The ease of use of npx has come to Deno. The new feature dx makes binary execution of NPM packages incredibly smooth. I felt that the design, which combines security and speed, was worth trying. #Deno #Engineer
A quick video explanation of this blog post!
This blog post is explained in an easy-to-understand video.
Even if you don't have time to read the text, you can quickly grasp the main points by watching the video. Please take a look!
If you found this video helpful, please follow our YouTube channel "The Path of an AI Creator" for daily AI news.
Subscribe here:
https://www.youtube.com/@AIDoshi
Jon and Lila share their unique perspectives in this conversation in English 👉 [Read the dialogue in English]
👋 JavaScript developers, the latest update of Deno introduces the "dx" tool, which dramatically simplifies the execution of NPM and JSR binaries, bringing convenience comparable to Node.js's npx, while maintaining security.
Executing package binaries is a common occurrence in development. While npx is convenient for Node.js, compatibility issues have been a challenge for Deno users. This update will eliminate that frustration. As an engineer, an efficient toolchain is directly linked to productivity. Let's take a look back at the previous workflow and dig deeper into the new features.
🔰 Article level:⚙️ Technical
🎯 Recommended for:Engineers with experience developing JavaScript/TypeScript and an interest in runtime optimization and security models. Developers considering migrating from Node.js to Deno or looking to streamline package management.
Deno adds NPM and JSR binary execution tools: new features to improve development efficiency
- Introducing DX tools: Binaries from NPM and JSR packages can now be executed directly.
- Strengthened permission control: Improved security with more detailed permission management.
- Faster type checking: Improved performance with experimental tsgo.
📖 Table of Contents
Background and Issues
The JavaScript ecosystem has evolved around Node.js, and Deno has emerged with its security and simplicity, but binary execution of NPM packages has lacked intuitive tooling like Node.js's npx.
As a techie, the daily challenge is clear: I wanted to run CLI tools without installing packages, but Deno required an extra step, which created a disconnect in my workflow and slowed my productivity.
Additionally, Deno's integration with JSR (Deno's new registry) was inadequate, making it lack the seamlessness modern developers require. These limitations hindered its widespread adoption.
This update is key to solving these issues, and is attracting attention as an attempt to combine the flexibility of Node.js with the security of Deno.
Technical and content explanation
The highlight of Deno 2.6 is the "dx" tool, which is the equivalent of Node.js's npx and allows you to run binaries from NPM and JSR packages without installing them.
The mechanism is simple: dx temporarily downloads the specified packages and runs them in the Deno runtime. Security inherits Deno's opt-in model and strictly controls permissions.
While the traditional npx avoids global installation, Deno's dx goes further, supporting JSR and making it easier to handle TypeScript native packages.
Additional functionality includes granular permissions: domain-level permissions can be specified (e.g., --allow-net=example.com), reducing the risk of supply chain attacks.
Type checking is now faster with tsgo (experimental), which is 2-3 times faster than the previous tsc, making it useful for large-scale projects.
| Item | Traditional (Node.js npx) | New elements (Deno dx) |
|---|---|---|
| Execution target | NPM packages only | NPM + JSR packages |
| Security Model | Full access by default | Fine-grained opt-in permission control |
| TypeScript support | Additional tools required | Native + tsgo fast check |
| Installation requirements | Temporary installation | Temporary Downloads + Cache |
| compatibility | Exclusive to the Node.js ecosystem | Node compatible + Deno proprietary extensions |
As you can see from this table, dx maintains the convenience of Node.js while adding the strengths of Deno. One limitation is that the adoption of JSR packages is still low, but this is expected to expand in the future.
Deeper into the technical details, dx internally leverages Deno's import system, enabling dynamic loading with source-phase imports and native source maps for easier debugging.
The deno audit feature has also been added to check for vulnerabilities in dependencies, which is effective as a countermeasure against NPM supply chain attacks.
Impact and use cases
For engineers, the impact of this update is in speeding up workflows: for example, if you run a temporary tool (e.g., eslint or prettier) in your CI/CD pipeline, you can use dx to skip the installation step.
Use Case 1: Front-end development. In React projects, we use dx to invoke a JSR-based tool as an alternative to create-react-app. It's quick to set up while maintaining the type safety of TypeScript.
Example 2: Backend service. Temporarily run NPM migration tools on the Deno server. Permissions are restricted to --allow-read only to ensure security.
Case 3: Script automation. Run dx @std/http/file-server in your deployment script to instantly launch a local server. This reduces dependency on Node.js and improves cross-platform compatibility.
Overall, this could improve development efficiency by 20-30%, lower the barrier to migration from Node.js, and promote ecosystem diversification.
In terms of social impact, it promotes a secure development culture. The NPM vulnerability issue (e.g., supply chain attack in 2025) has led to the standardization of the Deno model.
Action Guide
For engineers, we present practical steps that can be implemented immediately. First, install Deno 2.6: Run deno upgrade.
Next, test dx: dx eslint --init to test drive the NPM package, adding permission flags and verifying custom controls.
For JSR packages: Leverage the standard library with dx @std/assert/assert-equals , include it in your project, and manage the dependency in deno.json.
Additionally, enable tsgo: --unstable-tsgo flag to speed up type checking. Try benchmarking it on a large codebase.
If you are considering migrating, scan your existing project for vulnerabilities with a deno audit. Use this as a starting point to move forward with Deno.
Future prospects and risks
The future of Deno is bright, with plans for dx extensions (e.g., multi-runtime support) on the roadmap beyond 2026. JavaScript runtime innovation will continue as Deno competes with Bun and Node.js.
As a prospect, with the spread of JSR, a TypeScript-centered ecosystem will be formed, and dx will likely become the de facto tool.
However, there are risks. The number of JSR packages is smaller than that of NPM, so dependency resolution failures may increase. The complexity of permission control is a constraint that discourages beginners.
Additionally, there is a risk that the lack of stability of experimental features (tsgo) will cause problems in production environments. Update-dependent vulnerabilities also need to be taken into consideration.
To be fair, the security benefits outweigh these advantages, so minimize the risks with careful adoption.
My Feelings, Then and Now
Deno 2.6's dx tools revolutionize binary execution for NPM and JSR, improving security and speed to streamline the daily lives of engineers.
This is a way to solve the existing issues and bridge the gap with Node.js. By utilizing it, you can improve productivity and achieve secure development.
Keep track of Deno's evolution as a future-oriented tool.
💬 Have you tried Deno's DX tools? How have they changed your workflow? Share in the comments!
👨💻 Author: SnowJon (WEB3/AI Practitioner/Investor)
Based on the knowledge I gained from the University of Tokyo's Blockchain Innovation Course,
Researches and disseminates information on WEB3 and AI technology from a practical perspective.
We place importance on translating difficult technologies into a form that can be understood.
*AI is used as an auxiliary tool, and the author is responsible for verifying the content and taking final responsibility.
Reference links and information sources
- Deno adds tool to run NPM and JSR binaries | InfoWorld
- Deno 2.6: dx is the new npx | Deno
- How Deno protects against npm exploits | Deno
- Deno compile documentation
- Node.js, Deno, Bun in 2025 | DataFormatHub