Ryan Dahl explains why Deno had to evolve with version 2.0

Podcast Summary

• Dino evolution: Dino 2 introduces NPM compatibility, workspace support, and JSR for managing complex projects while maintaining ease of use for small scripts

  Dino, a simplified JavaScript runtime created by Ryan Dahl as a response to the complexities of Node.js, is evolving with the release of Dino 2 to better support larger projects. While Dino 1 shines in handling small scripts with its decentralized module system and ease of use, it lacks the necessary features for managing complex projects at scale. To address this, Dino 2 introduces NPM compatibility, workspace support for mono repos, and a new simple publishing system called JSR. This balance between simplifying code for small projects and scaling up for larger ones is a significant focus for Dino's development.

• Dino's focus on stability and security: Dino 2 prioritizes stability and security, offering secured-by-default behavior, long-term support, and a predictable development environment, reducing the need for random third-party dependencies.

  Dino, a software project, has evolved to become more stable and enterprise-ready, with a focus on security and long-term support. This includes the addition of secured-by-default behavior, the release of a long-term LTS version, and the stabilization of the standard library and APIs. The maturity of the software allows for better building and less frequent changes, which is important for developers. NPM support was added about 18 months ago, but implementing it fully is a complex process. The emphasis on stability and security adds value to the system by reducing the need for pulling in random third-party dependencies and providing a predictable development environment. This approach helps to address the concerns of developers who dislike frequent changes and breaking updates. Overall, Dino 2 is a more robust and reliable platform for building projects, with a commitment to maintaining its stability and security.

• Dino's approach to NPM package security: Dino maintains NPM package compatibility in a secure sandboxed environment by implementing Node.js APIs with its security model and only allowing outbound HTTP requests through built-in Node.js clients. However, it's important to note that while Dino offers added security, it may not be perfect and certain permissions, like running post-install scripts, may be necessary for some applications.

  Dino, a new Node.js runtime, has achieved high compatibility with NPM packages while maintaining a secure sandboxed environment. This is accomplished by implementing the Node.js APIs with the same Dino security model. Dino's secure-by-default permission system ensures that when you allow network access, outbound HTTP requests can be made using built-in Node.js clients. This applies to NPM modules as well since they are built on top of Node.js APIs. However, it's important to note that while Dino offers a sandboxed environment, it's not perfect. For many applications, such as server-side JavaScript, interacting with the operating system is necessary. In such cases, giving the "allow all" permission is required. Another concern is the post-install scripts that can be run when adding an NPM dependency to a package. These scripts can have unrestricted access, posing a potential security risk. Dino's philosophy is to not run these scripts unless explicitly granted access. This added layer of security is particularly important when dealing with third-party dependencies, which often cannot be audited. Overall, Dino's approach to maintaining a secure sandboxed environment while ensuring compatibility with NPM packages is a significant step forward in addressing the security concerns associated with running Node.js applications.

• Dino framework security: Dino prioritizes security over ease of use, requiring explicit permissions and command line flags, and utilizes Rust for its native components for scalability and performance improvements.

  Dino, a popular Node.js framework, prioritizes security and control over ease of use. This means that users must explicitly grant permission for certain scripts to run and may need to add flags to their command lines. While this creates some incompatibility and requires more verbosity, it helps prevent potential security vulnerabilities. Additionally, Dino has focused on performance improvements, utilizing V8's fast call API to minimize the transition between JavaScript and native code. Rust, which is the language Dino uses for its native components, has been a successful choice for the project due to its scalability and the team's growing admiration for the language. Despite initially considering C++, the team ultimately chose Rust due to its potential and the positive experiences of other developers. Overall, Dino's commitment to security, performance, and the use of Rust sets it apart from other frameworks.

• Rust and AWS integrations: Rust offers faster development and deeper control over CPU execution compared to Node.js in server-side JavaScript projects, and its ecosystem provides powerful infrastructure and APIs for seamless AWS integrations.

  Rust and the ecosystem surrounding it offer significant advantages when building projects, particularly those involving server-side JavaScript and AWS integrations. The comparison to different distributions of V8, such as Dino and Node, holds merit, as Rust allows for faster development and deeper control over CPU execution. The Rust ecosystem's powerful infrastructure from Kratio and APIs that enable seamless connections to AWS are invaluable, making the development process more enjoyable and efficient compared to Node.js. The web's dominance as a platform for human infrastructure further emphasizes the importance of JavaScript, and the future of server-side JavaScript, with technologies like Node and serverless computing, is still evolving. The company's philosophy is grounded in the belief that JavaScript's ubiquity and future potential make it a valuable investment, and the use of Rust and its ecosystem is seen as a means to enhance and expand upon the capabilities of JavaScript.

• JavaScript infrastructure improvements: Deno is enhancing JavaScript infrastructure with projects like Dino, JSR, and Deno Deploy to streamline development, reduce boilerplate, and simplify distribution and production

  JavaScript, along with other scripting languages like Python, Ruby, and TypeScript, is well-suited for building business logic in websites and services due to its fast development time and garbage collection. The team at Deno is working on improving JavaScript infrastructure through projects like Dino, JSR, and Deno Deploy, with a focus on reducing boilerplate and simplifying distribution and production. JavaScript may not be ideal for every use case, such as building databases or operating systems, but for many applications, its ease of use and flexibility make it a top choice. Additionally, a great answer on Stack Overflow by Hugo G explained how to declare and use Boolean variables in shell script.