Hacker News new | ask | show | jobs
by lachenmayer 2446 days ago
The creator of Node is currently working on a runtime to enable exactly that: https://deno.land
1 comments
z3t4 2446 days ago 

    deno --allow-net https://deno.land/std/examples/echo_server.ts
This would be the same as running something with an unprivileged user:

    sudo -u otheruser node echo_server.js
Deno however takes it to a whole new level by running server code directly from the web =)
link
bartlomieju 2446 days ago
You can scope it further:

  deno --allow-net=0.0.0.0:8000 https://deno.land/std/examples/echo_server.ts
Or even provide a list of addresses:

  deno --allow-net=0.0.0.0:8000,localhost https://deno.land/std/examples/echo_server.ts
link
z3t4 2446 days ago
On Linux you can use namespaces

    ip netns exec networkname node script.js
Still only on the entire app though, the idea was how to restrict single modules and their dependencies, not your whole app! Something like:

    const foo = requires("bar", {fs: true, net: "0.0.0.0:8000", os: true});
link