Benefits of JavaScript on the Server

Choosing backend technology is an important decision that CTO or founders have to make at the beginning of the project. It has a significant impact on time to market, speed of the development, total project costs, scalability limits, and future maintenance overhead.

JavaScript started its journey from the browser in 1996. Today it can be found in all modern browsers, smartphone apps, TV interfaces, cars, and even space rockets. JavaScript is the most popular client-side programming language used for frontend development. It’s getting quick adoption in other areas thanks to PhoneGap, React Native, MongooseOs, and other frameworks.

Running JavaScript on the server made possible thanks to the Node.js runtime environment, which is written in C and based on the V8 engine by Google. Many big companies, including Walmart, Netflix, Uber, eBay, Medium, and LinkedIn adopted this technology and achieved astonishing results with it. Wondering why big names chose Node.js for their backend? We will walk you through the essential benefits of that environment and some drawbacks you should consider before you make a choice.

Remember, making the wrong decision may cost you money, so take your time, choose wisely, and do it carefully.

Fullstack JavaScript Productivity

JavaScript was the predominant programming language for a long time, mainly because it was the only language supported by browsers for frontend development. For experienced frontend developers, Node.js is rather easy to learn compared to learning an unfamiliar programming language, it’s best practices, and the ecosystem from scratch.

Fullstack JavaScript developers use one programming environment all the time, our favorite is Visual Studio Code. Mastering its hotkeys, refactoring abilities, and additional extensions make people a lot more productive. VS Code is open-source and built on JavaScript itself using the cross-platform Electron framework that runs equally great on macOS, Linux, and Windows. There’s also a ton of free tools available to boost productivity even more.

Running JavaScript on the server allows your developers to work on both frontend and backend. They will know the entire project much better and altogether avoid the communication overhead between separate teams. They can implement every feature from start to finish by a single developer. As a result, the project achieves a much better consistency of the business logic between the client and server APIs. Codesharing is also possible, although not recommended in most cases, as it may accidentally expose sensitive information, introduce security holes, and bloat the frontend bundles with unnecessary code and dependencies. You should consider all the pros of following the Don’t Repeat Yourself principles against maintenance difficulty and complexity in the long run.

Your team will code on the same language. Hiring and switching developers become much more comfortable, and technical knowledge sharing between team members becomes a breeze. In this environment, even junior developers will grow in skills quickly.

Node.js Performance

You may hear that JavaScript is an interpreted scripting language, like Bash or Ruby, so how can it be remotely fast? It turns out that this statement is not accurate anymore. Thanks to browser wars in the older days, JavaScript runtimes became incredibly fast. Node.js relies on the winner, Google’s V8, the heart of the Chrome browser. V8 is not even an interpreter in general, as they call it a JavaScript engine. To push performance to the limits, it uses advanced just-in-time compilation and optimization techniques that are so complex that even a quick overview deserves a full article.

You can see the raw performance compared to other programming languages in numbers:

JavaScript is on par with C# and Java, and it’s way faster than Python, Ruby, PHP, and other languages commonly used for backend web development. Low-level languages like C++ and Rust are even faster, but you pay with both development speed and costs when using them.

Node.js has another trick in its sleeve. Thanks to non-block asynchronous I/O in the design’s core, it can handle multiple requests at the same time on a single thread. Database calls, network operations, and other non-CPU-intensive tasks can run in the background, while the main thread serves other requests. These mechanisms are built on top of low-level asynchronous APIs of the operating system itself and are very efficient. Having only a single thread reduces thread switching overhead by the OS and total memory consumption because every new thread requires its stack memory. Data APIs use streaming, which decreases time to respond and memory usage even more, especially when dealing with sizeable chunks of data. Thanks to all of that, usually, NodeJs can handle more concurrent requests on a single thread with lower latency than equivalent blocking code in different languages using over one core. It’s unmatched for high-load and low-latency applications like game servers, chats, videoconferencing, and even trading software.

“Wait, but JavaScript is single-threaded, isn’t that an issue? “you may ask. Yes, the JavaScript execution model is, in fact, single-threaded. But that doesn’t mean Node.js itself or native modules can’t start other threads. Thanks to asynchronous I/O single thread becomes an actual issue only when running computation-heavy tasks on the CPU. It blocks the entire thread from serving other requests and handling callbacks from completed asynchronous operations. The old way of dealing with it was just to spawn multiple processes using pm2, built-in APIs, or other methods. This approach went against the core benefits and paradigms of using Node.js in the first place, that’s why everyone considered doing CPU-intensive tasks with Node.js a bad practice.

Things drastically changed when they introduced Worker Threads. Now your code can spawn autonomous tasks that run on a thread pool inside the same process. Those threads have a separate event loop, JS engine, and even Node.js instance. Shared memory is not supported as JavaScript doesn’t have all the thread synchronization primitives required to make it work, and multi-threading was not in the design in the first place. Instead, it uses message passing techniques to share the data and commands between threads. This pattern, together with immutable objects, is also great for avoiding threading nightmare in other languages altogether. Keeping in mind raw V8 performance, it covers 99% of cases when your application might need to do CPU-intensive work. When you have to squeeze everything from hardware and JavaScript’s performance is still not enough, it’s possible to write performance-critical parts in another language. Luckily, Node.js shines in integration with other platforms and has multiple ways to do it well.

JavaScript Ecosystem and Tools

Node.js has been here for a long time. It has its package manager called npm (node packet manager), which already become huge and still growing. Npm has over 10 million users who download well over 30 billion packages every month.

With over 836,000 libraries currently available, npm is the largest single collection of open-source libraries in the world, by a significant margin—although JavaScript’s tendency towards smaller libraries means this comparison isn’t entirely apples-to-apples.

from npm blog, December 2018

Nowadays, 97 percent of code in modern web applications comes from open-source npm modules. That proves its undisputable popularity among developers. You can find everything you need in the registry, from essential utilities, collections, database drivers, and API clients to machine learning, CAD, and blockchain libraries.

The developer tools are also mature. Syntax highlighting, code suggestions, refactoring, debugging, and profiling is available in various IDEs. ESLint will check the code quality for you, Babel allows us to write next-generation JavaScript code now. Swagger will help with API design&documentation. Mocha will handle unit-tests and so on. Of course, there are also many alternatives to all of them. With such a wide variety of free tools accessible in a few clicks, there is a massive potential for Node.js use.

JavaScript is the most popular programming language in the world, and also has the largest active community. There are tens of thousands of topics on StackOverflow and open-source repositories on GitHub. In case you ever get stuck with a problem, searching for a solution is very simple. You’ll always find help in no time when you need it.

Backend Architecture

Despite incredible performance offered by Node.js, many modern applications need to scale past one physical machine to handle the load. Loosely coupled microservice and serverless architectures are the way to go here. This style is best described by Martin Fowler and James Lewis as “an approach to developing a single application as a suite of small services, each running in its own process and communicating with lightweight mechanisms, often an HTTP resource API.” Lightweight runtime like Node.js is an excellent choice for microservices and a first-class citizen of AWS Lambda, Google Cloud Functions, and many more serverless solutions.

Fullstack JavaScript also enables so-called Universal applications. Those are applications that run both on the client-side as well as on the server. They have all the benefits of old-school server-side rendering and interactive web applications. Universal applications drastically reduce time to first paint for end-users by rendering HTML on the server. They don’t have to make additional API calls as everything gets fetched in one round-trip together with all the data required already baked in an HTML. Although Google web crawlers can execute client-side JavaScript and index the page, in reality, server-side rendered apps achieve much better SEO and page ranking results. Other search engines are even worse in dealing with web applications, so having everything made like in good old days is mandatory.

Node.js Security

When it comes to security, Node.js is nothing special from other backend environments. Just write good code, follow best practices, keep security in mind, don’t do stupid things, perform code reviews, and everything will be fine. There are some JavaScript and Node-specific guidelines too but don’t worry, 23+ Node.js security best practices got you covered here.

Here’s the shortlist of the most important ones for convenience:

• Forget about JavaScript eval statements
• Extract secrets from config files and avoid publishing secrets to the npm registry
• Use ORM/ODM to prevent query injections, especially with SQL databases
• Escape HTML, JS, and CSS output to avoid XSS attacks
• Run Node.js as a non-root user

JavaScript Project Maintenance

There are many tips&tricks out there, but we’ll be honest with you here. Maintaining large JavaScript projects is a nightmare. The problem doesn’t come from the lack of tools, practices, or experience but rather lies deep in the dynamic nature of the programming language itself. All the tools and humans are trying to do their jobs best, and still can’t keep up with the amount of code and interactions you have to keep in mind when dealing with JavaScript code.

Fortunately, a strongly-typed open-source language called Typescript comes to the rescue. It’s developed and maintained by Microsoft, and the slogan describes it very well “JavaScript that scales.”. TypeScript is a strict syntax superset of JavaScript that transpile to plain old JavaScript. With strong typing, it’s now easy for tools and humans to tell which functions get called, what are the argument types, which variables are used where, and so on. It has support for classes, generics, lambdas, and everything a modern language should have. Development experience is very similar to C#, Java, or any other high-level language with good IDE and tools available. Code suggestions are incredibly accurate, and code refactoring is a breeze.

Don’t worry, everything in this article also applies to Typescript, and you can also use it on the frontend. We highly recommend Typescript for all moderate and large projects. It’s possible to convert existing codebases with little effort, thanks to the fact that a valid JavaScript is also a valid Typescript.

Corporate Adoption

Large startups are using Node.js in production for a long time and achieved truly astonishing results with it.

Walmart’s switch to a microservices architecture on Node.js followed with overnight 20% conversion growth in general and 98% mobile conversion growth. They’ve had 100 percent uptime on Black Friday while handling over 500 million page views. Operational savings were also significant, as they moved off of its expensive hardware onto cheap virtual x86 servers. New deployment had 40 percent less computing power and resulted in 20 to 50% overall cost savings.

After switching to Node.js from Ruby on Rails, Groupon has reported twice faster page load times. Node.js servers handled 50,000 requests a minute with plenty of headroom to handle growth while utilizing less hardware than the legacy Ruby code.

Yahoo has been using node to handle colossal traffic of approximately 2,000,000 requests per minute. The company has around 200 node developers, 500 internal, and 800 external node modules. “Speed and ease of development” is the most significant advantage of Node.js according to their experience.

Paypal also experienced 35% faster page responses which translated to 200ms load time saved for their users after switching from Java to Node.js. Their senior director of UI engineering Bill Scott wrote in a blog post that “By enabling applications to be built in Node.js on the server-side and DustJS on the frontend, we basically made JavaScript our lingua franca for application development”.

When GoDaddy was running the SuperBowl ad campaign, its Node.js microservices were able to handle 10,000 requests per second with 100% uptime, using only 10% of the available hardware resources.

In 2015, IBM, Microsoft, PayPal, Fidelity, and SAP became the founding members of the Node.js Foundation that was created to “enable widespread adoption and help accelerate the development of Node.js.” The list of organizations using Node.js in production is continuously growing, and probably all well-known companies are already using it in some way.

Drawbacks of Using JavaScript on the Server

Most drawbacks from the early days got resolved as Node.js became a more robust framework. Yet, there are still a few things to keep in mind when considering it for a new project.

Callback hell used to be a thing in the past days. Asynchronous code worked by passing a callback that gets executed when the operation completes or fails with an error. Chaining those callbacks inline was a nightmare and led to unreadable spaghetti code. The way to avoid it was to extract some callbacks into separate functions and use them, but that had some drawbacks.

Modern JavaScript has built-in promises, and async/await, which avoids that issue altogether. Older libraries can be easily converted to a promise interface using util.promisify.

Heavy computation was a big no-no on the server before worker threads. It blocked the whole thread from serving other requests, which drastically dropped performance and reliability. It’s no longer an issue as computation can be done asynchronously on a separate thread and pass the results back to the main thread that handles everything else. Leveraging faster programming languages remains available as a more advanced option.

NPM itself can be a problem sometimes because of its insane popularity. Hundreds and even thousands of new packages get pushed there every day. There’s always a temptation to use everything out there to do the job quicker, even if it’s unpopular and poorly maintained. We try to resist that and depend only on packages with some track record, weekly downloads, commit history, unit tests, and star rating in the commercial software we create. With personal pet projects, on the other hand, everyone deserves a chance. It’s impossible to avoid all the issues entirely. For example, in situations like left-pad broke the internet.

Last but not least, JavaScript is not a silver bullet itself. Both C and C++ have better performance, can be compiled for microcontrollers, and can achieve deterministic timings required for launching rockets into space. Java is better in near-real-time stream processing of enormous amounts of data. Most video games leverage C++ or C# under the hood. Python is the king when it comes to AI and machine learning. JavaScript shines in interacting with services written in all those languages and bringing them to the web.

The Future

JavaScript is not going anywhere anytime soon. Web assembly has its use cases on the frontend, while Go, Scala, C#, and others on the backend. Still, Node.js and JavaScript would keep the leading positions for the foreseeable future. Deno, a new runtime by the original Node.js author can get some traction in the future, and it would be interesting to see how it will go. JavaScript, Typescript, and Node.js are still rapidly evolving, with new major versions coming out every few years. The developers love them.

Conclusion

JavaScript on the server is not only possible but also recommended in most cases. It’s fast, scalable, reduces development costs while increasing the speed and code quality. Every member of your team can work on all parts of the project and implement features from start to end. It’s a mature platform that has much more than developers might need to do their job well. Typescript makes it much easier to read, maintain, and refactor the code. We strongly favor it for medium to large projects.

The benefits are enormous, that’s why it’s been already adopted not only by small and nimble startups but also by large bureaucratic enterprises. Keep in mind that Node.js is not a silver bullet, and you should always pick the right tool for the job.

If you have some questions, just book a free consultation with our experts using the form below.