Jeff Bruchado
Back to blog

Deno 2.6 Launches dx: The New npx That Promises to Revolutionize How We Run Packages

Hello HaWkers, Deno just released version 2.6 with a feature that will make many developers' lives easier: the dx command. If you've used Node.js's npx, you'll immediately understand the purpose, but with some important differences.

Did you know that running packages directly from npm or JSR can be much safer and more efficient? Deno's dx brings this experience with the security guarantees the runtime is known for.

What Is Deno dx

The dx is Deno's answer to npx. It allows you to run npm and JSR package binaries without needing to install them globally. But it goes further: it inherits Deno's entire security model.

Quick Comparison

npx (Node.js):

  • Downloads and runs packages
  • Full system access
  • No security restrictions

dx (Deno):

  • Downloads and runs packages
  • Granular permissions
  • Secure by default
# Using npx (Node.js)
npx create-react-app my-app

# Using dx (Deno)
deno dx create-react-app my-app

The syntax is familiar, but the behavior under the hood is different.

How to Use dx in Practice

The dx command works with both npm packages and JSR packages (Deno's own registry).

Running npm Packages

# Run an npm package directly
deno dx npm:eslint --init

# Run a specific version
deno dx npm:typescript@5.3.0 --version

# Run with alias
deno dx npm:prettier --check .

Running JSR Packages

# Run package from JSR
deno dx jsr:@std/cli/parse-args

# Run testing tool
deno dx jsr:@std/testing/snapshot

Practical Day-to-Day Examples

# Start new Vite project
deno dx npm:create-vite@latest my-project

# Run json-server for API mocking
deno dx npm:json-server db.json

# Format code with Biome
deno dx npm:@biomejs/biome format .

# Generate documentation with TypeDoc
deno dx npm:typedoc --entryPoints src/index.ts

Security Differentials

The big advantage of dx over npx is in the security model. Deno doesn't trust any code by default.

Granular Permissions

When you run a package with dx, Deno applies the same restrictions as any other code:

# Run with network permission only
deno dx --allow-net npm:http-server

# Run with read permission on specific directory
deno dx --allow-read=./src npm:eslint ./src

# Run with minimal permissions
deno dx --allow-read --allow-write npm:prettier --write .

Security Comparison

Aspect npx dx
Filesystem access Full Requires permission
Network access Full Requires permission
Environment variables Full Requires permission
Subprocesses Full Requires permission
FFI Allowed Requires permission

Risk Scenario with npx

Imagine you run a malicious package:

# With npx - package has full access
npx suspicious-package
# Can read SSH keys, send to remote server...

# With dx - no permissions, nothing happens
deno dx npm:suspicious-package
# Error: access denied

Other Deno 2.6 News

The 2.6 release brought more than just dx. See other significant improvements:

deno audit

Now you can audit vulnerabilities in dependencies:

# Check for known vulnerabilities
deno audit

# Example output:
# Found 2 vulnerabilities:
# - lodash@4.17.20: CVE-2021-23337 (high)
# - axios@0.21.0: CVE-2021-3749 (medium)

More Granular Permissions

Deno 2.6 introduced even finer permissions:

# Allow only reading .json files
deno run --allow-read="*.json" script.ts

# Allow network only for specific domain
deno run --allow-net="api.example.com" script.ts

TypeScript Improvements

The integration with tsgo (TypeScript in Go) brought:

Performance gains:

  • 30% faster type checking
  • Lower memory usage
  • More responsive hot reload

Improved Stack Traces

Now errors are more readable:

# Before (Deno 2.5)
Error: Something went wrong
    at Object.runMicrotasks (ext:core/01_core.js:456:11)
    at processTicksAndRejections (ext:deno_node/_next_tick.ts:65:10)
    at async Module._compile (ext:deno_node/module.ts:512:9)
    ...

# After (Deno 2.6)
Error: Something went wrong
    at fetchData (src/api.ts:15:5)
    at main (src/index.ts:8:3)

dx vs npx vs bunx

With three options on the market, which to choose?

Complete Comparison

Feature npx dx bunx
Speed Moderate High Very High
Security Low High Low
npm compatibility Full High High
Smart cache Yes Yes Yes
Permissions No Yes No

When to Use Each

Use npx when:

  • You need full compatibility with Node ecosystem
  • You're in a legacy project that depends on Node
  • Specific tools that don't work in Deno

Use dx when:

  • Security is a priority
  • You want consistency with Deno projects
  • You need granular permissions

Use bunx when:

  • Speed is the absolute priority
  • Projects already using Bun
  • No security restrictions

Integration with Existing Workflows

dx integrates well with tools you already use.

Scripts in deno.json

{
  "tasks": {
    "lint": "deno dx npm:eslint src/",
    "format": "deno dx npm:prettier --write .",
    "test:e2e": "deno dx npm:playwright test",
    "docs": "deno dx npm:typedoc --out docs src/"
  }
}

CI/CD with GitHub Actions

name: CI
on: [push, pull_request]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: denoland/setup-deno@v1
        with:
          deno-version: v2.x
      - run: deno dx npm:eslint . --max-warnings 0
      - run: deno dx npm:prettier --check .

Docker

FROM denoland/deno:2.6.0

WORKDIR /app
COPY . .

# Use dx for build tools
RUN deno dx npm:esbuild --bundle src/index.ts --outfile=dist/bundle.js

CMD ["deno", "run", "--allow-net", "dist/bundle.js"]

Migrating from npx to dx

If you want to migrate your scripts from npx to dx, the process is simple:

Step by Step

1. Identify npx commands in the project:

# Search in package.json and scripts
grep -r "npx " .

2. Replace npx with deno dx npm:

# Before
npx eslint .

# After
deno dx npm:eslint .

3. Add necessary permissions:

# If the command needs to read files
deno dx --allow-read npm:eslint .

# If it needs network
deno dx --allow-net npm:create-react-app my-app

Common Conversion Table

npx command dx command
npx eslint . deno dx --allow-read npm:eslint .
npx prettier --write . deno dx --allow-read --allow-write npm:prettier --write .
npx http-server deno dx --allow-net --allow-read npm:http-server
npx create-vite deno dx --allow-read --allow-write --allow-net npm:create-vite

Conclusion

Deno 2.6's dx represents a natural evolution in how we run JavaScript packages. Maintaining npx familiarity but adding security layers, Deno offers a mature alternative for developers who care about the integrity of their systems.

If you already use Deno, dx is a natural addition to your workflow. If you're still in the Node ecosystem, it's worth trying dx in new projects to feel the benefits of Deno's security model.

If you want to understand more about the differences between modern JavaScript runtimes, I recommend checking out the article Anthropic Acquires Bun where we discuss recent changes in the runtime market.

Let's go! 🦅

💻 Master JavaScript for Real

The knowledge you gained in this article is just the beginning. There are techniques, patterns, and practices that transform beginner developers into sought-after professionals.

Invest in Your Future

I've prepared complete material for you to master JavaScript:

Payment options:

  • 1x of $4.90 no interest
  • or $4.90 at sight

📖 View Complete Content

Comments (0)

This article has no comments yet 😢. Be the first! 🚀🦅

Add comments