Why you should avoid using CMS for your projects?
I will start with Strapi, and If you do not know it already. Strapi is a headless CMS, written on top of Nodejs. So, you can use it to create APIs, while the content can be managed by the CMS. It uses Koa (not express) under the hood for configuring your server.
It comes preconfigured with middlewares, authentication and role-based access for you. So, you don't have to go around and configure a good part of it. So, if your use-case is easy enough. You can be running in minutes in Strapi. Now that it has all the features for you that would allow you to build complex apps. However, in cases where your use case becomes complex you do be feel better off to have done it with express instead. Strapi is more UI-friendly rather than code-friendly. Afterall, its a CMS.
Strapi uses a Content-Manager plugin that allows you to create collections as per your requirements. The default quickstart template comes preconfigured with sqlite3 but you can always configure your own database as well. I have been using MongoDb, and the sad bit it, all the collection information, as well as roles and permission information is kept in database rather than the app. And there is quite a time you might spend juggling around the backend (node-project) and the Strapi's own admin UI.
The interesting bit however is that, Strapi creates basic CRUD operations for you. The APIs support sorting and filtering by default, but the syntax can be a bit confusing at times. The documentation on the website is not very descriptive either. Yet, it can be all that you may need. But, then again if you want something different than basic CRUD, you have to end up writing your own custome APIs.
So, good so far, but here are the extremely bad bits -
- Strapi has its own system of recognizing enviornment variables. But, that doesn't work as you expect.
- The project overall is heavy, since a lot of stuff is already configured for you.
- The scope of configuring error response messages is very low. You can do that for some use cases or at places when you are writing your own APIs.
- From security perspective, the APIs are not very secure. Even though you have role based access, you can make PUT requests to all the collections, if you belong to that particular role.
- For MongoDb, strapi has a wrapper around
mongoose, which in itself is a wrapper around MongoDb's native Node APIs. - Even for custom APIs, strapi does not support transactions. I was able to write transaction but that did always end in failure no matter what.
- The reload time on the development enviroment is very high. It is a known problem and the solutions provided in forums do not work.
- You will not be able to build projects on AWS's
t2.nano&t2.microinstances.t2.smallis needed at the very least or else the project would error out at the build step.
Now, that was Strapi so far. But you can see similar issues in other CMS's as well.
If you are concerned about security of your project. Then, using a CMS is certainly should be "NO". Why? just because CMS's vuerabilities are your project's vunerabilities.
The glitter and shine in the front are problems in the dark. No project advertises its vunerabilities, same goes for every CMS. You only come to know when you work with them. The simplicity in the start end up making simple tasks complex as your project evolves.
Your control over the project is not so good. Since, for everything you do must be done in a way CMS allows you to. Also, you options are limited in terms of approaches you may go to implement a particular feature in your project.
CMS add unnecessary bloat to your projects, which can also result in performance issues.
CMS do follow monolith architecture, so scaling can be an issue unless you CMS support it.
I hope you got the gist of it until now... rest for later.
