Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Node.js' success exposes its weaknesses

Paul Krill | Jan. 13, 2017
The server-side JavaScript juggernaut's complexity and vulnerabilities still bedevil many devs

Input Logic has not found Node to be successful for use in long-running tasks with a heavy amount of disk I/O. The company’s primary back-end services, APIs, and worker queues have been moved to Python.

But the Node.js Foundation is quick to defend Node, especially around security.

“The Node.js Project takes security very seriously,” foundation community manager Mikeal Rogers says. “Node.js has one of the most secure out-of-the-box SSL configurations, and we take pride in our security process. We were one of the first open source projects that went through and passed the Core Infrastructure Initiatives best-practices badges program from the Linux Foundation.”

Node has proved its ability to scale at organizations such as Walmart and Uber, Rogers says. It also can be used for CPU-intensive tasks, stresses David Mark Clements, a Node working group member and an architecture and performance consultant.

“In practice, Node.js performs well for CPU-intensive tasks, but when a bottleneck occurs there are thousands of C/C++ libraries that Node.js can connect with to perform at the best possible speed,” Clements says.

Moreover, Node.js fits cloud deployments nicely, he adds. “In an application, there is often a group of servers to handle the HTTP requests, and a group of servers to handle the CPU-intensive tasks. Both groups can scale automatically based on demand.”

Addressing NPM dependency issues, Node apps can total hundreds of dependencies, which Matteo Colina, Node Core collaborator and consultant, called a “great” thing.

“Node.js has an unprecedented level of code reuse through projects and throughout the whole ecosystem,” Colina says. “This is often one of the main reasons why people choose Node.js: It has a vast module ecosystem, so developers don’t have to continually reinvent the wheel. If we developers can reuse code, we can develop new projects quicker.”

That said, NPM suffered a calamity last year when the removal of a 17-line NPM module caused others to fail. Node services vendor NodeSource is working to curate modules to prevent situations like this.

Even Vickery gives Node a nod, albeit with reservations.

“Node can be superhelpful for some things, NPM build scripts come to mind, but I find most of the products we build quickly outgrow its other use cases,” he says.

Shan lauds the Node community. “The community has a hell lot of modules and packages, which makes development supereasy for the developers. Even beginners are being able to write very handsome code.”

Kadlec sees Node security getting better. “The awareness is improving and the tooling is improving.”


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.