Meet deno for the first time

2020-10-28 18:50:37 / five thousand two hundred and five / Default classification

What is deno?

A new real-time compiling language (the author is also the founder of Node)
Deno has a built-in V8 engine to interpret JavaScript. At the same time, it also has a built-in tsc engine to interpret TypeScript
Deno is developed in Rust language, and the latest development version is 1.5

What does it solve?

Solve the problem of node's extended dependency and asynchronous confusion for a long time

What are its characteristics

Unlike the requirement in node, deno imports the package through url, without npm
The imported package will be cached locally, and will not be changed unless forced to update with the command
Deno has security control. By default, scripts do not have read/write permissions.
If the script is not authorized to read or write to the file system or network, an error will be reported. You must use parameters to explicitly open permissions

To sum up

Deno is a language similar to node. It is mainly used to solve the confusion and security problems of npm dependency packages, as well as some defects in node
The npm in node and the composer in php are both born for expansion. They have amazing similarities. They both cache packages locally from various platforms and perform some update and download operations
However, because the developers are good and bad, especially the dependency package of npm, it is really smelly and long, because no one knows what dependencies are introduced, and what dependencies are introduced into dependencies. This leads to the node_modules of node being larger and more complex than in actual use. Relatively speaking, the package of composer is relatively independent, but similar situations may occur
For developers, relying on the introduction and centralized management of packages undoubtedly greatly facilitates developers. We can go to the official website of NPM or Composer to search and use packages
But at the same time, a new type of security problem can not be ignored. Because these dependent packages have no audit mechanism, anyone can publish their own packages on them
If it is used by some bad developers to intentionally add injected code to their published packages, this is undoubtedly a very dangerous behavior, which is very likely to cause the developed code to be injected and controlled by a third party
The emergence of deno has shown me the dawn. The independent writing authority for scripts can make the illegal dependency package disappear
So far, Deno1.5 is still in the development stage. It is recommended to learn from it, but not recommended to use it in the official environment. When the version stabilizes, it is time to show your talents

Relevant learning materials

1. Deno domestic forum: https://deno.js.cn/
2. Ruan Yifeng's weblog: http://www.ruanyifeng.com/blog/2020/01/deno-intro.html
3. First acquaintance with deno (translation): https://segmentfault.com/a/1190000019939289
4. Deno Chinese Manual: https://manual.deno.js.cn/introduction.html

remarks

The above views are understood by me. If you are wrong, please refer to other materials

 Gravatar