What is a MEAN stack?
MEAN stands for MongoDB, Express.js, AngularJS, and Node.js. This is a relatively new "stack" of software for delivering scalable cloud-hosted applications. The MEAN Stack is considered a more "modern" version of the LAMP Stack. This is a JavaScript framework for developing web application. Each letter of the MEAN acronym stands for a different part of the stack.
What is in a MEAN stack?
A stack is a collection of software technology that is packed together to form a platform. A stack is like a collection of tools that can be used to solve a problem. In this case, a MEAN stack solves a recurring problem in programming: how do I securely host web applications in the cloud?
MongoDB
MongoDB is an open source, nonrelational database management system (DBMS) that uses flexible documents instead of tables and rows to process and store various forms of data]. Mongo is a distributed database at its core, so it scales well in a cloud environment, and stores data in JSON-like formatted documents.
ExpressJS
ExpressJS forms the MEAN stack's backend, handling all the interactions between the frontend (Angular) and the database (MongoDB).
AngularJS
AngularJS is Google’s JavaScript frontend framework, which plays nicely with Express, Node, and MongoDB.
Node.js
Node.js is the backbone of the MEAN stack. Express and Angular are purpose-built to work on top of Node.js, making it easy to deploy your MongoDB database and application to the cloud.
How does the MEAN stack work?
Simple explanation - from a simple architectural standpoint, Angular is used to create web experiences that users interact with. This then connects to Express and Node which sends data to and from Mongo.
Angular acts as the MEAN stack's web frontend, receiving requests from a user's browser. Angular passes this request to Express, which passes it to Node. Node retrieves the object from the MongoDB database, without having to translate the object at any point, because it's in a JSON format running through all JavaScript components.
How easy is it to learn the MEAN stack?
Essentially the MEAN stack is easy to learn. It’s a JavaScript framework, so consider your previous experiences of working in JavaScript. If you found those experiences easy, you should find this experience easy too. Previous experience with JSON structures such as MongoDB may also help.
How does the MEAN stack compare to full stack?
The MEAN stack places a narrower range of demands upon developers with only one uniform language. This contributes to making MEAN stack (small) applications quick to get up and running while organizing the whole application. MongoDB enables cloud storage.
Unfortunately, the MEAN stack isn’t as useful for large applications and it’s hard to connect to non-MEAN data. There’s also no server backup facilities and can suffer from concurrency performance issues at a server level. Also, in business terms, it offers poor isolation from servers which could also open the door to poor practices and spaghetti code.
When is the MEAN stack used?
It’s most often used for small or light applications that need to be cloud hosted.
How secure is the MEAN stack?
While it offers some security advantages, it also comes with specific security considerations. Each layer of the stack (Mongo, Express, Angular, and Node) all need to have their security or vulnerability validated individually. To call out some specifics:
- Mongo’s JSON documents can be vulnerable to malicious alterations
- Express can be vulnerable to injections and cross site attacks
- Angular can also be vulnerable to cross site attacks
- Node is vulnerable to typical attacks exploiting JavaScript vulnerabilities as well as others server side
Also, bear in mind that any middleware you use will need to have its routes to and from the rest of the MEAN stack assessed for vulnerability.
Nothing is completely free from vulnerability, of course. If your developers are keeping on top of potential vulnerabilities in MEAN stack layers and JavaScript, though, then it’s manageable. For example, some common approaches are:
- Always use HTTPS
- Prevent SQL injections
- Use token-based authentication techniques for APIs
- Investigate HTTPOnly and Secure attributes for session cookies and the Helmet npm package to mitigate Cross-Site Request Forgery and Cross-Site Scripting
Conclusion
MEAN is a newer solution to newer problems. MEAN exists to provide web services via the cloud, and take advantage of the cloud's hugely scalable technologies. It is also open source.