docs(website/manual): Manual introduction improvements #3157
Conversation
|
|
|
|
||
| Deno aims to be a productive and secure scripting environment for the modern | ||
| programmer. | ||
| ## Project Status / Disclaimer |
There was a problem hiding this comment.
Calling this "Project Status" makes it a little friendlier.
website/manual.md
Outdated
| Deno provides <a href="https://github.com/denoland/deno/tree/master/std">a set | ||
| of reviewed (audited) standard modules</a> that are guaranteed to work with | ||
| Deno. | ||
| We are [actively working towards 1.0](https://github.com/denoland/deno/issues/2473), but there is no date guarantee. |
There was a problem hiding this comment.
Adds a link for those who want to follow the latest on 1.0.
|
|
||
| - Uses "ES Modules" and does not support `require()`. Like the browser, allows | ||
| imports from URLs: | ||
| It's built on V8, Rust, and Tokio. |
There was a problem hiding this comment.
I think it's a little weird to call it a "secure runtime". "Secure defaults" feels more accurate and to the point. It also leaves less room for argument.
I also added that it has a "great developer experience". I don't think this has historically been a first-class goal, but I think it's in alignment with the project and is part of where we provide value.
I also purposely separated the note about what it's built on. It's somewhat relevant, but it's not the purpose of the project.
website/manual.md
Outdated
| import * as log from "https://deno.land/std/log/mod.ts"; | ||
| ``` | ||
| ### Feature Highlights | ||
|
|
||
| - Remote code is fetched and cached on first execution, and never updated until | ||
| the code is run with the `--reload` flag. (So, this will still work on an | ||
| airplane. See `~/.deno/src` for details on the cache.) | ||
| * Secure by default. No file, network, or environment access (unless explicitly enabled). | ||
| * Supports TypeScript out of the box. | ||
| * Ships a single executable (`deno`). | ||
| * Has built in utilities like a dependency inspector (`deno info`) and a code formatter (`deno fmt`). | ||
| * Has [a set of reviewed (audited) standard modules](https://github.com/denoland/deno/tree/master/std) that are guaranteed to work with Deno. | ||
| * Scripts can be bundled into a single javascript file. | ||
|
|
||
| - File system and network access can be controlled in order to run sandboxed | ||
| code. Access between V8 (unprivileged) and Rust (privileged) is only done via | ||
| serialized messages. This makes it easy to audit. For example, to enable write | ||
| access use the flag `--allow-write` or for network access `--allow-net`. | ||
| ##### On the Roadmap | ||
|
|
||
| - Only ship a single executable. | ||
| * Native modules in Rust. | ||
| * Scripts can be bundled into a binary with the deno runtime. | ||
| * This makes distribution simple and script startup very fast. |
There was a problem hiding this comment.
I created a new section called "Feature Highlights" which helps clean up some of the items in the goal section that weren't really goals per se.
I also think this is an important spot to pitch newcomers on our key features.
I added "Native modules in Rust" because I believe that's a goal and it's 🔥.
I added "Scripts can be bundled into a binary with the deno runtime" because it's also a feature we are pursuing and is a great differentiator.
website/manual.md
Outdated
|
|
||
| - Be able to serve HTTP efficiently. | ||
| ([Currently it is relatively slow.](https://deno.land/benchmarks.html#req-per-sec)) | ||
| Among other things, Deno is a great replacement for utility scripts that may have been historically written with bash or python. |
There was a problem hiding this comment.
I added this note about utility scripts. It's something that we discussed in person and I think really helps the reader understand where Deno could be really useful.
website/manual.md
Outdated
| * Unless specifically allowed, scripts can't access files, the environment, or the network. | ||
| 3. Browser compatible: The subset of Deno programs which are written completely in JavaScript and do not use the global `Deno` namespace (or feature test for it), ought to also be able to be run in a modern web browser without change. | ||
| 4. Be able to serve HTTP efficiently | ||
| 5. Provide a great developer experience include built-in tooling. |
There was a problem hiding this comment.
This is clean up a bit.
website/manual.md
Outdated
| 3. Browser compatible: The subset of Deno programs which are written completely in JavaScript and do not use the global `Deno` namespace (or feature test for it), ought to also be able to be run in a modern web browser without change. | ||
| 4. Be able to serve HTTP efficiently | ||
| 5. Provide a great developer experience include built-in tooling. | ||
| 6. Does not leak browser or V8 concepts into user land. |
There was a problem hiding this comment.
This goal is new, but I thought it was worth discussing.
There was a problem hiding this comment.
#3158 is related in that sense.
website/manual.md
Outdated
| ### Comparison to Node.js | ||
|
|
||
| * Deno does not use `npm` | ||
| * It uses modules referenced as URLs or file paths | ||
| * Deno does not use a `package.json` | ||
| * This is a non-goal. There are effective patterns [citation needed] for managing dependencies. | ||
| * Deno provides different APIs than node. | ||
| * Deno requires explicit permissions for file, network, and environment access. | ||
| * Node is less secure out of the box. | ||
| * Deno always dies on uncaught errors. | ||
| * Uses "ES Modules" and does not support `require()`. Like the browser, allows imports from URLs: | ||
|
|
||
| <!-- prettier-ignore-end --> | ||
| ```ts | ||
| import * as log from "https://deno.land/std/log/mod.ts"; | ||
| ``` |
There was a problem hiding this comment.
I think we dance around this too much. I know we may not want to compare directly to node in some ways, but the reality is that just about everyone who comes to this project will ask about this. Let's address it as clearly and concisely as possible.
website/manual.md
Outdated
| ## Built-in Deno Utilities / Commands | ||
|
|
||
| - Not explicitly compatible with Node. | ||
| * dependency inspector (`deno info`) | ||
| * code formatter (`deno fmt`), | ||
| * bundling (`deno bundle`) | ||
| * runtime type info (`deno types`) | ||
| * test runner (`deno test`) | ||
| * command-line debugger (`--debug`) [coming soon](https://github.com/denoland/deno/issues/1120) | ||
| * linter (`deno lint`) [coming soon](https://github.com/denoland/deno/issues/1880) |
There was a problem hiding this comment.
This section was split out from above so the above contents can be more concise.
website/manual.md
Outdated
| ### Other key behaviors | ||
|
|
||
| - No `package.json`. | ||
| * Remote code is fetched and cached on first execution, and never updated until the code is run with the `--reload` flag. (So, this will still work on an airplane. See `~/.deno/src` for details on the cache.) | ||
| * Modules/files loaded from remote URLs are intended to be immutable and cacheable. |
There was a problem hiding this comment.
I'm not sure if this is the right home for these points, but I didn't want to delete them.
I also added the note about immutable intention which @kitsonk and I talked about a bit. It's an opinionated proposal, but worth discussing.
There was a problem hiding this comment.
Also mentioned this in #3158
|
Please run tools/format.py |
|
@ry It's not super clear the workflow for running I ran yarn at the top level but I still get this error when running I'm sure I'm missing something simple, but some guidance would be helpful. |
|
Is the third_party directory empty? Then maybe you need to run git submodule update —init |
|
Ah, yes my
|
| - No npm. | ||
|
|
||
| - Not explicitly compatible with Node. | ||
| - Modules/files loaded from remote URLs are intended to be immutable and |
There was a problem hiding this comment.
I wonder if this is actually a bug, and cache control should be respected? 😳
There was a problem hiding this comment.
I was talking with @kitsonk about this. I was saying that I think it should be treated as immutable by default to encourage the practice in the community, but I think since putting a bit more thought to it, I think respecting cache headers would be fine. It doesn't prevent immutability from being possible and a best practice in the community.
I think immutability in dependencies matters for a number of reasons, but especially because Deno is striving to be security minded.
One other approach we could use would be something like subresource integrity where we could at least warn the user that a file has changed.
Regardless, I'll probably end up removing this bullet point from this PR and opening it in a separate issue for discussion.
There was a problem hiding this comment.
It looks like subresource integrity has actually been brought up before in #200.
Co-Authored-By: Nayeem Rahman <[email protected]>
andyfleming
changed the title
| in JavaScript and do not use the global `Deno` namespace (or feature test for | ||
| it), ought to also be able to be run in a modern web browser without change. | ||
|
|
||
| - [Aims to support top-level `await`.](https://github.com/denoland/deno/issues/471) |
There was a problem hiding this comment.
Forgot to mention that I purposely deleted this since it's (most likely) going to be standard in javascript anyway.
Co-Authored-By: Nayeem Rahman <[email protected]>
PR Migrated from denoland/dotland#9
This reorganizes and improves some of the introduction content.
This is just a first pass, but I think it's an extremely important part of the experience for newcomers to the project.
@ry @kitsonk — This is related to some of the conversations we had at TSConf. I'd love to get your thoughts on these changes.
I've put some comments inline in the PR to help explain some of the specific changes.