What is Karken.js suit and how much it helps Node.js to be more secure and scalable?

Question

I've watched few presentations and read few slides about how PayPal uses Karken.js in its Node.js Stack to take advantage of out-of-box security and apparently it works with dust.js too.

But the real question here is, is this a real thing to make the Node.js enterprise material or it's jsut useful for the developers team at PayPal? And why should I use this in my existing Node.js stack?

Update1: It doesn't offer anything more for security. It just makes it easier by using other packages.

Answer 1

A bit of a lengthy answer,

When we started the switch to node, we very quickly realized that existing frameworks at the time were too loose.

Give the same task to three people and they will solve it in three completely different ways.

Now, picture a company with 3000 developers, making a switch to NodeJs, many of them learning as they go. The resulting codebase could get messy very quickly, as people invent and reinvent their own patterns.

The answer to this problem was to create a framework (And I hesitate to use the word framewor, because it's not really one) that would ensure that every application had the same structure, and followed the same patterns.

With that accomplished, it was very easy to start adding facilities that would make developer's lives easier.

Security? Sure, it's a module that enables common headers, and operates as middleware. It's completely transparent and configurable to the developer, and the best part? It's built in. One less thing you have to do.

The same considerations applied to internationalization support, and the build-time dev tools that Kraken provides out-of-the box.

One very important design aspect of the Kraken suite is that we very specifically decided not to make it PayPalish. It was built leveraging express, grunt, and a host of other open source components.

Since it was built that way, it was only natural that we release it as an open source project, because if we were having those obstacles on the road to node adoption, other large shops were sure to have the same difficulties.

Mind you, Kraken is not a silver bullet for all problems out there, and you always have to choose the right tool for the job.

I strongly believe that the main advantage of kraken, is on how it gives a very solid foundation to any non-trivial project, allowing it to grow in an organized, easy to read, and easy to maintain fashion. All the additional stuff (Security, i18n, etc) might not be relevant to all projects, but it's there if you need it.

Take a look at the shopping cart example: https://github.com/lmarkus/Kraken_Example_Shopping_Cart/ It may give you a better feel for what kraken can do.

**Standard disclaimer: I'm a PayPal employee, and part of the Kraken Core team. My opinions are my own and not reflective of PayPal / eBay.

Answer 2

PayPal open-sourced the KrakenJs work for the general community. It is not PayPal specific. It is not intended to be a full framework. It is intended to ensure consistency of Node applications developed in an organization by different teams and to abstract away the mundane things you need to do to wire up Express/Connect. By default, it sets you up with good security practices which some teams might not remember to do.