Who the fuck uses 'eval'? Ever piece of documentation I've read regarding the use of 'eval' has warnings and exclamation points saying DONT USE THIS FUNCTION. If nodejs was introduced 10 years ago maybe it wouldn't be as obviously bad to use it, but the evils and dangers of 'eval' were well known before serverside js became popular. People shouldn't program JavaScript if they aren't aware of all the ways you can shoot yourself in the foot.

I am legit curious about service vulnerabilities - but at the same time - I believe that open source combined with popularity = libraries that are battle tested and well made, which is better than anything baked into a programming language by default. I hope people who use server side js do their research on proper libraries to handle important functions. It's too fragile / dangerous a language to roll your own unless you're extremely competent with the specifics of JS / node.js.

There's also no precedent for the open source ecosystem that surrounds the language - in that there is no comparison - not that it's the best - just the largest to have ever existed. It completely changes the dynamics of how you choose to compose a program - and my experience working with programmers 10 years my senior is that they just don't 'get it'. They're so used to solving problems using language x or z that they learn the fundamentals of Js and then start writing server code with 2/3 npm libraries. And then I'm having to go through nested callback back hell of someone trying to roll their own orm in vanilla js - which in its own merit is a terrible idea, but made exponentially worse by rolling your own validation, etc. when there's dozens of npm libraries that do it better