Hacker News new | ask | show | jobs
by z3t4 2453 days ago 

    deno --allow-net https://deno.land/std/examples/echo_server.ts
This would be the same as running something with an unprivileged user:

    sudo -u otheruser node echo_server.js
Deno however takes it to a whole new level by running server code directly from the web =)
1 comments
bartlomieju 2453 days ago
You can scope it further:

  deno --allow-net=0.0.0.0:8000 https://deno.land/std/examples/echo_server.ts
Or even provide a list of addresses:

  deno --allow-net=0.0.0.0:8000,localhost https://deno.land/std/examples/echo_server.ts
link
z3t4 2452 days ago
On Linux you can use namespaces

    ip netns exec networkname node script.js
Still only on the entire app though, the idea was how to restrict single modules and their dependencies, not your whole app! Something like:

    const foo = requires("bar", {fs: true, net: "0.0.0.0:8000", os: true});
link