Where TypeScript Excels
In this podcast, we discussed the evolution of one of the most in-demand programming languages by employers today, and what’s next for TypeScript in cloud infrastructure management. We spoke with Ryan Cavanaugh, a principal software engineering manager for Microsoft; Luke Hoban, chief technology officer for Pulumi, who was one of the original creators of TypeScript, and; Daniel Rosenwasser, senior program manager, Microsoft.
The interviews were taken from an episode of The New Stack Makers podcast, recorded earlier this year by TNS editors Darryl Taft and Joab Jackson.
Watch our recap here and our lightly edited transcript of the video:
Williams: But why types? You would think maybe it is a security matter. We think about security all the time these days. But it really wasn’t about that. It was really about data corruption.
Williams: Without types, there could be inadvertent issues that arise. For example:
Ryan Cavanaugh, Microsoft: For example, you can call parseInt() and give it a number and that number will be converted to a string and then back into a number. And you might think that it’s a fine thing to do but there are hostile inputs that can show up here that will not round trip correctly.
Williams: But how do you even trust the types themselves?
Daniel Rosenwasser, Microsoft: There’s an effort called trusted types, where basically, your server says to the client, hey, I want you to validate that anytime that you’re about to put something into a slot in HTML, that needs to be a valid ID string in some capacity. So, TypeScript doesn’t help in that capacity directly because that must be runtime enforced. You need to basically make sure that you’re not just arbitrarily putting a chunk of untrusted stuff onto the page. But TypeScript provides solid tooling early if you’re able to leverage that. If you’re able to say in each of these places on the page: I need to take a trusted string instead of an actual string. Well, TypeScipt supplements the experience because the actual enforcement is in your browser, but you get a hint at a run when you’re editing in your IDE, or editor or whatever, with a little red squiggle saying: “No, you’re putting an arbitrary string here, but I need something that’s actually validated before you do that.” So, security is not really the primary thing. But TypeScript does provide a better experience to some guidelines to help guide you away from some of the pitfalls that you might encounter.
Williams: Today, any number of services are built with TypeScript, check out this perspective.
Rosenwasser: There’s also this effort within Microsoft called Fluid Framework, where you can get something like Figma, or the collaborative editing in Docs, or Word or whatever that you use. And that’s written in TypeScript. That’s a pretty cool use to see like a lot of these newer ideas of opening up new paradigms for people and lowering the barrier to entry is going to have TypeScript as a first-class citizen. And those apps will probably be written in TypeScript because the complexity is required in some cases. And then you see, Google’s got TypeScript as a first-class citizen now. I think most, if not all new projects at Google are using TypeScript, Dropbox. It’s hard because whenever I think about this list, I question, who am I forgetting? I mean who is not using TypeScript.
Williams: And now comes the next frontier for TypeScript: the realm of cloud infrastructure management, coming from the co-creator himself.
Hoban: Languages and in particular, TypeScript, are valuable for cloud infrastructure where folks may be used to managing a handful of things; like small scripts in the web browser. Now they’re managing 10s of 1000s of resources; those things are changing quickly. They’ve got real software complexity you’ve got to manage. And so, bringing those languages into the infrastructure and cloud management space is increasingly important for organizations that want to get the most value out of the cloud platform.
Williams: Types are like their own programming language; you can run small programs. And…
Cavanaugh: The sort of annotations only models that look most likely to be successful because it’s easy to reason about a string or number. But when you get into much more complex types that TypeScript lets you write, having the runtime evaluate those questions in a consistent manner is a lot more difficult than not.
Listen to the full interview here: