PayPal, looking to provide an additional structure around the Node.js application framework, developed the Kraken implementation, a more secure and scalable framework for building commercial-grade applications. This week, PayPal is making Kraken available to the broader open-source community. Bill Scott, senior director of user interface engineering at PayPal, says Kraken is being shared with the rest of the Node.js community because its adoption outside of PayPal will spur its adoption within PayPal while at the same time making PayPal a more attractive place to work. Every time a technology gets shared with the open source community, Scott says, developers' enthusiasm for acquiring a skill they could potentially use elsewhere winds up increasing use of that technology by orders of magnitude. Kraken is designed to provide some structure to Node.js in much the same way that Ruby on Rails provides developers with some basic configuration decisions that, left to their own devices, individual developers would wind up making slightly different, according to Scott. Kraken is based on the express Web application framework. But unlike express, Kraken adds support for environment-aware and dynamic configuration, advanced middleware capabilities, application security and lifecycle events. By default, Kraken includes dust for templates, LESS for CSS preprocessing, RequireJS for JavaScript modules and Grunt for task handling. Application and middleware configuration is stored in JSON files.

From a security perspective, Kraken sets up a number of defaults, including cross-site request forgery support (CSFS), XFRAMES headers that prevent clickjacking and content security policy that allows developers to restrict what type of resources are allowed and enabled for a Web application. The Kraken implementation Node.js is being used within PayPal to create to make it easier to create applications where the user experience is likely to evolve iteratively. PayPal is still making extensive use of Java and C## application in the back end. But in terms of the applications that customers are likely to directly engage, PayPal is moving to standardize on Kraken. At the moment, PayPal has more than 20 applications “in flight,” says Scott, and that the various components that make up Kraken are shared via the company’s internal implementation of a Github repository. Originally built on top of the Javascript runtime developed for the Google Chrome browser, node.js is rapidly gaining adherents across the developer spectrum because it’s optimized to provide an event-driven, non-blocking I/O model that is both lightweight and efficient. That doesn’t mean another programming environment won’t borrow those concepts someday. But for now, application development frameworks based on Javascript are increasingly becoming the Web tool of choice.