I read a lot of articles, but I still do not understand what is the point of attaching to express and template engines? Does the approach using the base modules of node.js as described in this book give you more control over your own application?

First of all, it is of interest from the point of view of security (including the “difficulty” of ddos ​​attacks), and not convenience and development time.

    1 answer 1

    Template engines are convenient because the markup is not written in the code. Pomimo separation of logic from markup, eliminating the need for shielding any characters and heaps of string concatenations.

    As for the control. Node.js gives you generally maximum control over what is happening. But, the more low-level tools you use, the more you have to implement yourself. Yes, it will give maximum flexibility in those places that you personally need. But at the same time it will significantly increase the development time.

    Further, in terms of security. Here you began to do something yourself. Yes, maybe you are a super cool specialist in this topic, you will make everything perfect and it will work very well. Yes, it is possible. But such cases are few. It is very likely that you will not take something into account, you will do something mediocre and, even if you can avoid obvious jambs, you can just fit all sorts of holes.

    The advantage of popular modules is that they are widely used and one can expect that once they have been selected, they are of sufficient quality to deserve it. In addition, you can count on correcting errors in them, if they show up. The downside is that if any hole is suddenly found out, everyone who uses this module becomes vulnerable. It is possible that no one else was particularly interested in your website to look for holes in it, even if there are a lot of them. But here is to try something already ready on it - why not.

    In most cases, the speed of development and sufficient reliability outweigh the need for unnecessary flexibility. Well, few people want to admit to themselves "I’m doing a damn site on which there will be one and a half people and I don’t care about all the holes, somehow I’m blind myself."

    Although for educational purposes one could try to write the necessary functionality by itself instead of using a ready-made module.