Another critic, consultant Paul Shan, of the Void Canvas blog, has found issues with Node being single-threaded. “You really have to design your devops things very well to use your server machine properly. I think this is the biggest problem with Node.”
Meanwhile, the company Snyk is building a business tending to vulnerabilities in Node.js and Ruby apps. Here, Tim Kadlec, Snyk’s head of developer relations, sees Node’s issues as similar to those of other open source platforms.
Vickery describes the NPM ecosystem as “huge and dead easy,” meaning the ease of publishing packages adds to package noise.
“Anyone can submit a trivial amount of usually untested code as an official package. As soon as it has a decent amount of downloads per day or stars on GitHub, it’s now been vetted and ready for production, apparently,” Vickery says. This leads to the rise and fall of heavily used packages at a ridiculous pace, he adds. “Our team found we often had to switch packages halfway through a project due to development stalling and issues being fixed in a new-and-improved package.”
Sign up for CIO Asia eNewsletters.