Our great sponsors
-
SurveyJS
Open-Source JSON Form Builder to Create Dynamic Forms Right in Your App. With SurveyJS form UI libraries, you can build and style forms in a fully-integrated drag & drop form builder, render them in your JS app, and store form submission data in any backend, inc. PHP, ASP.NET Core, and Node.js.
It's an incredible achievement, though I worry about the use of an unproven language (Zig) that lacks memory safety by design. JavaScript runtimes, especially those with JITs, have been plagued by vulnerabilities from memory safety, type confusion, and data races.
Node.js, by virtue of being based on V8, has the benefit of one of the world's largest companies and its security team fuzzing it and mitigating vulnerabilities, yet the binding layer it provides is still susceptible independently of V8 and introduces its own vulnerabilities.
Bun/Oven are new, and untested in these regards. Here are the hard questions I'd ask if I were a security officer and asked to review adopting Bun:
1. Will Oven adopt a security policy for Bun? (https://github.com/oven-sh/bun/security)
2. What measures is Oven taking to proactively detect and mitigate vulnerabilities? (e.g.: fuzzing, audits, bug bounties)
3. Will Oven support Zig development to avoid an existential risk in upstream vulnerabilities?
My moneys on Just-JS.
It’s consistently in the top 5 fastest web framework (beating out Rust, etc).
Just-JS is already faster than Bun.
https://github.com/just-js/just
My moneys on Just-JS.
It’s consistently in the top 5 fastest web framework (beating out Rust, etc).
Just-JS is already faster than Bun.
https://github.com/just-js/just
It might, if the code can be optimized. There are all sorts of reasons why it might not. For example, at one point in time, a switch statement with more than 128 cases could not be optimized.
https://github.com/petkaantonov/bluebird/wiki/Optimization-k...