Introducing Hyperlight: Virtual machine-based security for functions at scale
The Microsoft Azure Core Upstream team is excited to announce the Hyperlight…
JavaScript has emerged as one of the most popular programming languages in the world, reigning at #1 on GitHub in terms of pull requests in 2017. The language plays a major role on the web and because of its ease of use and speed, more developers are starting to use JavaScript on the backend via the Node.js framework.
At Microsoft, we are investing heavily in Node.js and JavaScript, which are first-class citizens on Azure and across many other products. I’m at JSConf EU this weekend and caught up with John Papa, one of Microsoft’s JavaScript experts and a major open source contributor to the language. He gave us the scoop on JavaScript’s popularity, why npm is essential to the Node.js ecosystem, and what led him to fall in love with JavaScript (all over again) in 2011.
There’s a couple things that come to mind. First, I believe that JavaScript made development a lot more accessible to a lot of people. There are a lot of development stacks out there – .NET, Java, Go, so on and so for. They are all great – I’ve done a lot of .NET myself – but what I like about the JavaScript ecosystem, including Node.js, is how easy it is to get started and how the community is very engaged. People in the JavaScript community are really willing to reach out, share new ideas – it’s a very welcoming community, probably the most welcoming community I’ve been involved in.
The JavaScript community was one of the first ones to engage in the open, embracing the internet for all the social conversations via Twitter, Gitter, on GitHub, Slack channels, and all these wide-open places to communicate. I think as the internet evolved, JavaScript devs seemed to be willing to step out of their comfort zones and go start programming across the internet.
The second piece, which is what specifically makes Node.js so awesome, is that with Node.js you basically add on what you want. When you create, for example an Express web server using Node.js, you just add on what you want to do. As opposed to the traditional techniques of the last 20 years, which have been “let me give you a web server that does everything for you.” With Node.js, you just add on what you want using middleware with Express. And this makes it super attractive to all the popular JavaScript frameworks like React, Ember, Angular, Aurelia, and other ones that are out there these days.
npm is a huge influence over why Node.js has been so successful. There are tons of packages in npm for just about anything you need or want to do. I believe recent reports have shown that npm is also the most used package manager for all platforms, too.
In the recent years, they’ve made some really great changes. For example, the left-pad.io incident that happened a couple years ago that broke a lot of packages. They’ve changed their structure, so they don’t allow that kind of thing to happen. Now, when you contribute to the community, it’s there. I recommend that everyone investigates getting their own private npm server for their companies. It can cache packages, pin versions, and host your own private packages, too.
Another nice thing about the npm community is they are moving forward with a lot of helpful features – like, lately they’ve been adding a lot of security features. They are also adding in features to check what outdated packages might be in your applications. npm@6 introduced “npm audit,” which checks for any versions of packages with known security gaps, referencing the Node Security Platform database.
They are also looking at what the community is looking for in package managers – so, the speed of installing your Node.js modules and the way that they get packaged. Since they are really the only game in town for the modules in Node.js, they could have sat back and done nothing, but they aren’t stopping instead. They’re moving forward, constantly iterating. You really can’t have Node.js without npm. To me, those two things are synonymous, and I think it’s great to see that they are both moving forward.
I was into JavaScript development back in the late 90s and early 00s, when JavaScript was a complete wild west. The browsers were different, the object models were different, and it was a real pain to get things done. They were the days before jQuery. I switched over to different types of programming – things like Silverlight and ASP.NET for a while.
But then, when the web started to converge, around 2011, and HTML5 started to get a lot of play and the browsers got much more in sync, we were suddenly seeing more frequent updates to JavaScript. I always loved JavaScript, so this kind of brought me back into it to say you know, now that we’re iterating faster, I love the fact that you can pretty much do whatever you want with the language. Some people might disagree with my opinion, but I absolutely love that aspect of JavaScript – that you can do whatever you want with it.
And I did quite a bit of it – I left Microsoft in 2011 because I needed to move back East to be near family in Florida and I was lucky enough to get a job with Disney, and I did quite a bit of JavaScript there and other technologies. Then, this amazing opportunity came up to help share JavaScript and Node.js with the whole world, which is what I love to do – I’m a teacher, a speaker, and a mentor at my core. Basically, Jeff Sandquist called me up and said you can stay in Florida and we’d like you to help us build this awesome team that lets you teach, and mentor, and help people use JavaScript on Azure, in the cloud.
So, for the last year we’ve been doing that – we went from 0 to 50+ cloud developer advocates. And one of the greatest parts is that I’ve been able to hire people who came from all these JavaScript communities – they were and are Node.js, Vue, and React, and Angular experts. And they all came into this team with really no experience with Microsoft technology at all and they’ve been able to figure out how we can bring information from our communities back into Microsoft to help our products serve those communities better.
There was a cognitive dissonance, in my opinion, before that. Microsoft has historically targeted the .NET audience and now there is a real focus on ensuring that our platform is the best for all technologies and developers. Instead of asking developers to change for Azure, we’re asking questions and listening to developers, so we can change Azure to suite them. I love that.
The biggest thing about the value, which I hear frequently, is that you don’t need to have context switching. I can do JavaScript in the frontend; JavaScript in the backend; or I can use TypeScript on either or both. And the context switching isn’t there, so you’re constantly working in the same technology.
For a lot of these frontend frameworks, you’re building it with npm packages, the same way you are Node.js. So, it keeps you in the same mindset. And, anybody who’s ever started working on something involved or complex, you know how important it is to not get pulled away from it and then back in. Keeping your context consistent is a huge reason why full-stack JavaScript has been successful.
One of the big values of these three frameworks – Vue, Angular, React – is that all three have adopted a CLI [Command Line Interface]. They’ve created their own CLIs that run on Node.js and help you build, generate and test. Basically, the CLI gives you everything you need to create robust Angular, React, or Vue applications. It’s all built on Node.js and it’s super helpful for developers.
If you would have asked me this question a year and a half ago, I would have told you, not enough! Which was one of the reasons I was so shocked when I got here and learned that we were building so many great things. Very quickly, I was very happy to learn that we were working on and we’ve since released, Azure App Service on Linux, which really was a game changer.
It’s a big switch in approach for Microsoft. Instead of forcing developers to change the way they do stuff, we’re focused on making it easy to use what they already love. We say, Node, Python, Go, Java developers – what are you using? Let’s make that work great on Azure. For example, in the Node.js community, a lot of us, including myself, work with a Mac. And some do Windows, but we deploy to Linux mostly, and when we deploy Node.js, we just want Node.js to work without other things to learn and figure out. We want the Azure platform to just take our Node.js code and run it. And now with App Service for Linux, it just does that. That was one of the biggest changing of the guards here at Azure.
We already did this with Visual Studio Code [VS Code], right from the beginning. VS Code specifically is a game changer, not only because it’s the most phenomenal editor – that’s my personal opinion and its rise in popularity is ridiculously great – but also, the extensions for Azure make everyone’s jobs so much easier.
Instead of having to go to the portal and the Continuous Integration server website for Visual Studio Team Services, or Circle CI, or Jenkins, and then switch to VS Code, and then go to CLI, then go to eight different places to work with the cloud… now I can just be inside VS Code, and everything is integrated in one place. The Azure Extensions Pack for Node Developers makes this possible. I’ve found the Docker one to be incredibly useful. And I never have to go anywhere except for my browser to look at the thing running. And it’s made deployment super easy.
Cognitive Services and AI are just so amazing to me. To be honest, I think for a lot of people, when we show it – and I used to feel this way – it’s this scary thing. We recently did a hackathon on AI and Cognitive Services and what was amazing was that everyone had an air about them…like, is this going to be too hard?
And after the five-minute demo, they all started hacking away and within two hours they had all built something. Somehow, we’ve made these APIs for AI really easy to talk to. And you can do it right from Angular, React, Vue, or Node.js. To me, we’re bring AI and advanced features to the masses of developers, which is only going to make everybody’s lives more fun and easy.
Serverless functions, like what Azure Functions provides, are also really interesting and emerging around Node.js. The idea is that you can replace a Node.js API with serverless functions, in some places. A lot of front-end developers, in Vue, JavaScript, Angular, React, don’t actually use Node. They hope somebody else will build the server. For those people, serverless functions are amazing because they’re don’t have to learn the backend – they think: give me a function and I’m good.