Hi, I don’t know much about SAFE yet but your first two questions are general so I’ll try to help.
JavaScript, JSON and node.js are not three languages. They are all JavaScript.
JSON, short for JavaScript Object Notation, is a data serialization format, so it’s used to save data to the harddisk or send it over the network. It is just the syntax that JavaScript uses for objects, it was so nice and lightweight that it was then used in other languages as a serialization format as well. If you know JavaScript, you have no problem understanding JSON because it is JavaScript.
node.js is also not a language, it is three things. First, it uses Google Chrome’s V8 JavaScript engine to allow you to run JavaScript code as desktop/server applications as opposed to be running just inside a web browser on a website. Second, it’s a library, a set of commands to work with the file system and other things like that which aren’t part of JavaScript itself because normally (without node.js) it has no access to such things, it’s restricted to the browser. And lastly, it is, or rather allows you to easily create a web server with JavaScript, that is it’s main intended use but it’s been used for much more nowadays, command line applications mostly, developer tools. And with Github’s Electron you can even use it to create graphical desktop applications like the SAFE launcher and the SAFE demo app.
As for the multiple copies of everything in the api (I see someone else answered while I wrote this so feel free to skip this, but maybe it still helps), the GET and the POST and the DELETE, that is what is called REST, or a RESTFul API (you should have no problem finding a lot of information about this when you Google it). It is a convention used to create a (usually) HTTP based network API, most of them today are RESTful so having this convention is neat because then you only have to learn one system and understand the basics for all. GET is used when you want to retrieve data from an API, POST is used when you send data to an API, These are called HTTP verbs or HTTP methods.
The difference between GET /auth and POST /auth is explained at the very top of the API docs. POST initiates the authorization to get the login credentials, and GET wether the authentication credentials you have are valid (maybe you cached them and want to check if they are still valid or if you need to authorize again). DELETE /auth basically logs you out.