[EGreg]

Every language requires you to be careful.

C makes you do array out of bounds checks. Javascript makes you worry about tying up your event loop with eg massive string processing.

Just get a friggin asynchronous JSON parser if you're running it on untrusted client input (ie any client input). It's not that hard.

Maybe node should provide a "tainted" feature for modules to mark variables that are "untrusted" and provide some warnings when functions like JSON.parse are run on them.

The upside of JS is massive - easier to reason about control flow than threads, and much easier to build something much FASTER and efficient than threads.

[wpietri]

I think good languages require you to care about things that matter for your domain. For example, C's bounds checks are a consequence of demanding fine-grained control.

The problem for me with Node here is that whole cooperative-multitasking thing doesn't directly buy you anything. It's a historical accident, not a necessary downside of an otherwise-positive choice. That's distinct from a browser or a GUI environment, where letting a single thread control the display and events really does buy you things you care about.

[zkhalique]

I care about single threadedness and evented paradigm to provide guarantees and simplify my reasoning about things. I know that if I call a function, it will return synchronously, but not necessarily with a callback. I know that my objects won't be clobbered by other threads, etc.