TNS
SUBSCRIBE
Join our community of software engineering leaders and aspirational developers. Always stay in-the-know by getting the most important news and exclusive content delivered fresh to your inbox to learn more about at-scale software development.
REQUIRED
 
It seems that you've previously unsubscribed from our newsletter in the past. Click the button below to open the re-subscribe form in a new tab. When you're done, simply close that tab and continue with this form to complete your subscription.
Welcome and thank you for joining The New Stack community!
Please answer a few simple questions to help us deliver the news and resources you are interested in.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Great to meet you!
Tell us a bit about your job so we can cover the topics you find most relevant.
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
REQUIRED
Welcome!

We’re so glad you’re here. You can expect all the best TNS content to arrive Monday through Friday to keep you on top of the news and at the top of your game.

What’s next?

Check your inbox for a confirmation email where you can adjust your preferences and even join additional groups.

Become a TNS follower on LinkedIn.

Check out the latest featured and trending stories while you wait for your first TNS newsletter.

PREV
of
NEXT
VOXPOP
Do You Resent AI?
If you’re a developer, do you resent generative AI’s ability to write code?
Yes, because I spent a lot of time learning how to code.
0%
Yes, because I fear that employers will replace me and/or my peers with it.
0%
Yes, because too much investment is going to AI at the expense of other needs.
0%
No, because it makes too many programming mistakes.
0%
No, because it can’t replace what I do.
0%
No, because it is a tool that will help me be more productive.
0%
No, I am a highly evolved being and resent nothing.
0%
I don’t think much about AI.
0%
 
Open Source Cloud Native Ecosystem Containers Edge Computing Microservices Networking Serverless Storage
Navigating Open Source Software Risks: Whose Job Is It Anyway?
May 16th 2024 12:58pm, by Aaron Linskens
Is Community-Backed Open Source Software Worth the Risk?
May 16th 2024 9:00am, by Tyler Jewell
Open Source Initiative Hits the Road to Define Open Source AI
May 14th 2024 5:00am, by Heather Joslyn
The xz Hack Revealed a Looming $8.8 Trillion Infrastructure Disaster
May 10th 2024 10:00am, by Luis Villa
Why Apache Cassandra 5.0 Is a Game-Changer for Developers
May 10th 2024 6:09am, by Anil Inamdar
Cloud Computing at the Edge: From Evolution to Disruption
May 16th 2024 10:00am, by Yoram Novick
From Cards to Clouds: A Family Tree of Developer Tools
May 15th 2024 8:53am, by David Eastman
Open Source Is at a Crossroads
May 7th 2024 10:00am, by Bill Doerrfeld
How To Build a Scalable Platform Architecture for Real-Time Data
May 3rd 2024 8:35am, by Christina Lin
How Giant Swarm Is Helping to Support the Future of Flux
Apr 22nd 2024 7:59am, by Heather Joslyn
Red Hat Podman 'Lab' Gets Developers Started on GenAI
May 15th 2024 7:08am, by Joab Jackson
Docker Testcontainers Now Available on Red Hat's OpenShift
May 10th 2024 8:06am, by B. Cameron Gain
Kubernetes Gets Back to Scaling with Virtual Clusters
Apr 25th 2024 7:01am, by Alex Williams
What Does WebAssembly Mean for the Server and GenAI?
Apr 23rd 2024 10:03am, by Ryan Wallner
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by B. Cameron Gain
Cloud Computing at the Edge: From Evolution to Disruption
May 16th 2024 10:00am, by Yoram Novick
Ambient AI? Humane's 'Ai Pin' Embarks on a Dream's Long Road
Apr 21st 2024 6:00am, by David Cassel
Chipmakers Putting a Laser Focus on Edge AI
Apr 12th 2024 10:06am, by Jeffrey Burt
The Future of AI: Hybrid Edge Deployments Are Indispensable
Mar 22nd 2024 10:00am, by Luis Ceze
How RapidAI Uses Edge, Kubernetes and AI to Boost Stroke Care
Mar 15th 2024 10:30am, by Charles Humble
Why Shift Testing Left Part 2: QA Does More After Devs Run Tests
May 15th 2024 9:12am, by Nočnica Mellifera
Red Hat Podman 'Lab' Gets Developers Started on GenAI
May 15th 2024 7:08am, by Joab Jackson
Taking a 'Machine-First' Approach to Identity Management
May 13th 2024 11:47am, by Susan Hall
Composability to Jamstack: Drilling Down on Frontend Terms
May 10th 2024 5:00am, by Loraine Lawson
API Design Is Pretty Bad — Here's How to Fix It
Apr 3rd 2024 6:01am, by Lebin Cheng
Thwart Ops Sprawl With a Unified Data Plane 
May 15th 2024 12:00pm, by Eric Braun
Cilium's Past Points to Its Future 
May 3rd 2024 5:00am, by B. Cameron Gain
Guider Daemon Automates Linux Performance Monitoring
Apr 19th 2024 11:16am, by Joab Jackson
Enhancing Kubernetes Network Security with Microsegmentation
Apr 11th 2024 6:23am, by Dhiraj Sehgal
Tetrate Enterprise Gateway for Envoy Graduates
Apr 10th 2024 9:00am, by Steven J. Vaughan-Nichols
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by Henry Hamid Safi
Meet DBOS: A Database Alternative to Kubernetes 
Mar 12th 2024 4:00am, by Joab Jackson
Pulumi Templates for GenAI Stacks: Pinecone, LangChain First
Feb 21st 2024 9:00am, by Joab Jackson
CNCF CloudEvents: A Li'l Message Envelope That Travels Far
Jan 31st 2024 4:00am, by Joab Jackson
Bringing the AWS Serverless Strategy to Azure
Jan 19th 2024 6:00am, by Rak Siva
Why and How Teams Are Replacing External Database Caches
May 14th 2024 7:09am, by Felipe Cardeneti Mendes
Valkey: A Redis Fork With a Future
May 2nd 2024 7:50am, by Alex Williams
How to Get Peak Performance without a Vast Amount of Memory
Apr 9th 2024 10:17am, by Behrad Babaee
From Postgres to ScyllaDB NoSQL, with a 349x Speed Boost 
Apr 1st 2024 11:27am, by Cynthia Dunlop
The Architect’s Guide: A Modern Data Lake Reference Architecture
Mar 26th 2024 9:17am, by Keith Pijanowski
AI Large Language Models Frontend Development Software Development API Management Python JavaScript TypeScript WebAssembly Cloud Services Data Security
KPMG's CEO Poll: Labor Markets, 4-Day Workweeks, and GenAI
May 16th 2024 3:00am, by
Inference Is Table Stakes. That's a Good Thing for Ampere
May 15th 2024 1:36pm, by
Building Smarter Chatbots With Advanced Language Models
May 15th 2024 10:59am, by
A Guide to Model Composition
May 15th 2024 10:00am, by
Red Hat Podman 'Lab' Gets Developers Started on GenAI
May 15th 2024 7:08am, by
Building Smarter Chatbots With Advanced Language Models
May 15th 2024 10:59am, by
Enhancing AI Coding Assistants with Context Using RAG and SEM-RAG
May 14th 2024 12:13pm, by
4 Reasons Your AI Agent Needs Code Interpreter
May 13th 2024 10:00am, by
Do Enormous LLM Context Windows Spell the End of RAG?
May 10th 2024 10:36am, by
Pairing With AI: A Senior Developer's Journey Building a Plugin
May 9th 2024 8:20am, by
How to Handle Platform-Specific Dependencies in Kotlin Multiplatform
May 16th 2024 11:30am, by
Outer Excuses: Why JavaScript Developers Should Learn SQL
May 16th 2024 4:00am, by
Devs Get AI Pixie Dust at Google I/O — But AI Search Impact?
May 14th 2024 11:12am, by
Static Sites Do Scale: Eleventy vs. Next.js at 11ty Event
May 13th 2024 7:24am, by
Spring Framework Has Three Major Pitfalls — Here’s What To Do
May 13th 2024 6:58am, by
From Cards to Clouds: A Family Tree of Developer Tools
May 15th 2024 8:53am, by
Vendors Address the Explosion in API Use
May 14th 2024 8:29am, by
What Is Python's Django?
May 14th 2024 6:52am, by
How Golang Range Simplifies Data Structure Iteration
May 10th 2024 5:00pm, by
How To Use Pyscript To Create Python Web Apps
May 10th 2024 9:41am, by
Vendors Address the Explosion in API Use
May 14th 2024 8:29am, by
New Postman Release Supports AI API Development With ... AI
May 8th 2024 8:08am, by
In a TypeScript World, Code Generation Is Key for API SDKs
May 8th 2024 4:00am, by
TypeScript Meets API Design in Microsoft's Game-Changing TypeSpec
May 7th 2024 7:30am, by
5 Lessons From LinkedIn’s First Foray Into GenAI Development
May 2nd 2024 3:00am, by
What Is Python's Django?
May 14th 2024 6:52am, by
How To Use Pyscript To Create Python Web Apps
May 10th 2024 9:41am, by
What Are Loop Controls in Python and How Do You Use Them?
Apr 26th 2024 4:00am, by
Apache NiFi 2.0.0: Building Python Processors
Apr 25th 2024 1:14pm, by
How to Use Low-CVE Chainguard Container Images on Docker Hub
Apr 19th 2024 8:04am, by
Outer Excuses: Why JavaScript Developers Should Learn SQL
May 16th 2024 4:00am, by
Static Sites Do Scale: Eleventy vs. Next.js at 11ty Event
May 13th 2024 7:24am, by
Composability to Jamstack: Drilling Down on Frontend Terms
May 10th 2024 5:00am, by
Dev News: Google Dev Layoffs, Flow Updates, Jira AI Assistant
May 4th 2024 4:00am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
In a TypeScript World, Code Generation Is Key for API SDKs
May 8th 2024 4:00am, by
TypeScript Meets API Design in Microsoft's Game-Changing TypeSpec
May 7th 2024 7:30am, by
Dev News: React 19 Beta and Redwood Tests React Server Components
Apr 27th 2024 4:00am, by
Dev News: Deno Supports Open Source Repository JSR and an Offline AI
Mar 30th 2024 4:00am, by
Advanced OOP in TypeScript: Interfaces and Abstract Classes
Mar 22nd 2024 10:30am, by
Grafana’s Radical App Platform: WebAssembly, Kubernetes and APIs 
May 15th 2024 8:00am, by
Serverless WebAssembly: Security, Speed ... and Startup Times
May 8th 2024 11:23am, by
WebAssembly Adoption: It's Complicated, Says CNCF Survey
May 1st 2024 8:28am, by
Node.js 22 Release Improves Developer Experience
Apr 30th 2024 11:10am, by
WebAssembly, Large Language Models, and Kubernetes Matter
Apr 30th 2024 7:51am, by
Cloud Computing at the Edge: From Evolution to Disruption
May 16th 2024 10:00am, by
How to Conquer Cold Starts for Better Performance
Apr 25th 2024 9:17am, by
IBM Purchases HashiCorp for Multicloud IT Automation
Apr 24th 2024 3:23pm, by
Going Cloud Native? Get Ahead of Challenges Before They Start
Apr 19th 2024 10:29am, by
Answers to the 5 Most Common Cloud Cost-Optimization Questions
Apr 17th 2024 7:38am, by
How Open Source and Time Series Data Fit Together
May 16th 2024 7:09am, by
Outer Excuses: Why JavaScript Developers Should Learn SQL
May 16th 2024 4:00am, by
Inference Is Table Stakes. That's a Good Thing for Ampere
May 15th 2024 1:36pm, by
Why and How Teams Are Replacing External Database Caches
May 14th 2024 7:09am, by
Do Enormous LLM Context Windows Spell the End of RAG?
May 10th 2024 10:36am, by
Navigating Open Source Software Risks: Whose Job Is It Anyway?
May 16th 2024 12:58pm, by
Is Community-Backed Open Source Software Worth the Risk?
May 16th 2024 9:00am, by
Why Developers Will Take Charge of Security, Tests in Prod
May 14th 2024 11:09am, by
Taking a 'Machine-First' Approach to Identity Management
May 13th 2024 11:47am, by
The xz Hack Revealed a Looming $8.8 Trillion Infrastructure Disaster
May 10th 2024 10:00am, by
Platform Engineering Operations CI/CD Tech Careers Tech Culture DevOps Kubernetes Observability Service Mesh
Platform Engineering Rules the Day: Eight Key Themes
May 16th 2024 10:30am, by Torsten Volk
Platform Teams: Start Small to Win Big
May 16th 2024 7:39am, by Aeris Ransom
Why Developers Will Take Charge of Security, Tests in Prod
May 14th 2024 11:09am, by Loraine Lawson
Optimize AI at Scale With Platform Engineering for MLOps
May 9th 2024 10:00am, by Kevin Cochrane
Composable Platforms Are Promising, but Not a Silver Bullet
May 9th 2024 6:42am, by Michel Murabito
Platform Teams: Start Small to Win Big
May 16th 2024 7:39am, by Aeris Ransom
Thwart Ops Sprawl With a Unified Data Plane 
May 15th 2024 12:00pm, by Eric Braun
Trend Report: Merging Observability and IT Service Management
May 15th 2024 7:19am, by Assaf Resnick
Mitigating Software Outages: Shifting Left Observability
May 14th 2024 11:53am, by Eran Kinsbruner
The Art of Merging Legacy Tech and Modern AI-Driven Infrastructure
May 14th 2024 10:00am, by Jeremiah Stone
How To Build With GraalVM Inside GitHub Actions
May 14th 2024 9:10am, by Fabio Niephaus
Docker Testcontainers Now Available on Red Hat's OpenShift
May 10th 2024 8:06am, by B. Cameron Gain
Gatekeepers Limit Continuous Delivery's Benefits
May 8th 2024 7:16am, by Steve Fenton
Dev Tools: 17 Seconds Shaved Off a Build and a Crowd Went Wild
May 7th 2024 8:00am, by Alex Handy
What Can Incident Teams Learn From Crisis Management?
May 6th 2024 11:25am, by Dormain Drewitz
KPMG's CEO Poll: Labor Markets, 4-Day Workweeks, and GenAI
May 16th 2024 3:00am, by David Cassel
Choosing a Linux Distribution
May 13th 2024 10:58am, by Damon M. Garn
Tips for Building a Platform Engineering Discipline That Lasts
May 6th 2024 10:00am, by David Sandilands
Dealing With Chaos: A Guide for Leaders Feeling Overwhelmed at Work
May 2nd 2024 10:00am, by Lena Reinhard
3 Reasons Data Engineers Are the Unsung Heroes of GenAI
May 1st 2024 10:00am, by Barr Moses
KPMG's CEO Poll: Labor Markets, 4-Day Workweeks, and GenAI
May 16th 2024 3:00am, by David Cassel
BASIC at 60: How This Simpler Language Impacted Programming
May 9th 2024 7:00am, by Todd R. Weiss
Boost Developer Productivity by Reducing Their ‘Paper Cuts’
May 6th 2024 10:15am, by Jennifer Riggins
7 Tips for Fostering Stronger Communication in Outsourced Projects
May 2nd 2024 7:24am, by Liz Ryan
‘Opinionated’? You Should Contribute to The New Stack
Apr 30th 2024 1:19pm, by Heather Joslyn
Platform Teams: Start Small to Win Big
May 16th 2024 7:39am, by Aeris Ransom
Thwart Ops Sprawl With a Unified Data Plane 
May 15th 2024 12:00pm, by Eric Braun
Why Shift Testing Left Part 2: QA Does More After Devs Run Tests
May 15th 2024 9:12am, by Nočnica Mellifera
From Cards to Clouds: A Family Tree of Developer Tools
May 15th 2024 8:53am, by David Eastman
Mitigating Software Outages: Shifting Left Observability
May 14th 2024 11:53am, by Eran Kinsbruner
Platform Engineering Rules the Day: Eight Key Themes
May 16th 2024 10:30am, by Torsten Volk
Thwart Ops Sprawl With a Unified Data Plane 
May 15th 2024 12:00pm, by Eric Braun
Grafana’s Radical App Platform: WebAssembly, Kubernetes and APIs 
May 15th 2024 8:00am, by B. Cameron Gain
Kubernetes 1.30 Gets Better at Naming Things
May 6th 2024 9:14am, by Joab Jackson
Cilium's Past Points to Its Future 
May 3rd 2024 5:00am, by B. Cameron Gain
Platform Engineering Rules the Day: Eight Key Themes
May 16th 2024 10:30am, by Torsten Volk
Grafana’s Radical App Platform: WebAssembly, Kubernetes and APIs 
May 15th 2024 8:00am, by B. Cameron Gain
Trend Report: Merging Observability and IT Service Management
May 15th 2024 7:19am, by Assaf Resnick
Mitigating Software Outages: Shifting Left Observability
May 14th 2024 11:53am, by Eran Kinsbruner
Tips for Controlling the Costs of Security Tools
May 8th 2024 10:00am, by Johnny Fitrakis
Enhancing Business Security and Compliance with Service Mesh
Apr 1st 2024 10:00am, by Ninad Desai
Some Linkerd Users Must Pay: Fear and Anger Explained
Feb 28th 2024 9:21am, by B. Cameron Gain
Buoyant Revises Release Model for the Linkerd Service Mesh
Feb 21st 2024 9:30am, by Joab Jackson
Istio Advisor Plus GPT: Expert System Meets AI for Service Mesh
Dec 14th 2023 12:15pm, by Steven J. Vaughan-Nichols
Using JWTs to Authenticate Services Unravels API Gateways
Nov 8th 2023 6:53am, by Christian Posta and Peter Jausovec
Frontend Development / Security / Software Development

Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry

The creator of Node.js and Deno has a new mission: Securing JavaScript packages against malicious users.
May 1st, 2024 6:00am by
Featued image for: Ryan Dahl: From Node.js and Deno to the ‘Modern’ JSR Registry

Ryan Dahl keeps finding new approaches to familiar tech. More than once, he’s played a central role in the evolution of an existing ecosystem. Now he’s part of an effort to modernize the many modules of code that developers import into their projects every day. And it’s not just upgrading repositories and supply chains, but ultimately the way that secure development gets performed.

On a recent episode of Stack Overflow’s podcast that featured Dahl, StackOverflow editor Ryan Donovan began by acknowledging that Dahl “started the whole JavaScript-on-the-backend movement” — before following it up in 2018 with the Deno runtime for JavaScript, TypeScript, and WebAssembly. On the podcast, Dahl succinctly summarized much of the commercial effort at the Deno project today: “to build, let’s call it, a cloud runtime, a multitenant JavaScript runtime that spans data center regions — spans clouds, even — and is set up to handle many, many users at once.”

But Dahl also recorded the interview just two weeks after Deno had announced the launch of the new JavaScript Registry, which Dahl said will ensure that its published packages “are modern and doing best practices.”

Dahl used the podcast to explain the multiple ambitions behind the project, offering a vision for what a secure repository will look like in the future.

And along the way, he even offered a prediction about what lies ahead for JavaScript…

Why JSR?

Among other things, JSR packages include type declaration files. But Dahl said the new repository is attempting to address the fact that JavaScript has two different module systems that “do not play well with each other” — CommonJS and ECMAScript modules (or ESM). As Dahl sees it, ESM is “now kind of embedded into all of the web browsers, the real way of doing modules.” (“ECMAScript modules have arrived as a standard,” explains the FAQ for the repository.) So the JSR supports ES modules only.

But in addition, “There are more JavaScript runtimes than just Node.js and browsers. With the emergence of Deno, Bun, workerd, and other new JavaScript environments, a Node.js-centric package registry no longer makes sense for the entire JS ecosystem.” And with TypeScript emerging as a de facto standard, “A modern registry should be designed with TypeScript in mind.”

Yet beyond that, Dahl sees it all in a larger context. “Deno in general is attempting to level up JavaScript…” he said on the podcast. “It’s incumbent on us as developers to really move this ecosystem into the future. And Deno is trying to do this at the runtime layer, but what we perceive is, really, a problem at the registry layer where you share code.”

The JSR isn’t meant as a replacement of the current npm package registry, but as an extension, Dahl explained. “In some sense, you can think of it as a superset of npm, kind of in the same way that TypeScript itself is a superset of JavaScript.”

But Dahl has given a lot of thought to npm. “For a very long time, they did not even keep checksums of npm packages. And there have been instances where hackers have gotten into the registry and potentially changed tarballs that were published, and there is no way to know because there is no checksum of those tarballs.” There’s also supply chain issues — the problem of not just malicious pull requests, but malicious code coming from upstream…

JSR attempts to provide more visibility with a simple way to give packages cryptographic signatures. Packages built on GitHub (using GitHub Actions) can provide an OpenID Connect token to JSR that will ultimately publish the corresponding cryptographic signature on the Sigstore blockchain. “We can do these ‘cryptographic attestations’, as they’re called, of where packages got built — and publish them in the package pages and expose these details to users.” In short, it provides a record of where the code is coming from. “And that is important for trust, right?

“It’s building up a web of trust.”

Later Dahl calls it in some ways “an extension of signed commits…”

“Things that I invented in 2010 for Node.js are just not where browsers are going now. And I think there’s a real need to close the gap between browsers.”

—Ryan Dahl

It’s all part of a vision for a more secure future. “At the end of the day, you’re going to take a number of dependencies and build your microservice and then run that as a Docker container in some Kubernetes infrastructure. And it would be very nice… to be able to say all software running inside this Docker container has attestations that trace it all the way back to a verified user somewhere and that there is no code that is running here that we don’t know where it came from.

“We’re kind of building up the infrastructure for this. And what likely will happen is, in the future, every microservice will have clear attribution for all of your dependencies. And that’s very nice — then you have really mitigated the supply chain risk.”

Dahl also stresses that the new repository (unlike npm) “is completely open source. The back end, the front end — the whole thing is open sourced and MIT licensed.”

JSR is not part of the commercial operations of the Deno company. “JSR is for the JavaScript community. It is an attempt to level up JavaScript, and it’s designed to be able to run very cheaply on commodity cloud software… We would eventually like to have this thing be in a foundation and kind of operating independently. We’re trying to build an institution here for the future of JavaScript.”

Now in its “public beta” stage at jsr.io, the JSR is officially billed as a package registry “for modern JavaScript and TypeScript.”

Dahl emphasized on the podcast that it’s not a package manager. “You can use your existing package manager but connect it to this new registry…”

Looking Ahead

At one point Dahl acknowledged that TypeScript was “very, very useful. It has clear utility.” So much so that he predicts its JavaScript-superset-with-types concept “is likely to be codified in standards. Maybe not this year or next year or the year after, but I think over time TypeScript will find its way into the standards and really become part of what JavaScript is.”

When asked for predictions about the future of JavaScript, Dahl started by saying the language is “deeply embedded” in today’s web ecosystem, and “It’s definitely not going away anytime soon… Unlike many other technologies in the world, I feel confident saying that JavaScript will be here five years from now, if not 10, if not 20 years from now.”

He even put it in the most pragmatic possible terms. “Like, your bank depends on JavaScript. It is not going away anytime soon.”

But looking specifically toward what’s to come, Dahl said “The future of JavaScript is browsers. Browsers will always dictate the future of JavaScript.”

So while there’s obviously a large community writing server-side JavaScript, “any server-side code must narrow the gap to browser JavaScript.” It’s part of why they’re pushing ECMAScript modules over CommonJS modules.

“Things that I invented in 2010 for Node.js are just not where browsers are going now. And I think there’s a real need to close the gap between browsers.”

TRENDING STORIES
Group Created with Sketch.
David Cassel is a proud resident of the San Francisco Bay Area, where he's been covering technology news for more than two decades. Over the years his articles have appeared everywhere from CNN, MSNBC, and the Wall Street Journal Interactive...
Read more from David Cassel
SHARE THIS STORY
TRENDING STORIES
TNS owner Insight Partners is an investor in: Deno, Docker, Kubernetes.
TRENDING STORIES
TNS DAILY NEWSLETTER Receive a free roundup of the most recent TNS articles in your inbox each day.