C makes you do array out of bounds checks.
Javascript makes you worry about tying up your event loop with eg massive string processing.
Just get a friggin asynchronous JSON parser if you're running it on untrusted client input (ie any client input). It's not that hard.
Maybe node should provide a "tainted" feature for modules to mark variables that are "untrusted" and provide some warnings when functions like JSON.parse are run on them.
The upside of JS is massive - easier to reason about control flow than threads, and much easier to build something much FASTER and efficient than threads.
I think good languages require you to care about things that matter for your domain. For example, C's bounds checks are a consequence of demanding fine-grained control.
The problem for me with Node here is that whole cooperative-multitasking thing doesn't directly buy you anything. It's a historical accident, not a necessary downside of an otherwise-positive choice. That's distinct from a browser or a GUI environment, where letting a single thread control the display and events really does buy you things you care about.
I care about single threadedness and evented paradigm to provide guarantees and simplify my reasoning about things. I know that if I call a function, it will return synchronously, but not necessarily with a callback. I know that my objects won't be clobbered by other threads, etc.
C makes you do array out of bounds checks. Javascript makes you worry about tying up your event loop with eg massive string processing.
Just get a friggin asynchronous JSON parser if you're running it on untrusted client input (ie any client input). It's not that hard.
Maybe node should provide a "tainted" feature for modules to mark variables that are "untrusted" and provide some warnings when functions like JSON.parse are run on them.
The upside of JS is massive - easier to reason about control flow than threads, and much easier to build something much FASTER and efficient than threads.