2018 was an interesting year for Node.js frameworks and open source software in general. Developer communities discussed the role of corporate sponsorship and how to maintain a project used by millions but not supported financially.
Similarly, security concerns were top of mind with some popular Node / JS packages being hijacked and Github launching their security alerts feature for projects hosted on their site.
That is why in this Node.js framework roundup we have categories on sponsorship, donations and NPM audit vulnerabilities to give better insight into how each of the frameworks listed tackles these issues. Frameworks are evaluated alphabetically.
Charts & graphs
Sails, Koa and Express are clearly head and shoulders above the rest with regard to Github stars. But the total amount of stars is maybe not the clearest indicator of relevancy in 2019. For that we need to look at the growth.
Github stars growth in 2018
The explosive growth of Nest becomes very clear when we track the growth of Github stars over 2018. The y-axis is the percentage of growth from roughly the start of January 2018 up till mid-December 2018. The number is a fairly good approximation, but the raw data is a bit hard to come by. Interestingly Sails and Express have almost flat lined in comparison, but that could also be due to market saturation: only so many people out there interested in giving Github stars to Node.js frameworks.
Node and its NPM package management solution gets a bad wrap for pulling in (transitive) dependencies. In this light, Nest seems fairly lean where Sails has almost four times the direct dependencies.
Weekly NPM downloads
I had to re-check the data on the NPM site for this. Express completely dwarves the amount of downloads of any of its competitors. Only Koa and Hapi register on this graph as tiny slivers of color. Of course, some frameworks use Express under the hood, i.e. Sails and Nest.
Choosing a Node.js framework
Each framework has its goals, design decisions and peculiarities. You should carefully consider how these map to your own use case currently and as far as you can tell in the future.
Sometimes, this is very clear:
“We need a full web app, with HTML templating, database models, authentication, API integrations, mailing etc.”
We mark these as Full Stack in this article. A completely different use case would be:
“We need a back end API endpoint that ingests IOT data as small JSON messages.”
We mark these as API. Of course, your use case might be somewhere in between. In this case you need a framework that can start small, but can grow in complexity and functionality with either plugins or middlewares. We mark these as Minimal as in the core is small, but the eco-system provides modules to grow the range of features.
It speaks for many of the frameworks listed here that all of them can be coaxed into any of the roles on the spectrum. Some come with supported, first party modules to extent the core, others rely more on community supplied extensions.
AdonisJs takes a page from the Hapi manual by explicitly choosing to write its own dependencies from scratch. This means the AdonisJS eco system comes with a set of specific modules that neatly slot into the core framework. This also means that for instance the test runner or template engines are probably new to most users, although you can still use other runners or templating engines of course.
AdonisJs was started in 2016 and is aimed at full stack usage: HTTP request routing, templating, authentication and database ORM are all available out of the box.
In the community, AdonisJs is often compared to PHP’s Laravel although this can be said of any framework using implementing MVC patterns.
The grandaddy of Node.JS API frameworks. It is still a very minimal framework that, on install, gives you a bare bones API server. Extra functionality is added using one of the many middleware projects available. Some of which, like Passportjs, have come to be standards in themselves.
Due to its minimal footprint, frameworks like Sails.js and Nest use Express as a base application layer and extend it with extra, opinionated features.
Fastify is an API framework 100% aimed at performance. Claiming to be inspired by Hapi and Express, the maintainers have chosen to focus on balancing developer experience with raw speed and performance.
Although Fastify is again a very minimal framework, the middleware architecture is compatible with Express and Restify middlewares, greatly expanding possible use cases.
Fastify comes with experimental HTTP 2.0 support and ships with TypeScript typings.
Hapi was developed at Walmart to provide a rock solid foundation for their e-commerce business. Now spun out as open source framework with no ties to its originating company, Hapi remains popular for larger.
Hapi comes with a large set of separate, but tightly integrated and supported plugins for features like logging, templating, caching, error handling etc. It’s object validation plugin Joi is almost as popular as the framework itself.
In the community, Hapi is praised for its API, its robustness and reliability. Also, Hapi does not have any external code dependencies making security issues much more controllable.
Version 17.x is a ground up rewrite leveraging ES6 and ES7 features throughout the whole stack.
async/await. The Koa framework is even more minimal than Express; even routing is not included in the base install.
Koa was one of the first API frameworks to leverage ES6 and ES7 features explicitly. This shows as the documentation mentions using Babel for older Node.js versions.
Koa comes with a list of third party middlewares almost as long as Express although a lot of them seem to be abandoned or just not maintained on a regular basis.
Another twist is that Nest comes with a built-in GraphQL adapter that leverages the popular Apollo framework, although there are recipes available for more traditional ORMs and databases such Mongo using Mongoose or MySQL/Postgres using TypeORM.
2018 was a good year for Nest and we’re excited to see what 2019 brings.
Restify is squarely aimed at providing a framework for building RESTful APIs, where other frameworks tend to solve API, static content and template parsing problems. It is used in production by NPM, Netflix, Joyent and Pinterest.
This focus translates into its documentation and guides. They are simple and to the point. Extensions are build using the plugin API, although the third party plugins are spread very thin.
Stressing debuggability as one of its main pilllars, it is cool to see that Restify includes automatic generation of Dtrace probes, a feature not commonly found in any of the other frameworks.
Sails was arguably the first Node.js web framework to provide a “full stack” experience similar to Rails on the Ruby platform; hence the name. It provides an opinionated MVC framework and matching stack of technologies to tackle most business-type scenarios.
This means you can set up a CRUD app very quickly due the configuration-over-code principle and the sane defaults chosen by the developer. Similar to Rails, Sails has scaffold generators to create API endpoints based on objects / entities. Sails comes with its own Waterline ORM which can front multiple database types like Postgres, MongoDB and even Redis.
Originated at the Balderdashy company, they have now renamed to “the Sails Company” and provide enterprise support.
Server.js started in 2017 and has seen steady, but not explosive growth over 2018. Being this new, Server.js uses modern ES2016 and ES2017 language features throughout. Every install comes with batteries included: file serving, websockets, CSRF, SSL etc. Even storing sessions in a Redis store is available by default.
Because Server.js is also based on Express, you can use Express middlewares to extend its functionality.
Next to having a great NPM package name, Server.js looks very promising as light weight but stilly pretty full stack API and web framework.
On the metrics used
banner image: “Sunrise on New Year’s Day at Susaki” by Utagawa Hiroshige (1853) - Museum of Fine Arts Boston