Ryan Dahl’s Node.js regrets lead to Deno
In a recent presentation on his regrets about Node.js, Dahl cites security as a missed opportunity to make a server-side runtime that could be secure in certain situations. With Deno, there are several security goals:
- Opt-in access is enabled via flags:
- Security capabilities let users run untrusted utilities, like a linter.
- Arbitrary native functions are not to be bound into V8.
- System calls are done by message passing
- There are two native functions: send and recv.
- Easier auditing is enabled.
Binaries for Deno are in development and are expected in a couple of weeks. The prototype of Deno was built in Go, but Deno is being redone in Rust, to avoid potential conflicts between garbage collectors in Go and V8. Deno also has a C interface.
Other goals for Deno include:
- Import of only reference source code URLs. Remote code is fetched and cached on first execution and is not updated until code is run with the
- There is a single executable.
- Browser compatibility.
- Always dies on uncaught errors.
Where to download Deno
You can download the Deno code from GitHub.