Where are you using WebAssembly?
Wasm promises to let developers build once and run anywhere. Are you using it yet?
At work, for production apps
At work, but not for production apps
I don’t use WebAssembly but expect to when the technology matures
I have no plans to use WebAssembly
No plans and I get mad whenever I see the buzzword
Software Development

Where TypeScript Excels

Co-creator Luke Hoban and other panelists cover the evolution of one of the most in-demand programming languages by employers today, and what’s next for TypeScript in cloud infrastructure management.
Mar 10th, 2022 2:24pm by
Featued image for: Where TypeScript Excels

Released as an open source in 2012, TypeScript was created as a superset of JavaScript; meaning anything you code in it is transpiled to JavaScript. Since then, TypeScript usage has soared: 69% of respondents now use TypeScript, compared to just 21% six years ago, according to the 2021 State of JS Survey.

In this podcast, we discussed the evolution of one of the most in-demand programming languages by employers today, and what’s next for TypeScript in cloud infrastructure management. We spoke with Ryan Cavanaugh, a principal software engineering manager for MicrosoftLuke Hoban, chief technology officer for Pulumi, who was one of the original creators of TypeScript, and; Daniel Rosenwasser, senior program manager, Microsoft.

The interviews were taken from an episode of The New Stack Makers podcast, recorded earlier this year by TNS editors Darryl Taft and Joab Jackson.

Watch our recap here and our lightly edited transcript of the video:

Alex Williams, The New Stack (host): Hey everyone, Alex Williams from The New Stack here for another episode of The New Stack shorts. Today, we are talking about TypeScript, the ever-popular programming language. We’re looking at the evolution of types themselves. This is all based upon an interview we recently did on the New Stack Makers. JavaScript became so popular, and then people started thinking, wait a second, I can move these applications that are on the desktop over to the Web, let’s use JavaScript. But it didn’t quite do it. And so, they thought, how can we make this better? So, they thought, well, what about types, and that’s when TypeScript came into the picture. Today, what we see is a new frontier beyond the browser, beyond just applications into the world such as infrastructure cloud management.

Luke Hoban, Pulumi: How do we give folks the tools to do that when they’re targeting the web platform, and by the web platform, that means really JavaScript in the browser and all the richness that was supporting it. And that platform was growing incredibly quickly. HTML standard was moving fast. At that period, the ECMAScript JavaScript standard was moving fast. The platform was getting very rich applications: the Delta Engine, the V Engine and the Chakra Engine which were bringing performance to that platform. And so, this tooling piece was sort of one big missing part of that.

Williams: But why types? You would think maybe it is a security matter. We think about security all the time these days. But it really wasn’t about that. It was really about data corruption.

Hoban: TypeScript brings, from my perspective, several security issues. You end up having this when you get past sort of buffer overruns which isn’t fundamentally a kind of a problem in JavaScript. You then get to more logic errors that developers may make where they’re not correctly handling input data in a way which they need to have the right behavior for their components. And TypeScript fundamentally helps by bringing type screening, static type checking. These are tools that fundamentally help developers to create more correct code by default.

Williams: Without types, there could be inadvertent issues that arise. For example:

Ryan Cavanaugh, Microsoft: For example, you can call parseInt() and give it a number and that number will be converted to a string and then back into a number. And you might think that it’s a fine thing to do but there are hostile inputs that can show up here that will not round trip correctly.

Williams: But how do you even trust the types themselves?

Daniel Rosenwasser, Microsoft: There’s an effort called trusted types, where basically, your server says to the client, hey, I want you to validate that anytime that you’re about to put something into a slot in HTML, that needs to be a valid ID string in some capacity. So, TypeScript doesn’t help in that capacity directly because that must be runtime enforced. You need to basically make sure that you’re not just arbitrarily putting a chunk of untrusted stuff onto the page. But TypeScript provides solid tooling early if you’re able to leverage that. If you’re able to say in each of these places on the page: I need to take a trusted string instead of an actual string. Well, TypeScipt supplements the experience because the actual enforcement is in your browser, but you get a hint at a run when you’re editing in your IDE, or editor or whatever, with a little red squiggle saying: “No, you’re putting an arbitrary string here, but I need something that’s actually validated before you do that.” So, security is not really the primary thing. But TypeScript does provide a better experience to some guidelines to help guide you away from some of the pitfalls that you might encounter.

Williams: Today, any number of services are built with TypeScript, check out this perspective.

Rosenwasser: There’s also this effort within Microsoft called Fluid Framework, where you can get something like Figma, or the collaborative editing in Docs, or Word or whatever that you use. And that’s written in TypeScript. That’s a pretty cool use to see like a lot of these newer ideas of opening up new paradigms for people and lowering the barrier to entry is going to have TypeScript as a first-class citizen. And those apps will probably be written in TypeScript because the complexity is required in some cases. And then you see, Google’s got TypeScript as a first-class citizen now. I think most, if not all new projects at Google are using TypeScript, Dropbox. It’s hard because whenever I think about this list, I question, who am I forgetting? I mean who is not using TypeScript.

Williams: And now comes the next frontier for TypeScript: the realm of cloud infrastructure management, coming from the co-creator himself.

Hoban: Languages and in particular, TypeScript, are valuable for cloud infrastructure where folks may be used to managing a handful of things; like small scripts in the web browser. Now they’re managing 10s of 1000s of resources; those things are changing quickly. They’ve got real software complexity you’ve got to manage. And so, bringing those languages into the infrastructure and cloud management space is increasingly important for organizations that want to get the most value out of the cloud platform.

Williams: Types are like their own programming language; you can run small programs. And…

Rosenwasser:  One thing that we’ve recently done is enabled people to write recursive types in a way that is optimized and allows you to go a little bit farther there. So, you can go through all the letters of a string and parse it out. In some cases, we’re just trying to enable the right patterns where you’re able to express what your JavaScript is doing at runtime. We don’t want people to go overboard, but we’re trying not to get them stuck in some cases. So, there’s this pretty cool feature of Tail Call optimization where library authors can use it, and then everybody else benefits from that.

Williams: But in the end, what about types in JavaScript? Would it be cool to just hit f5 to refresh the code? That’d be awesome, wouldn’t it? But then there are other matters, you must think about? What about bundlers? And what about these issues that come with the community and how we view types themselves? That could take a lot of work. But when you think about it overall, our experts say there are really three or four ways to think about types in the browser. At the highest level is static verification, which really serves to verify a type. Next down is a runtime checker, which can show exceptions instead of data corruption. And below that would be annotation. Perhaps most popular of all, the ability to shell comments that you can read in the source code.

Cavanaugh: The sort of annotations only models that look most likely to be successful because it’s easy to reason about a string or number. But when you get into much more complex types that TypeScript lets you write, having the runtime evaluate those questions in a consistent manner is a lot more difficult than not.

Listen to the full interview here:





Group Created with Sketch.
THE NEW STACK UPDATE A newsletter digest of the week’s most important stories & analyses.