Myth 1: Node.js isn’t secure
In 2017, npm released their npmE — an enterprise version of their package manager that allowed running npm’s infrastructure behind a firewall, providing companies with access control vulnerability detection (it notified about any vulnerable package when you ran `npm install`). After npm was acquired by GitHub in the beginning of 2020, they moved the npmE under their GitHub Enterprise brand, offering secure solutions for various technologies.
And if you’re worried about XSS or CFSR attacks, which are one of the most common security issues pointed out in Node.js, you can use solutions like DOMPurify or Google’s Closure Tools to prevent Cross Site Scripting and implementation of Anti-CSRF tokens will deal with the Cross Site Forgery Requests.
After all, the security is not only about tools or technology you decide to use, but how you implement it.
- 16 companies that use Node.js in their apps
- 5 desktop apps you wouldn’t think are build using Electron
Node.js, for instance, is an incredibly scalable technology, especially when used for building microservices and serverless architecture. Microservices allow you to scale only those parts of application that are seeing a surge in traffic, making it easier to manage, and you can interconnect different parts of the app written in different languages.
Serverless can also be used in various ways, at Software Brothers, one of the tasks we use serverless for is to quickly setup testing environments. As our experience shows, the performance of such solutions can be much faster than server-based development.
Myth 4: Because it’s so commonly used in browsers and web development, it’s not suitable for other uses
Native developers would say so. And there’s some truth to that, but you need to understand a few things.
I also wrote an in-depth piece on the most well-known companies that are using React Native in their mobile apps, so you might want to give it a check.
Benefit 1: Versatility
This also results in easier recruitment of talent and, in case of startups, one developer can develop both frontend and backend.
Benefit 2: Active community
AdminBro, our auto-generated Node.js admin panel, is a great example of an active community. We’ve created a dedicated Slack community channel where everyone can ask their questions and our developers — or other contributors and users — give answers and help you implement the solution if you’re having trouble.
Also, if you’d like some numbers for a proof, according to ModuleCounts.com, npm sees as many as 878 new packages added to the registry daily. The second place is taken by PyPI with only 192 packages per day. Ain’t that saying something?
Benefit 3: Scalability
Benefit 4: Constant updates
In my opinion, it's not even peaked yet and there’s much more to expect from it.
Benefit 5: Easy to adopt and maintain
I’ve talked about this briefly earlier, so let me elaborate.
Benefit 6: Enterprise-grade performance
I think numbers speak louder than words, so let's have a look at numbers.
Netflix switched from Java to Node.js on their backend and as a result managed to reduce the startup time from 40 minutes to under 1 minute.
PayPal also switched from Java to Node.js in 2013 and that resulted in 200ms faster page response time as well as doubled the number of requests their backend could handle per second.
GoDaddy’s Website Builder migrated from C# and SQL Server to Node.js CassandraNoSQL and managed to reduce the number of servers tenfold.
I can go on, but I guess you get the gist.
Benefit 7: Single package manager
npm is one of the largest developers ecosystems in the world with over 1 555 459 packages in the main npm registry as of Mar 21, 2021.
As you can see in the image above, the npm community simply crushes the rest of the technologies. Yes, many of the libraries are not up to par, but it’s still better to have more than you need, not less. This means you won’t have to write many of the features your app might need from scratch, as you can use what was written before.
If you’re not sure about the security of said solution, you should use GitHub Enterprise, which I’ve mentioned in the 1st myth.
Till the next time, take care.