Server Frameworks Part 1: Node, Express, and Django

A web framework or web application framework is a software framework that is designed to support the development of web applications including web services, web resources and web APIs. Web frameworks aim to alleviate the overhead associated with common activities performed in web development.  For example, many web frameworks provide libraries for database access, templating frameworks and session management, and they often promote code reuse. Though they tend to target development of dynamic websites, they are also applicable to static websites.

As the design of the web was not inherently dynamic, early hypertext consisted of hand-coded HTML that was published on web servers. Any modifications to published pages needed to be performed by the pages’ author. To provide a dynamic web page that reflected user inputs, the Common Gateway Interface (CGI) standard was introduced for interfacing external applications with web servers. CGI could adversely affect server load, though, since each request had to start a separate process.

Around the same time, fully-integrated server/language development environments first emerged, such as WebBase. And, new languages specifically for use in the web started to emerge, such as ColdFusion, PHP and Active Server Pages.
While the vast majority of languages available to programmers to use in creating dynamic web pages have libraries to help with common tasks, web applications often require specific libraries that are useful in web applications, such as creating HTML (for example, JavaServer Faces).  Eventually, mature, “full stack” frameworks appeared, often gathering multiple libraries useful for web development into a single cohesive software stack for web developers to use. Examples of this include ASP.NET, JavaEE (Servlets), WebObjects, web2py, OpenACS, Catalyst, Mojolicious, Ruby on Rails, Grails, Django, Spring, Node, Revel, Zend, Yii, CakePHP and Symfony.


At Digital Foundry, we have experience with many different types of server frameworks. Comprehensive knowledge is crucial when working with different clients, and we have listed below as well as in the second part of this post, a handful of frameworks we have worked with in the past. They are the ones we consider to be most relevant for a client to know about, and the ones most commonly encountered on projects.




Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient. Node.js’ package ecosystem, npm, is the largest ecosystem of open source libraries in the world. The Node license falls under MIT, is widely used, and very well supported. As of March 2016, there had been over 850 contributors, 13,000 commits and 349 releases. Some sites that use Node are Walmart, eBay, Microsoft, Google, and Uber.

Why use Node: From an engineering perspective, most engineers know JavaScript. It’s fast, the Node.js package manager is excellent, and it excels at multiple concurrent connections and streaming data. One of the inherent risks with any open-source project is abandonment by its volunteer maintainers, which luckily isn’t the case with Node.js. Node is currently sponsored by Joyent who has hired a project lead and other core contributors, so there is a real company backing the future of the project. Not to mention, there are a great number of major companies backing the project at every level including Walmart, Microsoft, Yahoo, Paypal, Voxer and more.

Risks of using Node: Node tends to be heavy on CPU usage and very light on actual I/O. Not only is Node heavy on CPU usage, it also is not a good choice for implementing heavy CPU tasks, because it is single threaded. The core of Node is JavaScript, so Node inherits any concerns there might be with JavaScript. However, the execution context of V8, the JavaScript engine Node uses, is entirely different than a browser because it executes on the server. That difference adds some unique surface area [for attacks]. That being said, the same people that created it are working on a security module for it right now, so this may not be an issue for much longer.

Primary Takeaways: Node.js is really not meant for building websites on its own. By itself Node is quite small and really requires the use of something like Express.js. Express is able to provide the structure and methods needed to build a website.

To learn more about Node visit:



Express.js is an open source node.js web application server framework, designed for building web applications. It is a common server framework for node.js, and is relatively minimal with many features available as plugins. In January 2016, IBM announced that it would place Express.js under the stewardship of the Node.js Foundation incubator. Express.js license falls under MIT, is widely used, and well supported. As of March 2016 there had been over 189 contributors, 5,233 commits, and 259 releases. Express is used by Netflix and MySpace.

Why use Express: From an engineering perspective if you just use an HTTP module, a lot of work like parsing the payload, cookies, storing sessions, and selecting the right route pattern based on regular expressions will have to be re-implemented. With Express.js it is there for you to use. For certain items, Express will take 5-10x less time and lines of code, simplifying development and making it easier to write secure, modular and fast applications.

Risks of using Express: Many companies balk at using open source. Usually the internal security groups have not had a chance to vet the product, and haven’t had the chance to evaluate how to properly set it up to scale. Also, JavaScript can be hard to maintain in a large, evolving code base. This can be somewhat mitigated by using a language like TypeScript or Dart.

Primary Takeaways: Express is a Node.js Framework (a framework implies that it is a way of structuring your code that gives you additional capabilities) as long as the code is written in the way the framework expects. Express gives Node a more realistic website structure that is not present when using Node by itself.

To learn more about Express visit



Django is an open-source web framework, written in Python, which follows the model–view–controller (MVC) architectural pattern. It is maintained by the Django Software Foundation (DSF), an independent organization. Django’s primary goal is to ease the creation of complex, database-driven websites. Django emphasizes reusability and “pluggability” of components, rapid development, and the principle of “don’t repeat yourself.”  Python is used throughout, even for settings, files, and data models. Django also provides an optional administrative create, read, update, and delete interface that is generated dynamically through introspection and configured via admin models. Django license falls under the Django BSD license, is widely used, and supported.  As of March 2016, there were over 1,110 contributors, 22,000 commits and 131 releases. Some sites that use Django are Pinterest, Instagram, Mozilla, and The Washington Times.

Why use Django: From an engineering perspective, Django’s configuration system allows third party code to be plugged into a regular project, providing it follows the reusable app conventions. More than 2,500 packages are available to extend the framework’s original behavior, providing solutions to issues the original tool didn’t: registration, search, API provision and consumption, CMS, etc. Many engineers believe that Python libraries tend to be more powerful or mature.

Risks of using Django: Several articles will claim that Django’s extensibility is somewhat mitigated by internal components dependencies. While the Django philosophy implies loose coupling, the template filters and tags assume one engine implementation, and both the auth and admin bundled applications require the use of the internal ORM. None of these filters or bundled apps are mandatory to run a Django project, but reusable apps tend to depend on them, encouraging developers to keep using the official stack in order to benefit fully from the apps ecosystem. Digital Foundry’s engineers feel these concerns may not be as big an issue as it is stated, as most projects will use a relational ORM for at least some of the site (Authentication) and the Django-Cassandra project is working on supporting the Authentication module.

Primary Takeaways: Django is full featured and easy to set up. It supports many different relational database systems. It is well documented and the community is friendly and helpful. It is designed not to have too much magic, so the code is a bit more readable by novices. The Rails community has embraced testing to a further degree than the Django community.


To learn more about Django visit: