to implement full SQLite support as Bun has done. After a lengthy discussion, no strong objections were voiced. The PR with these changes has been merged, though the functionality is still raw and needs refinement. However, the work is ongoing, and we will soon see full SQLite support in Node.js.
New Round in Bun vs Node.js Battle
For most readers, it's no secret that one of Bun's main marketing point was its incredible speed compared to Node.js. When the first production-ready version of Bun was released, examples of its speed appeared on their official website and other platforms, predicting Node.js's coming demise. Over time, other information showed Bun was only sometimes significantly faster than Node.js. Sometimes, the speed improvement could have been more marginal or non-existent. Time passes, and Bun's developers continue to emphasize optimization and speed. Recently, Daniel Lemire described an interesting case on platform X where Bun showed much better performance than Node.js when decoding a Base64 string, despite both using the simdutf library (authored by Lemire himself). The intriguing part is that Node.js's slower performance is due to its interaction with V8 and additional abstraction layers that slow it down. It is an exciting case with insightful thoughts from the author.
How to Earn Money?
领英推荐
I won't give you the answer to this question, but the author of the ua-parser-js library might. He suddenly decided to change the licensing and earn money from those 12 million weekly downloads. Matteo Collina wrote a blog post about this and created a fork of the library, which can still be used for free. Many projects use this library, and such a sharp change will affect them, so be prepared to update.
Vulnerable npm
It's a tradition in my digests to write about security issues in npm. Usually, these are problems with specific packages and developers needing to pay attention to what they use. However, this time, the situation is more interesting. The Lupin & Holmes team found a vulnerability that could temporarily make any npm package unavailable. GitHub thanked them and awarded $500 for the find, with a comment that GitHub was already aware of this npm vulnerability. Known or not, if a popular npm package becomes unavailable even for a short time, it will cause many problems for numerous projects. You can read more about the find and its importance here.
Reading Recommendations:
?? If you haven't worked with Vercel Functions and don't quite understand how they work and what they're for, check out the overview in Vercel's official blog.
?? Many of you are familiar with approaches to building distributed systems, but revisiting concepts you don't encounter daily is always a good idea.
?? Heard of PASETO? How is it different from JWT? If not, it's time to get acquainted.
?? I always enjoy reading about how large companies solve technical challenges. This time, it's about Slack's fight against compromised cookies.
?? Although Express is a leader among server frameworks, it doesn't meet all project needs and user demands, sometimes necessitating a switch to another framework. Tom MacWright shared part 1 of his story on why they moved to Fastify.
?? ESLint is gaining momentum and starting a new development vector. Check out what's changed and what's coming in the official company blog.
?? Eric Allam talks about his team's struggle with Even Loop.
?? Waldek Mastykarz writes in his blog about creating an npm module with CommonJS, ESM, and TypeScript support.
Watch Recommendations:
?? Luca Mezzalira talks about thinking correctly in the Serverless paradigm:
?? Is npm safe? New video by Theo Browne:
?? Concurrency vs Parallelism – do you understand these concepts well? A short video by ByteByteGo explains both:
?? A reality show about what kind of application can be created with 30 minutes of planning and 4 hours of development. Not directly related to Node.js, but the format is interesting:
?? A bit about the Polyfill attack that shook the web community. Highly recommend watching a short overview of what happened and why it's important to pay attention to what you use in your applications:
?? Modern cloud-based services and the functionality they provide offer many advantages, but there are also significant drawbacks. Some thoughts on this topic in the following video:
?? A bit about Drizzle ORM on the Web Dev Cody channel:
?? More on System Design, specifically about Distributed Priority Queue:
Library of the Month
This month, we have a library that provides excellent performance. How often have you had to convert JSON to a regular string? For typical everyday tasks, you can use JSON.stringify(), but if performance is critical, the fast-json-stringify library comes to the rescue. You can read about why this library is great and why you should consider using it today.
That's all for now. Leave your comments, share the digest with friends, and ask questions if you have any. See you in the next issues! ??