Deno 2 — The Next-Gen JavaScript Runtime: Secure by Default, Native TypeScript & NPM Compatible

Posted on: 4/26/2026 1:13:51 AM

Table of contents

1. Why Deno When We Already Have Node.js?
1. Deno's Design Philosophy
2. Deno Runtime Architecture
3. Permission System — Secure by Default
1. Permission Sets in Deno 2.5+
4. Native TypeScript — Zero Configuration
1. 4.1 tsgo Type Checker — Orders of Magnitude Faster
5. Module System — URL Import + NPM Compatibility
1. No More node_modules
2. 5.1 JSR — The Next-Generation JavaScript Registry
6. Built-in Toolchain — All-in-One
7. dx — npx for Deno
8. Deno Deploy — Serverless Runtime on the Edge
9. Deno 2.6 vs Node.js 22 vs Bun 1.2 Comparison
1. When to Choose Deno?
10. Deno with Hono — Building Production APIs
11. WebAssembly Source Phase Imports
12. Migrating from Node.js to Deno
13. When NOT to Use Deno
1. Limitations to Consider
14. Conclusion
1. References

2.6+Latest Stable Version

100%Built-in TypeScript

97%NPM Package Compatibility

0Required Config Files

In the JavaScript runtime landscape, Node.js has dominated for over 15 years. But since Deno 2.0 launched in late 2024 and has continuously improved to the current version 2.6, the game has completely changed. Deno isn't just "Node.js rewritten" — it's a runtime redesigned from scratch by Ryan Dahl himself (the creator of Node.js), fundamentally fixing the design mistakes he acknowledged after over a decade.

1. Why Deno When We Already Have Node.js?

Ryan Dahl presented "10 Things I Regret About Node.js" at JSConf EU 2018, listing critical design mistakes: no security , a bloated node_modules-based module system, lack of native TypeScript, and APIs not following Web Standards. Deno was born to solve all of these problems.

Deno's Design Philosophy

Secure by default — no access to the file system, network, or environment variables until the developer explicitly grants permission. This is a complete reversal from Node.js, where every script has full system access.

2. Deno Runtime Architecture

graph TB
    A[Deno CLI] --> B[V8 Engine]
    A --> C[Rust Core - Tokio]
    A --> D[TypeScript Compiler - swc]

    B --> E[JavaScript Execution]
    C --> F[Async I/O Runtime]
    D --> G[Type Checking + Transpilation]

    F --> H[File System]
    F --> I[Network]
    F --> J[Subprocess]

    K[Permission System] --> H
    K --> I
    K --> J

    L[Web Standard APIs] --> M[fetch, Request, Response]
    L --> N[WebSocket, Streams]
    L --> O[URL, TextEncoder/Decoder]

    style A fill:#e94560,stroke:#fff,color:#fff
    style K fill:#4CAF50,stroke:#fff,color:#fff
    style L fill:#2c3e50,stroke:#fff,color:#fff
    style B fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style C fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style D fill:#f8f9fa,stroke:#e94560,color:#2c3e50

Deno Runtime Architecture Overview — V8 + Rust + Permission System

Deno is built with Rust instead of C++ (like Node.js), using Tokio as its async runtime. This provides memory safety and superior performance. TypeScript is transpiled using swc (written in Rust), which is 20-70x faster than the official TypeScript compiler.

3. Permission System — Secure by Default

This is Deno's most significant differentiator. Every program runs in a with zero permissions by default:

# No permissions granted — script can only do pure computation
deno run compute.ts

# Allow file reads in data/ and network access to api.example.com
deno run --allow-read=./data --allow-net=api.example.com app.ts

# Allow everything (not recommended for production)
deno run -A app.ts

Permission Flag	Description	Example
`--allow-read`	File system read	`--allow-read=./config,./data`
`--allow-write`	File system write	`--allow-write=./output`
`--allow-net`	Network access	`--allow-net=api.github.com`
`--allow-env`	Environment variables	`--allow-env=API_KEY,NODE_ENV`
`--allow-run`	Subprocess execution	`--allow-run=git,npm`
`--allow-ffi`	Foreign Function Interface	`--allow-ffi=./libcrypto.so`
`--allow-sys`	System information	`--allow-sys=hostname,osRelease`

Permission Sets in Deno 2.5+

Since Deno 2.5, you can define Permission Sets in deno.json — grouping permissions into named profiles, reusable across multiple scripts. Similar to Security Policies in .NET.

4. Native TypeScript — Zero Configuration

Deno understands TypeScript directly, no tsconfig.json, no ts-node, no build step required:

// server.ts — run directly: deno run --allow-net server.ts
const handler = (request: Request): Response => {
  const url = new URL(request.url);

  if (url.pathname === "/api/health") {
    return Response.json({
      status: "ok",
      runtime: "deno",
      version: Deno.version.deno
    });
  }

  if (url.pathname === "/api/users" && request.method === "GET") {
    const users: Array<{ id: number; name: string }> = [
      { id: 1, name: "Anh Tu" },
      { id: 2, name: "Minh Khoa" },
    ];
    return Response.json(users);
  }

  return new Response("Not Found", { status: 404 });
};

Deno.serve({ port: 8000 }, handler);
console.log("Server running on http://localhost:8000");

Note: The Deno.serve() API uses Web Standard Request/Response — identical to Cloudflare Workers, Bun, and other edge runtimes. Code written for Deno can run on these platforms with minimal changes.

4.1 tsgo Type Checker — Orders of Magnitude Faster

Deno 2.6 integrates tsgo — an experimental type checker written in Go, significantly faster than the standard TypeScript checker. This is especially useful for large projects where type checking takes minutes:

# Use tsgo for faster type checking
deno check --unstable-tsgo main.ts

# Speed comparison
time deno check main.ts          # ~8.2s (standard TypeScript)
time deno check --unstable-tsgo main.ts  # ~0.9s (tsgo)

5. Module System — URL Import + NPM Compatibility

Deno supports 3 ways to import modules:

// 1. Import from URL (Deno-native, using JSR registry)
import { Application } from "jsr:@oak/oak@17";

// 2. Import from NPM (fully compatible since Deno 2.0)
import express from "npm:express@5";
import { PrismaClient } from "npm:@prisma/client";

// 3. Import from node: protocol (Node.js built-in modules)
import { readFile } from "node:fs/promises";
import { createServer } from "node:http";

graph LR
    A[Source Code] --> B{Import Type?}
    B -->|jsr:| C[JSR Registry]
    B -->|npm:| D[NPM Registry]
    B -->|node:| E[Node.js Compat Layer]
    B -->|https://| F[URL Import]

    C --> G[Deno Cache
~/.cache/deno]
    D --> G
    E --> H[Built-in Polyfills]
    F --> G

    G --> I[V8 Execution]
    H --> I

    style A fill:#e94560,stroke:#fff,color:#fff
    style G fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style I fill:#2c3e50,stroke:#fff,color:#fff

Deno Module Resolution Flow — supporting JSR, NPM, Node.js built-in, and URL imports

No More node_modules

Deno caches modules in a global directory (~/.cache/deno), without creating node_modules in your project. This saves significant disk space — an average project drops from 200-500MB down to nearly 0MB in the project directory. However, you can still enable "nodeModulesDir": "auto" in deno.json if you need compatibility with legacy tooling.

5.1 JSR — The Next-Generation JavaScript Registry

JSR (jsr.io) is a new registry built by the Deno team, designed TypeScript-first. Unlike NPM, JSR requires packages to publish original TypeScript source and automatically generates type declarations, documentation, and compatibility layers:

// deno.json — simple config, no package.json needed
{
  "tasks": {
    "dev": "deno run --watch --allow-net --allow-read server.ts",
    "test": "deno test --allow-read",
    "lint": "deno lint",
    "fmt": "deno fmt"
  },
  "imports": {
    "@std/http": "jsr:@std/http@1",
    "@std/assert": "jsr:@std/assert@1",
    "hono": "jsr:@hono/hono@4"
  }
}

6. Built-in Toolchain — All-in-One

Deno ships with every development tool you need, no additional packages required:

Tool	Deno Command	Node.js Equivalent
Test runner	`deno test`	Jest / Vitest / Mocha
Formatter	`deno fmt`	Prettier
Linter	`deno lint`	ESLint
Type checker	`deno check`	tsc
Bundler	`deno compile`	esbuild / webpack
Task runner	`deno task`	npm scripts
Package runner	`dx`	npx
Security audit	`deno audit`	npm audit
Documentation	`deno doc`	TypeDoc
Benchmarking	`deno bench`	benchmarkjs
REPL	`deno repl`	node (REPL)

// user_service_test.ts — Deno test with BDD style
import { assertEquals, assertRejects } from "jsr:@std/assert";

interface User {
  id: number;
  name: string;
  email: string;
}

function validateEmail(email: string): boolean {
  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
}

Deno.test("validateEmail - valid email", () => {
  assertEquals(validateEmail("tu@anhtu.dev"), true);
  assertEquals(validateEmail("admin@example.com"), true);
});

Deno.test("validateEmail - invalid email", () => {
  assertEquals(validateEmail("invalid"), false);
  assertEquals(validateEmail("@example.com"), false);
  assertEquals(validateEmail("user@"), false);
});

Deno.test({
  name: "fetch API - returns correct format",
  permissions: { net: ["jsonplaceholder.typicode.com"] },
  async fn() {
    const res = await fetch("https://jsonplaceholder.typicode.com/users/1");
    const user: User = await res.json();
    assertEquals(typeof user.id, "number");
    assertEquals(typeof user.name, "string");
  },
});

7. dx — npx for Deno

Deno 2.6 introduces dx — a tool to run binaries from NPM and JSR packages without global installation:

# Run Vite directly
dx vite create my-vue-app

# Run a package from JSR
dx jsr:@anthropic/claude-code

# Run Prisma CLI
dx prisma migrate dev

# Create a Hono project
dx create-hono my-api

8. Deno Deploy — Serverless Runtime on the Edge

Deno isn't just a local runtime — Deno Deploy is a serverless platform running code across 35+ global edge locations with cold starts under 10ms:

graph TB
    A[Developer] -->|git push| B[GitHub Repository]
    B -->|Auto Deploy| C[Deno Deploy Platform]

    C --> D[Edge Location
Singapore]
    C --> E[Edge Location
Tokyo]
    C --> F[Edge Location
Frankfurt]
    C --> G[Edge Location
US East]

    D --> H[Users APAC]
    E --> I[Users Japan]
    F --> J[Users Europe]
    G --> K[Users Americas]

    C --> L[Deno KV
Global Database]
    C --> M[Deno Cron
Scheduled Tasks]
    C --> N[Deno Queues
Message Queue]

    style A fill:#e94560,stroke:#fff,color:#fff
    style C fill:#2c3e50,stroke:#fff,color:#fff
    style L fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style M fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style N fill:#f8f9fa,stroke:#e94560,color:#2c3e50

Deno Deploy — Serverless edge deployment with built-in KV, Cron, and Queues

// Simple API on Deno Deploy with KV storage
const kv = await Deno.openKv();

Deno.serve(async (request: Request) => {
  const url = new URL(request.url);

  if (url.pathname === "/api/visit") {
    // Atomic increment view counter
    const key = ["visits", new Date().toISOString().slice(0, 10)];
    await kv.atomic()
      .sum(key, 1n)
      .commit();

    const result = await kv.get<bigint>(key);
    return Response.json({
      date: key[1],
      visits: Number(result.value ?? 0n)
    });
  }

  if (url.pathname === "/api/cache" && request.method === "POST") {
    const { key, value, ttl } = await request.json();
    await kv.set(["cache", key], value, {
      expireIn: ttl * 1000
    });
    return Response.json({ cached: true });
  }

  return new Response("Deno Deploy API", { status: 200 });
});

9. Deno 2.6 vs Node.js 22 vs Bun 1.2 Comparison

Criteria	Deno 2.6	Node.js 22	Bun 1.2
Core Language	Rust + V8	C++ + V8	Zig + JavaScriptCore
TypeScript	Native, zero config	Requires ts-node/tsx	Native
Security	Default , granular permissions	Experimental permission model	No
NPM Support	97%+ compatible	100% (native)	~95% compatible
Built-in Tools	Test, Lint, Fmt, Bench, Doc, Audit	Test runner (basic)	Test, Bundler
HTTP Server	~120K req/s	~80K req/s	~160K req/s
Cold Start	~25ms	~40ms	~10ms
Web Standards	fetch, Request, Response, Streams, WebSocket native	fetch (since v18), partial	fetch, partial
Package Registry	JSR + NPM	NPM	NPM
Edge Deploy	Deno Deploy (integrated)	Requires third-party	None
Single Executable	`deno compile`	SEA (experimental)	`bun build --compile`

When to Choose Deno?

Choose Deno when security is a priority (running third-party code), you want native TypeScript without config, need an all-in-one toolchain, or plan to deploy to the edge. Choose Node.js when you need 100% NPM ecosystem support and have significant legacy code. Choose Bun when raw benchmark speed is the top priority.

10. Deno with Hono — Building Production APIs

Combining Deno with the Hono framework creates a high-performance, type-safe, and portable API stack:

import { Hono } from "jsr:@hono/hono@4";
import { cors } from "jsr:@hono/hono@4/cors";
import { logger } from "jsr:@hono/hono@4/logger";
import { validator } from "jsr:@hono/hono@4/validator";

type Bindings = {
  DB: Deno.Kv;
};

const app = new Hono<{ Bindings: Bindings }>();

app.use("*", logger());
app.use("/api/*", cors({ origin: "https://anhtu.dev" }));

app.get("/api/posts", async (c) => {
  const kv = await Deno.openKv();
  const entries = kv.list<{ title: string; slug: string }>({
    prefix: ["posts"]
  });

  const posts = [];
  for await (const entry of entries) {
    posts.push(entry.value);
  }

  return c.json({ data: posts, total: posts.length });
});

app.post("/api/posts",
  validator("json", (value, c) => {
    if (!value.title || typeof value.title !== "string") {
      return c.json({ error: "Title is required" }, 400);
    }
    return value as { title: string; body: string };
  }),
  async (c) => {
    const { title, body } = c.req.valid("json");
    const kv = await Deno.openKv();
    const id = crypto.randomUUID();

    await kv.set(["posts", id], {
      id, title, body,
      createdAt: new Date().toISOString()
    });

    return c.json({ id, title }, 201);
  }
);

Deno.serve({ port: 3000 }, app.fetch);

11. WebAssembly Source Phase Imports

Deno 2.6 supports Source Phase Imports for WebAssembly — import Wasm modules directly in TypeScript code without runtime fetching:

// Import Wasm module as source
import source wasmModule from "./optimized_algo.wasm";

// Instantiate with imports
const instance = await WebAssembly.instantiate(wasmModule, {
  env: {
    log: (ptr: number, len: number) => {
      // Handle logging from Wasm
    }
  }
});

// Call exported function
const result = instance.exports.fibonacci(42);
console.log(`Fibonacci(42) = ${result}`);

12. Migrating from Node.js to Deno

Step 1 — Add deno.json

Create deno.json with "nodeModulesDir": "auto" so Deno auto-creates node_modules for NPM packages. Convert scripts to "tasks".

Step 2 — Convert Imports

Replace require() with ESM import. Deno supports CJS via npm: specifier but recommends ESM. Node.js built-ins use the node: prefix (e.g., import fs from "node:fs").

Step 3 — Update Tests

Migrate Jest/Mocha to Deno.test() or keep Vitest (Deno-compatible). Add permission flags for tests needing network/file access.

Step 4 — CI/CD

Replace npm ci && npm test with deno test --allow-read --allow-net. Deno installs in one line: curl -fsSL https://deno.land/install.sh | sh.

Step 5 — Deploy

Deploy to Deno Deploy (zero-config), Docker container, or compile to a single executable with deno compile for self-hosting.

13. When NOT to Use Deno

Limitations to Consider

Native addons — Packages using C++ native addons (node-gyp) may not be compatible. Examples: bcrypt (use bcryptjs instead), sharp (use Wasm build).
Ecosystem maturity — Some major frameworks (NestJS, AdonisJS) don't officially support Deno yet, though they may work through the compatibility layer.
Enterprise tooling — If your team heavily uses npm workspaces, Lerna, or Nx for monorepo management, migration will be more complex.
Serverless platforms — AWS Lambda, Azure Functions don't support Deno runtime natively (requires custom runtime or compiling to binary).

14. Conclusion

Deno 2 is no longer an experiment — it's a production-ready runtime with modern design philosophy: secure by default, native TypeScript, Web Standards first, and all-in-one toolchain. With 97%+ NPM compatibility, the new JSR registry, and Deno Deploy for edge deployment, Deno is becoming a serious choice for new JavaScript/TypeScript projects.

If you're starting a new project without being bound to the Node.js legacy ecosystem, Deno deserves to be the first runtime you consider — especially when security and developer experience are top priorities.

References

#Deno #javascript #TypeScript #Deno Deploy #JSR #Web Standards #Edge Computing #Serverless

# Deno 2 — The Next-Gen JavaScript Runtime: Secure by Default, Native TypeScript & NPM Compatible

2.6+Latest Stable Version

100%Built-in TypeScript

97%NPM Package Compatibility

0Required Config Files

## 1. Why Deno When We Already Have Node.js?

Ryan Dahl presented "10 Things I Regret About Node.js" at JSConf EU 2018, listing critical design mistakes: no security sandbox, a bloated `node_modules`-based module system, lack of native TypeScript, and APIs not following Web Standards. Deno was born to solve all of these problems.

#### Deno's Design Philosophy

**Secure by default** — no access to the file system, network, or environment variables until the developer explicitly grants permission. This is a complete reversal from Node.js, where every script has full system access.

## 2. Deno Runtime Architecture

```
graph TB
    A[Deno CLI] --> B[V8 Engine]
    A --> C[Rust Core - Tokio]
    A --> D[TypeScript Compiler - swc]

B --> E[JavaScript Execution]
    C --> F[Async I/O Runtime]
    D --> G[Type Checking + Transpilation]

F --> H[File System]
    F --> I[Network]
    F --> J[Subprocess]

K[Permission System] --> H
    K --> I
    K --> J

L[Web Standard APIs] --> M[fetch, Request, Response]
    L --> N[WebSocket, Streams]
    L --> O[URL, TextEncoder/Decoder]

style A fill:#e94560,stroke:#fff,color:#fff
    style K fill:#4CAF50,stroke:#fff,color:#fff
    style L fill:#2c3e50,stroke:#fff,color:#fff
    style B fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style C fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style D fill:#f8f9fa,stroke:#e94560,color:#2c3e50

```
Deno Runtime Architecture Overview — V8 + Rust + Permission System

Deno is built with **Rust** instead of C++ (like Node.js), using **Tokio** as its async runtime. This provides memory safety and superior performance. TypeScript is transpiled using **swc** (written in Rust), which is 20-70x faster than the official TypeScript compiler.

## 3. Permission System — Secure by Default

This is Deno's most significant differentiator. Every program runs in a sandbox with zero permissions by default:

```bash
# No permissions granted — script can only do pure computation
deno run compute.ts

# Allow file reads in data/ and network access to api.example.com
deno run --allow-read=./data --allow-net=api.example.com app.ts

# Allow everything (not recommended for production)
deno run -A app.ts

```

| Permission Flag | Description | Example |
| --- | --- | --- |
| `--allow-read` | File system read | `--allow-read=./config,./data` |
| `--allow-write` | File system write | `--allow-write=./output` |
| `--allow-net` | Network access | `--allow-net=api.github.com` |
| `--allow-env` | Environment variables | `--allow-env=API_KEY,NODE_ENV` |
| `--allow-run` | Subprocess execution | `--allow-run=git,npm` |
| `--allow-ffi` | Foreign Function Interface | `--allow-ffi=./libcrypto.so` |
| `--allow-sys` | System information | `--allow-sys=hostname,osRelease` |

#### Permission Sets in Deno 2.5+

Since Deno 2.5, you can define **Permission Sets** in `deno.json` — grouping permissions into named profiles, reusable across multiple scripts. Similar to Security Policies in .NET.

## 4. Native TypeScript — Zero Configuration

Deno understands TypeScript directly, no `tsconfig.json`, no `ts-node`, no build step required:

```typescript
// server.ts — run directly: deno run --allow-net server.ts
const handler = (request: Request): Response => {
  const url = new URL(request.url);

if (url.pathname === "/api/health") {
    return Response.json({
      status: "ok",
      runtime: "deno",
      version: Deno.version.deno
    });
  }

if (url.pathname === "/api/users" && request.method === "GET") {
    const users: Array&lt;{ id: number; name: string }> = [
      { id: 1, name: "Anh Tu" },
      { id: 2, name: "Minh Khoa" },
    ];
    return Response.json(users);
  }

return new Response("Not Found", { status: 404 });
};

Deno.serve({ port: 8000 }, handler);
console.log("Server running on http://localhost:8000");

```
Note: The `Deno.serve()` API uses Web Standard `Request`/`Response` — identical to Cloudflare Workers, Bun, and other edge runtimes. Code written for Deno can run on these platforms with minimal changes.

### 4.1 tsgo Type Checker — Orders of Magnitude Faster

Deno 2.6 integrates **tsgo** — an experimental type checker written in Go, significantly faster than the standard TypeScript checker. This is especially useful for large projects where type checking takes minutes:

```bash
# Use tsgo for faster type checking
deno check --unstable-tsgo main.ts

# Speed comparison
time deno check main.ts          # ~8.2s (standard TypeScript)
time deno check --unstable-tsgo main.ts  # ~0.9s (tsgo)

```

## 5. Module System — URL Import + NPM Compatibility

Deno supports 3 ways to import modules:

```typescript
// 1. Import from URL (Deno-native, using JSR registry)
import { Application } from "jsr:@oak/oak@17";

// 2. Import from NPM (fully compatible since Deno 2.0)
import express from "npm:express@5";
import { PrismaClient } from "npm:@prisma/client";

// 3. Import from node: protocol (Node.js built-in modules)
import { readFile } from "node:fs/promises";
import { createServer } from "node:http";

```

```
graph LR
    A[Source Code] --> B{Import Type?}
    B -->|jsr:| C[JSR Registry]
    B -->|npm:| D[NPM Registry]
    B -->|node:| E[Node.js Compat Layer]
    B -->|https://| F[URL Import]

C --> G[Deno Cache  
~/.cache/deno]
    D --> G
    E --> H[Built-in Polyfills]
    F --> G

G --> I[V8 Execution]
    H --> I

style A fill:#e94560,stroke:#fff,color:#fff
    style G fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style I fill:#2c3e50,stroke:#fff,color:#fff

```
Deno Module Resolution Flow — supporting JSR, NPM, Node.js built-in, and URL imports

#### No More node_modules

Deno caches modules in a global directory (`~/.cache/deno`), without creating `node_modules` in your project. This saves significant disk space — an average project drops from 200-500MB down to nearly 0MB in the project directory. However, you can still enable `"nodeModulesDir": "auto"` in `deno.json` if you need compatibility with legacy tooling.

### 5.1 JSR — The Next-Generation JavaScript Registry

```json
// deno.json — simple config, no package.json needed
{
  "tasks": {
    "dev": "deno run --watch --allow-net --allow-read server.ts",
    "test": "deno test --allow-read",
    "lint": "deno lint",
    "fmt": "deno fmt"
  },
  "imports": {
    "@std/http": "jsr:@std/http@1",
    "@std/assert": "jsr:@std/assert@1",
    "hono": "jsr:@hono/hono@4"
  }
}

```

## 6. Built-in Toolchain — All-in-One

Deno ships with every development tool you need, no additional packages required:

| Tool | Deno Command | Node.js Equivalent |
| --- | --- | --- |
| Test runner | `deno test` | Jest / Vitest / Mocha |
| Formatter | `deno fmt` | Prettier |
| Linter | `deno lint` | ESLint |
| Type checker | `deno check` | tsc |
| Bundler | `deno compile` | esbuild / webpack |
| Task runner | `deno task` | npm scripts |
| Package runner | `dx` | npx |
| Security audit | `deno audit` | npm audit |
| Documentation | `deno doc` | TypeDoc |
| Benchmarking | `deno bench` | benchmarkjs |
| REPL | `deno repl` | node (REPL) |

```typescript
// user_service_test.ts — Deno test with BDD style
import { assertEquals, assertRejects } from "jsr:@std/assert";

interface User {
  id: number;
  name: string;
  email: string;
}

function validateEmail(email: string): boolean {
  return /^[^\s@]+@[^\s@]+\.[^\s@]+$/.test(email);
}

Deno.test("validateEmail - valid email", () => {
  assertEquals(validateEmail("tu@anhtu.dev"), true);
  assertEquals(validateEmail("admin@example.com"), true);
});

Deno.test("validateEmail - invalid email", () => {
  assertEquals(validateEmail("invalid"), false);
  assertEquals(validateEmail("@example.com"), false);
  assertEquals(validateEmail("user@"), false);
});

Deno.test({
  name: "fetch API - returns correct format",
  permissions: { net: ["jsonplaceholder.typicode.com"] },
  async fn() {
    const res = await fetch("https://jsonplaceholder.typicode.com/users/1");
    const user: User = await res.json();
    assertEquals(typeof user.id, "number");
    assertEquals(typeof user.name, "string");
  },
});

```

## 7. dx — npx for Deno

Deno 2.6 introduces `dx` — a tool to run binaries from NPM and JSR packages without global installation:

```bash
# Run Vite directly
dx vite create my-vue-app

# Run a package from JSR
dx jsr:@anthropic/claude-code

# Run Prisma CLI
dx prisma migrate dev

# Create a Hono project
dx create-hono my-api

```

## 8. Deno Deploy — Serverless Runtime on the Edge

Deno isn't just a local runtime — Deno Deploy is a serverless platform running code across 35+ global edge locations with cold starts under 10ms:

```
graph TB
    A[Developer] -->|git push| B[GitHub Repository]
    B -->|Auto Deploy| C[Deno Deploy Platform]

C --> D[Edge Location  
Singapore]
    C --> E[Edge Location  
Tokyo]
    C --> F[Edge Location  
Frankfurt]
    C --> G[Edge Location  
US East]

D --> H[Users APAC]
    E --> I[Users Japan]
    F --> J[Users Europe]
    G --> K[Users Americas]

C --> L[Deno KV  
Global Database]
    C --> M[Deno Cron  
Scheduled Tasks]
    C --> N[Deno Queues  
Message Queue]

style A fill:#e94560,stroke:#fff,color:#fff
    style C fill:#2c3e50,stroke:#fff,color:#fff
    style L fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style M fill:#f8f9fa,stroke:#e94560,color:#2c3e50
    style N fill:#f8f9fa,stroke:#e94560,color:#2c3e50

```
Deno Deploy — Serverless edge deployment with built-in KV, Cron, and Queues

```typescript
// Simple API on Deno Deploy with KV storage
const kv = await Deno.openKv();

Deno.serve(async (request: Request) => {
  const url = new URL(request.url);

if (url.pathname === "/api/visit") {
    // Atomic increment view counter
    const key = ["visits", new Date().toISOString().slice(0, 10)];
    await kv.atomic()
      .sum(key, 1n)
      .commit();

const result = await kv.get<bigint>(key);
    return Response.json({
      date: key[1],
      visits: Number(result.value ?? 0n)
    });
  }

if (url.pathname === "/api/cache" && request.method === "POST") {
    const { key, value, ttl } = await request.json();
    await kv.set(["cache", key], value, {
      expireIn: ttl * 1000
    });
    return Response.json({ cached: true });
  }

return new Response("Deno Deploy API", { status: 200 });
});

```

## 9. Deno 2.6 vs Node.js 22 vs Bun 1.2 Comparison

| Criteria | Deno 2.6 | Node.js 22 | Bun 1.2 |
| --- | --- | --- | --- |
| **Core Language** | Rust + V8 | C++ + V8 | Zig + JavaScriptCore |
| **TypeScript** | Native, zero config | Requires ts-node/tsx | Native |
| **Security** | Default sandbox, granular permissions | Experimental permission model | No sandbox |
| **NPM Support** | 97%+ compatible | 100% (native) | ~95% compatible |
| **Built-in Tools** | Test, Lint, Fmt, Bench, Doc, Audit | Test runner (basic) | Test, Bundler |
| **HTTP Server** | ~120K req/s | ~80K req/s | ~160K req/s |
| **Cold Start** | ~25ms | ~40ms | ~10ms |
| **Web Standards** | fetch, Request, Response, Streams, WebSocket native | fetch (since v18), partial | fetch, partial |
| **Package Registry** | JSR + NPM | NPM | NPM |
| **Edge Deploy** | Deno Deploy (integrated) | Requires third-party | None |
| **Single Executable** | `deno compile` | SEA (experimental) | `bun build --compile` |

#### When to Choose Deno?

**Choose Deno** when security is a priority (running third-party code), you want native TypeScript without config, need an all-in-one toolchain, or plan to deploy to the edge. **Choose Node.js** when you need 100% NPM ecosystem support and have significant legacy code. **Choose Bun** when raw benchmark speed is the top priority.

## 10. Deno with Hono — Building Production APIs

Combining Deno with the Hono framework creates a high-performance, type-safe, and portable API stack:

```typescript
import { Hono } from "jsr:@hono/hono@4";
import { cors } from "jsr:@hono/hono@4/cors";
import { logger } from "jsr:@hono/hono@4/logger";
import { validator } from "jsr:@hono/hono@4/validator";

type Bindings = {
  DB: Deno.Kv;
};

const app = new Hono<{ Bindings: Bindings }>();

app.use("*", logger());
app.use("/api/*", cors({ origin: "https://anhtu.dev" }));

app.get("/api/posts", async (c) => {
  const kv = await Deno.openKv();
  const entries = kv.list<{ title: string; slug: string }>({
    prefix: ["posts"]
  });

const posts = [];
  for await (const entry of entries) {
    posts.push(entry.value);
  }

return c.json({ data: posts, total: posts.length });
});

app.post("/api/posts",
  validator("json", (value, c) => {
    if (!value.title || typeof value.title !== "string") {
      return c.json({ error: "Title is required" }, 400);
    }
    return value as { title: string; body: string };
  }),
  async (c) => {
    const { title, body } = c.req.valid("json");
    const kv = await Deno.openKv();
    const id = crypto.randomUUID();

await kv.set(["posts", id], {
      id, title, body,
      createdAt: new Date().toISOString()
    });

return c.json({ id, title }, 201);
  }
);

Deno.serve({ port: 3000 }, app.fetch);

```

## 11. WebAssembly Source Phase Imports

Deno 2.6 supports **Source Phase Imports** for WebAssembly — import Wasm modules directly in TypeScript code without runtime fetching:

```typescript
// Import Wasm module as source
import source wasmModule from "./optimized_algo.wasm";

// Instantiate with imports
const instance = await WebAssembly.instantiate(wasmModule, {
  env: {
    log: (ptr: number, len: number) => {
      // Handle logging from Wasm
    }
  }
});

// Call exported function
const result = instance.exports.fibonacci(42);
console.log(`Fibonacci(42) = ${result}`);

```

## 12. Migrating from Node.js to Deno

Step 1 — Add deno.json

Create `deno.json` with `"nodeModulesDir": "auto"` so Deno auto-creates node_modules for NPM packages. Convert scripts to `"tasks"`.

Step 2 — Convert Imports

Replace `require()` with ESM `import`. Deno supports CJS via `npm:` specifier but recommends ESM. Node.js built-ins use the `node:` prefix (e.g., `import fs from "node:fs"`).

Step 3 — Update Tests

Migrate Jest/Mocha to `Deno.test()` or keep Vitest (Deno-compatible). Add permission flags for tests needing network/file access.

Step 4 — CI/CD

Replace `npm ci && npm test` with `deno test --allow-read --allow-net`. Deno installs in one line: `curl -fsSL https://deno.land/install.sh | sh`.

Step 5 — Deploy

Deploy to Deno Deploy (zero-config), Docker container, or compile to a single executable with `deno compile` for self-hosting.

## 13. When NOT to Use Deno

#### Limitations to Consider

- **Native addons** — Packages using C++ native addons (node-gyp) may not be compatible. Examples: bcrypt (use `bcryptjs` instead), sharp (use Wasm build).
- **Ecosystem maturity** — Some major frameworks (NestJS, AdonisJS) don't officially support Deno yet, though they may work through the compatibility layer.
- **Enterprise tooling** — If your team heavily uses npm workspaces, Lerna, or Nx for monorepo management, migration will be more complex.
- **Serverless platforms** — AWS Lambda, Azure Functions don't support Deno runtime natively (requires custom runtime or compiling to binary).

## 14. Conclusion

### References

- [Deno Official Website](https://deno.com/)
- [Deno 2.6: dx is the new npx — Deno Blog](https://deno.com/blog/v2.6)
- [Deno GitHub Repository](https://github.com/denoland/deno)
- [Deno 2 vs Node.js vs Bun — DEV Community](https://dev.to/pockit_tools/deno-2-vs-nodejs-vs-bun-in-2026-the-complete-javascript-runtime-comparison-1elm)
- [JSR — JavaScript Registry](https://jsr.io/)

Nuxt 4 — The Fullstack Vue Framework for Production in 2026

Disclaimer: The opinions expressed in this blog are solely my own and do not reflect the views or opinions of my employer or any affiliated organizations. The content provided is for informational and educational purposes only and should not be taken as professional advice. While I strive to provide accurate and up-to-date information, I make no warranties or guarantees about the completeness, reliability, or accuracy of the content. Readers are encouraged to verify the information and seek independent advice as needed. I disclaim any liability for decisions or actions taken based on the content of this blog.