Security News
Research
Data Theft Repackaged: A Case Study in Malicious Wrapper Packages on npm
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Security News
Sarah Gooding
June 21, 2024
Results from the 2023 State of Javascript Survey have been published, featuring upcoming trends, features, and technologies across the web development ecosystem. The survey, which is funded by Google and other partners, ran from November 22 to December 12, 2023, but results were delayed due to its creators rewriting their data visualization codebase and collecting more freeform data.
Rapid innovation across the ecosystem and a constant stream of new tools can cause “JavaScript fatigue.” The survey’s creators hinted at this, advising developers to consider hanging back on more stable, mature technologies for a couple years to avoid getting overwhelmed. Many people choose this route, which is one reason the survey captures sentiment about respondents’ interest in trying technologies they haven’t used.
This year’s results include 23,540 responses. Data ranges from the most widely used frameworks and build tools to the most popular JavaScript video creators and influencers. Here are a few of the highlights.
Vite, a local development server for modern web applications, took home the most awards in 2023:
Vitest, a Vite-native testing framework, also captured the “Highest Interest” award, given to the technology developers are most interested in learning once they are aware of it.
Predictably, React still dominates the front-end framework category, used by 84% of respondents, followed by Vue.js (52%),Angular (46%), and Svelte (25%), which is steadily rising.
The updated interactive visualizations for the 2023 data are impressive. They allow viewers to apply a customizable series of filters and update the charts to view the data in new ways.
Some of the pain points respondents reported include React issues, choice overload, excessive complexity, performance, state management, and version changes.
Next.js, which provides React-based web applications with server-side rendering and static website generation, is the clear winner among meta frameworks - those focused on rendering and serving applications. Shiny new newcomers like Remix, Astro, and SvelteKit are on the rise but still hover at just under 20% of respondents in terms of usage. Retention of Next.js is slightly down, from 89% in 2022 to 75% in 2023.
Interest in all frameworks across the board is on the decline, which might indicate that developers are taking a conservative wait-and-see approach as they evaluate the long-term viability of these newer frameworks.
The monorepo tools are a diverse set of solutions that all seem to be neck-and-neck in terms of usage, with no tool used by over 40% of respondents. Interest in the various tools is declining across the board, as well as retention, with the exception of pnpm, where retention has been stable. pnpm also had the biggest jump in positive sentiment.
Respondents also reported several significant shared pain points regarding monorepo tools, including package management issues, difficulty with set-up and configuration, excessive complexity, too many dependencies, and version changes.
For those using JavaScript on the backend, Express is by far the most popular choice, used by 73% of respondents, reflecting its long-standing popularity and robust ecosystem. Nest sits at 29%. Its appeal likely stems from its modular architecture and full support for TypeScript. Fastify, known for its performance and low overhead, is gaining traction at 17%.
Unsurprisingly, Node.js tops the JavaScript runtimes, and is used by 94% of respondents. Bun sits at 22% and won the most write-ins, with 353 mentions. The survey’s creators found Bun was the most mentioned technology overall in freeform questions. Newcomer Deno, which requires zero configuration for TypeScript, is steadily rising at 15%.
Python is by far the respondents’ most favored non-JavaScript language, with 44% using it. Its popularity is likely due to its versatility, ease of learning, and extensive libraries, particularly in data science, machine learning, and web development. Evergreen PHP and Java, used by 31% and 27% of respondents respectively, continue to hold strong positions due to their widespread use in web development, enterprise environments, and mobile application development.
When asked, “How do you divide your time between writing JavaScript and TypeScript code?” respondents revealed a clear trend towards TypeScript adoption.
The data indicates that a significant portion of developers are using TypeScript either exclusively or predominantly in their projects. This shift can be attributed to TypeScript's benefits, such as improved code quality, better developer experience, and the ability to catch errors early through static typing. Despite this, a notable number of developers continue to use JavaScript extensively, likely due to existing codebases or specific project needs.
Check out the full survey results for more details on the new JavaScript features that already show high adoption, common pain points for popular tools, favored AI tools, hosting platforms, and a breakdown of the most popular JavaScript education and community resources.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Research
The Socket Research Team breaks down a malicious wrapper package that uses obfuscation to harvest credentials and exfiltrate sensitive data.
Research
Security News
Attackers used a malicious npm package typosquatting a popular ESLint plugin to steal sensitive data, execute commands, and exploit developer systems.
Security News
The Ultralytics' PyPI Package was compromised four times in one weekend through GitHub Actions cache poisoning and failure to rotate previously compromised API tokens.