upvote

points

by satvikpendem2 hours ago |
comments
upvoteby sheept1 hours ago|
next
[-]
Deno's goal was to address Node's design weaknesses, while Bun came out with the promise of faster performance. Especially if you're coming from Node or migrating an existing project, it's easier to justify switching to Bun than to Deno.

Since then, all three runtimes have been gradually converging (adopting Web APIs, first class TypeScript support), so there's little reason to move away from Node's vast ecosystem to Deno; most npm packages weren't made with Deno's security model in mind.

Deno's biggest strength is when you want its security model and don't plan on using npm packages, e.g. if you want to let agents write and run quick scripts on your machine without awaiting your permission.

reply
upvoteby coffeebeqn43 minutes ago|
parent|
next
[-]
In my area it feels like it’s competing against go which is a language purposefully designed for the thing we’re building and has a great tool chain already. I never really wanted JavaScript. It’s not a very thoughtfully designed language and the not very good design was made for the browser. I just used node because it was simple to get it working. And you have bun and things like that competing for the space too
reply
upvoteby sysguest1 hours ago|
parent|
prev|
[-]
yeah it's such a pity deno's security features could have made recent npm attacks moot...
reply
upvoteby sheept57 minutes ago|
parent|
next
[-]
The recent npm supply chain attacks relied on lifecycle scripts, which Deno doesn't run by default, but neither do pnpm or Bun. While Deno, like npm, supports a minimum release age, it doesn't enable it by default.
reply
upvoteby sysguest54 minutes ago|
parent|
[-]
well deno has 'allow-read' 'allow-write' kind of permission, so if something tries to read from my ~/.ssh or other important folder, it can just block it

even with blocking lifecycle scripts, the attacker could have planted it somewhere else or just trick the dev somehow to run it

reply
upvoteby cyanydeez56 minutes ago|
parent|
prev|
[-]
the problem was at the start of deno, it didn't integrate with npm; the same way Macintosh used to be free of virus and trojan horses was because people just didn't use it enough.
reply
upvoteby diegof791 hours ago|
prev|
next
[-]
Mainly DX.

Deno has many of those things now, but my past experience wasn’t good. The first versions of Deno had a lot of friction; Bun however was more or less useful from day 1.

reply
upvoteby jitl23 minutes ago|
prev|
next
[-]
Deno originally was not Node compatible at all, and required you to do everything in a Deno way:

- Deno plugin in editor, otherwise types dont work

- All imports via absolute URL, like Golang

- No backwards compatibility, so no existing code worked.

Since Deno 2, they've taken Node compatibility much more seriously, hence the 50% to 70% compatibility jump claimed here.

Bun on the other hand, tried to make things Just Work without requiring any thinking for Nodejs / TypeScript developers. It's basically the `node` development experience with all incidental frictions removed (but some segfaults added).

tl;dr: you can use `bun` to write node projects, but `deno` can only be used for deno projects

reply
upvoteby STRiDEX56 minutes ago|
prev|
next
[-]
Bun simplified the pain with the ecosystem switch to esm. deno, at the time, made it worse by doing stuff with url based packages that didn’t fully catch on
reply
upvoteby sysguest1 hours ago|
prev|
next
[-]
well benchmarks that's why

if the numbers look good, I pick it up -- though whether the numbers actually hold in reality is... well something I should check... but won't due to laziness...

I should check actual perf numbers... well next week or month?

reply
upvoteby 48 minutes ago|
prev|
[-]
deleted
reply