Security News
Sarah Gooding
August 22, 2024
The Deno team announced that it has stabilized the Deno Standard Library, a collection of standard modules that are guaranteed to work with Deno. In the four years since Deno 1.0 was released as a new runtime for JavaScript with native TypeScript support, the community has grown to more than 250,000 users who have created more than 2 million modules.
Although Deno’s Standard Library is hosted on the new JSR package registry, it can also be used in Node and installed via npm with JSR, and is also compatible with Cloudflare Workers and browsers with bundlers. The library does not require using Deno.
The Deno Standard Library is comprised on high-quality Typescript packages that are audited by the Deno team and distributed as independently versioned ES Modules. This collection of essential tools and utilities covers a wide range of functionalities, including the following:
The goal is to help developers implement common tasks efficiently without needing to start from scratch every time. Check out the announcement thread on X for examples of all the packages in action.
The majority of the packages are compatible with Node.js, but there are few that are specific to Deno. Compatibility is denoted in the icons on the package list.
There are 44 distinct packages published under the @std scope. These packages have been stabilized based on a strict criteria that enables developers to use them without worrying about unresolved issues or compatibility concerns:
Historically, the abundant diversity of the JavaScript ecosystem has allowed many popular libraries for various utilities to flourish for both frontend and backend development. The community never really coalesced around a single standard library.
Deno’s approach here is a refreshing change for those who just want to use a well-maintained, standardized set of tools without having to vet an overwhelming number of small single-purpose packages.
So far the stabilization of the library has received a positive reception from the community. With the proliferation of trivial packages and the increasing complexity of dependency management, it’s easy to see the appeal of a curated and supported library of utilities from the Deno team.
Now that the packages are stabilized, they will be hosted on JSR with independent versions, so developers can update them as needed. This makes dependencies more manageable, as developers are only required to update the packages they are using, not the entire std module.
If you want a quick way to test it, you can check out the standard library in LiveCodes by using the jsr: prefix in imports. They published a quick demo for @std/async : https://livecodes.io/?x=id/xgc4bkhksar.
The Deno team is currently working on Deno 2, which will come with some minor breaking changes. The next release is expected to be easier to use, more performant, and more compatible with popular frameworks and packages. You can test it today using the Deno future flag:
$ DENO_FUTURE=1
Check out the video from the Deno team for a quick summary of why they created the Standard Library.
Subscribe to our newsletter
Get notified when we publish new security blog posts!
Try it now
Security News
Snyk's use of malicious npm packages for research raises ethical concerns, highlighting risks in public deployment, data exfiltration, and unauthorized testing.
Research
Security News
Socket researchers found several malicious npm packages typosquatting Chalk and Chokidar, targeting Node.js developers with kill switches and data theft.
Security News
pnpm 10 blocks lifecycle scripts by default to improve security, addressing supply chain attack risks but sparking debate over compatibility and workflow changes.
