Except that with Deno, everything IO related is turned off by default and has to be granted access before it becomes a process. It's the first bullet point on the landing page.
That still doesn't prevent imported modules from yoinking anything you did grant access to, though. For instance, if my service connects to a DB then `uuid` can slurp the contents.
It'd be nice to have some capability model where modules can only access things through handles passed to them, but probably infeasible for a project like this.
From the article: "Also like browsers, code is executed in a secure sandbox by default. Scripts cannot access the hard drive, open network connections, or make any other potentially malicious actions without permission."
0beah|5 years ago
Here is the page with more detail. https://deno.land/manual/getting_started/permissions
It can even restrict access down to a specific directory or host. This is cool.
Whereas any NPM module can map your subnet, lift your .ssh directory, and yoink environment variables, wily-nily.
It's happened before.
sterlind|5 years ago
It'd be nice to have some capability model where modules can only access things through handles passed to them, but probably infeasible for a project like this.
yawn|5 years ago
hombre_fatal|5 years ago
"web browsers already do this ;)" isn't a good comparison.
XCSme|5 years ago