Development / Open Source

This Week in Programming: Deno Goes Corporate

3 Apr 2021 6:00am, by

A little over a decade ago now, Ryan Dahl created Node.js to enable web developers to run server-side Javascript, and since then, the open source JavaScript runtime has become the default for backend web programming. Dahl, however, argues that there are a number of weaknesses in Node.js, and has since moved on to create Deno, a “simple, modern and secure runtime for JavaScript and TypeScript that uses V8 and is built in Rust,” in response. Launched three years ago now, Deno has garnered some interest among web developers, and this week the project has announced the launch of the Deno Company, with nearly $5M in funding.

The move comes in direct response to what they say is just the “moderate success” of Node.js, arguing that “over a decade later, we find server-side JavaScript hopelessly fragmented, deeply tied to bad infrastructure, and irrevocably ruled by committees without the incentive to innovate.” Deno, they say, is their “attempt to breathe new life into this ecosystem,” which they say has “stagnated.”

Lest you fear that Deno has sold out, they reassure that “Deno will remain MIT licensed,” as they don’t believe that choosing what features will be offered to free versus paid users is the right path forward.

How, you might ask, do they plan to monetize then?

While the announcement doesn’t answer this question directly, it does say that they have been “hinting at commercial applications of this infrastructure for years” and that this is what they plan to pursue, building it with the Deno open source project, rather than attempting to monetize Deno directly.

Currently, the Deno website offers two links — one to the Deno GitHub repository (the open source runtime) and the other to Deno Deploy, “a distributed system that runs JavaScript, TypeScript, and WebAssembly at the edge, worldwide.” Deno Deploy, currently in beta, will allow users to develop locally using the Deno CLI before deploying it to Deno Deploy’s managed infrastructure “in less than a second, without the need to configure anything.” While in beta, the service will remain free, with pricing announced upon general availability.

Indeed, the end of the blog post announcing the Deno Company reads as if a manifesto for such a service, and looks like the obvious way forward for a company looking to take on “server-side” JavaScript without, as many things these days, the need for a server itself.

“Many are more familiar with the Chrome DevTools console than they are with a Unix command-line prompt. More familiar with WebSockets than BSD sockets, MDN than man pages. Bash and Zsh scripts calling into native code will never go away. But JavaScript and TypeScript scripts calling into WebAssembly code will be increasingly common. Many developers, we think, prefer web-first abstraction layers.”

Indeed, as everything seems to move toward serverless this, and serverless that, it seems that a serverless option for (essentially) Node.js would make some sense.

This Week in Programming

  • FSF’s Sinking Ship: Following up on last week’s column regarding the reaction around the controversial reinstatement of Richard M. Stallman (RMS) at the Free Software Foundation (FSF), an article over at ZDNet details how the FSF leaders and supporters are deserting the sinking ship. As we noted at the time, while there were letters of support to both ends of the issue, one consisted of many a notable name and organization, while the other, well… not so much. Not all support is made equal, essentially, and some support, indeed, comes with big strings attached. For example, ZDNet notes that “When Red Hat announced it would no longer be financially supporting the FSF, their words were heard.” The loss of support doesn’t end at Red Hat, and the article goes on to chronicle the various voices in the open source industry who have publicly called for change at the FSF in response to RMS’s reinstatement. “With internal dissent, harsh external criticism, and reduced financial resources, it’s hard to see the FSF continuing in any kind of meaningful fashion so long as Stallman remains on the board or in any other leadership position,” they conclude. Indeed, while petitions and tweet storms are one thing, funding is another entirely.

  • GitHub Tweaks Mobile Notifications: When GitHub first introduced its mobile app late last year, we commented on how their utopian vision of being able to do code reviews “while taking a walk or sipping coffee on their balcony” (their words) was perhaps less idyllic than it sounds. While we’re sure they weren’t listening to us, perhaps others chimed in with the same thoughts about work/life balance, and the company this week introduced new features around push notifications, scheduling, releases and more. While the app now allows users to get push notifications for when you’ve been requested to review a pull request, assigned a task, or requested to approve a deployment for a protected environment, it also now allows users to set up “Working Hours.” “Whether you’re setting some focus time for your side project after hours or just making sure you’re not checking in on work while you’re not actually working, this feature will allow you to specify a timeframe for pausing notifications,” they write. In addition to working hours, users can also customize their watch settings for an individual repository on mobile, enabling them to opt-in to a subset of actions they’d like to receive notifications for. Here’s to drinking your coffee and taking mental breaks in notification-less peace.
  • Cherry-Picking Comes to GitHub Desktop: GitHub has also announced that GitHub Desktop now supports cherry-picking, which it says is one of the most requested features from the past year. The feature comes to GitHub Desktop 2.7, allows users to copy commits from one branch to another by drag-and-drop. Beyond this, GitHub says that there are “several goodies that come with cherry-picking,” including the ability to undo, perform conflict resolution, and cherry-pick via menu rather than drag-and-drop, if so desired.

  • GitHub Ups Its Security Game: One final, quick update from the world of GitHub: the company has offered two updates to GitHub Advanced Security in the form of a beta of a new security overview and the recently-announced general availability of secret scanning for private repositories. The overview, as you might expect, gives a “high-level view of the application security risks a GitHub organization is exposed to,” while the secret scanning expansion includes an additional 35 partners.
  • PHP Gets Rid of its Own Git: It appears that PHP suffered a supply chain attack this past week, according to a message to php.internals by PHP maintainer Nikita Popov, and the PHP teams has “decided that maintaining our own git infrastructure is an unnecessary security risk, and that we will discontinue the server,” instead moving everything over to GitHub. The move has some implications for how developers will be able to contribute to PHP, which Popov briefly addresses in his message. Long story short, “While previously write access to repositories was handled through our home-grown karma system, you will now need to be part of the php organization on GitHub,” wrote Popov, noting that they would also need to enable 2FA. For a bit more reading on the topic, check out our own look at how the PHP supply chain attack shows open source’s virtues and vices.

Feature image: The Deno logo.

A newsletter digest of the week’s most important stories & analyses.