Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

> wrote everything in Node, but absolutely _refused_ to use any existing libraries except for ones he personally wrote. He didn't "trust" them.

Sounds like the single sensible thing he did. Have you seen the npm ecosystem?



Are node apps getting way more hacked than say php or java servers? Was his code any better?


There are frequently posts on HN about NPM packages getting compromised.

Of the top 10 posts on HN about NPM in the past 30 days[1], 9 are about security problems, and last 1 is about package spam.

[1] https://hn.algolia.com/?dateRange=pastMonth&page=0&prefix=fa...


Node apps tend to depend on a far, far wider pool of maintainers.

To illustrate: A new Ruby on Rails app has 1/10th the number of maintainers in its dependency list than a new create-react-app codebase.


A create-react-app app is not a node app (It has a node dev server, but it's a front-end JS app), so its a weird thing to reach for to illustrate a point about node apps.


Why would you use node, if it wasn’t for the vast package exosystem?


Path of least resistance?

Picking a language (and possibly runtime) is a pretty huge investment if you intend to become proficient. A lot of people like to think that they are polyglot programmers and that language doesn't really matter. But it does. It takes a few years to become a decent programmer in a given language. And if people claim it takes just weeks or a couple of months, it really only tells you that they have very low standards.

If you are familiar with a given language, ecosystem and runtime, and you care about productivity and quality, the path of least resistance is to stick to what you know. Taking on a major project in a language you don't know is a risky proposition. In terms of quality, time, and even in terms of being able to deliver something acceptable.

I tend to have a main workhorse language. It typically takes 2-3 years to reach an acceptable level of comfortable familiarity with a new language. If history is any guide I tend to stick to the same language for 5-10 years. 5 years ago I switched from Java to Go. I mostly worked mostly as a manager at the time, which is why it took longer to reach what I think is an acceptable level. I'd say it is only in the last 18 months or so I've started feeling sufficiently competent in Go to call myself a Go programmer.

That being said: I think the JS space is both a poor technical choice and a poor career choice. The whole ecosystem is janky as fuck, you have to spend a lot of time dealing with silly complexity that tries to fix the jankiness, and the type of work you get isn't very attractive.


It takes years to become acquianted with the library ecosystem of a given language. If you're going to write everything from scratch (especially in a language with an extremely bare-bones standard library), it takes maybe months to become proficient with any language in a paradigm you already know, save a few extremes (C++).




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: