Deno 2.0 finally hatched
Today’s issue: Wtf are causal logs, a forbidden WebComponents cocktail, and a never-ending supply of npm security nightmare fuel.
Welcome to #330.
The Main Thing
Me saying goodbye to the old Deno logo
Deno 2.0 finally hatched
And it looks a lot like its mother, Node.js.
That’s because this release comes with full backwards compatibility for Node and npm, as Deno tries to build “seamless interoperability with legacy JavaScript infrastructure.”
This allows the next-gen runtime to support a much wider range of projects, while still providing features like native TypeScript support, a secure-by-default execution model, and Deno’s all-in-one JavaScript toolchain.
Here’s what that backwards compatibility looks like IRL:
-
Native support for
package.json,node_modules, and npm workspaces enable you to run Deno in any Node project using ESM. -
You can directly import npm packages into Deno via the
npm:specifier – even for more complex packages like gRPC, ssh2, and Prisma. -
You can incrementally adopt pieces of Deno’s toolchain in a Node project, like the blazing
deno installpackage manager anddeno fmtformatter.
But for many OG Deno stans, this shift to backwards compatibility with Node and npm felt like going – well, backwards. Wasn’t Deno supposed to leverage web-standard APIs to save us all from the jankiness of the Node ecosystem?
But to them, I’ll just repeat the advice my grandfather gave me as a kid back in the ’90s: “Network effects are undefeated. And if you’re going to raise $25.9 million from VCs to build a better JS runtime, you better make sure every project out there can use it.” Wise words, Pop-Pop.
Bottom Line: Between Deno, Bun, and Vite’s new VoidZero company, there’s never been more competition in the JavaScript toolchain space. Luckily, that should be good news for all of us.
    |
Our Friends
(With Benefits)
Getting ready for all the 2025 team planning meetings
Sleuth helps your team avoid rework
They created a metrics-driven, AI-powered engineering review tool that’s designed to prevent pointless meetings and time-consuming rework for your team.
How it works:
-
Sleuth gives you an engineering review template for every meeting, from Quarterly Planning to weekly Sprint Reviews.
-
It pre-fills those review templates with data from tools like Jira and GitHub, and summarizes the important parts with AI.
-
It tracks outcomes and action items over time to provide shared context and accountability for everyone.
One CTO said he loves Sleuth because of “how well it fits into every level of my engineering org” – and described how he uses it to drive alignment conversations with his executive team and for sprint reviews at the team level.
Get a personalized demo, and see why teams at Red Bull, Puma, and many more swear by Sleuth.
Spot the Bug
Sponsored by Infinite Red
We are expert US-based consultants who have specialized in high-quality React Native development since 2015! Hire us to build, optimize, deploy, and support your React Native app.
class Person {
#name;
constructor(name) {
this.#name = name;
}
introduce() {
console.log(`Hello, my name is ${this.#name}.`);
}
}
class Student extends Person {
#grade;
constructor(name, grade) {
super(name);
this.#grade = grade;
}
introduce() {
console.log(
`Hello, my name is ${this.#name} and I am in grade ${this.#grade}.`
);
}
}
const student = new Student("John", 5);
student.introduce();
Cool Bits
-
Leerob made this 45-minute video about self-hosting Next.js because he is tired of hearing you make all those jokes about Vercel being “the lock-in mafia.”
-
And because I’m just tired in general, I made this interactive deep dive on Why, When, and How React renders.
-
Cloudflare, Jam, and a bunch of other SaaS companies came together to create the Dev Starter Pack, which is basically a bunch of SaaS discounts for startups.
-
Securing Node.js Express APIs with Clerk and React is an in-depth guide that shows you how to implement authentication in Node.js, so you can make sure your APIs are always secure and reliable. [sponsored]
-
Bad at CSS is a podcast for you, yes you. Your mother and I have been meaning to talk to you about your incompetence with CSS. Please get help, it’s hurting the family.
-
Joel Gustafson wrote this introduction to causal logs. Wtf are those? Don’t worry, I have the perfect blog post for you.
-
Lazar Nikolov and Sarah Guthals are hosting a free workshop on Implementing Clean Architecture in Next.js. It will dive deep into what clean architecture *actually* is, what problems it solves, and how to implement it in a Next.js application with Sentry. [sponsored]
-
Aral Roca created Brisa, an experimental full-stack framework that lets you mix JSX, Server Components, and Server Actions with Web Components – like some sort of forbidden cocktail destined to make everyone angry.
-
The legend himself, Tanner “I contribute more to your company codebase than you do” Linsley went on Syntax to chat about the future of React (TanStack Start).
-
Kush Pandya wrote about how two malicious npm packages facilitate data theft and destruction. Always nice to have a little bit of nightmare-fuel reading before bed.
Private fields are not inherited by subclasses. The #name field is not accessible in the Student class, so the introduce method will throw an error. To fix this, you can add a getter method to the Person class that returns the value of the #name field.
class Person {
#name;
constructor(name) {
this.#name = name;
}
introduce() {
console.log(`Hello, my name is ${this.#name}.`);
}
_getName() {
return this.#name;
}
}
class Student extends Person {
#grade;
constructor(name, grade) {
super(name);
this.#grade = grade;
}
introduce() {
console.log(
`Hello, my name is ${this._getName()} and I am in grade ${this.#grade}.`
);
}
}
const student = new Student("John", 5);
student.introduce();