[pacoverdi]

I assume that permissions are given at application level, not at module/import level?

This means that if I write an application that requires filesystem access and has external dependencies, I'm essentially giving them access to the filesystem even if they don't need it.

These dependencies could silently check whether they have permissions and do something fishy only if that is the case.

It would be nice to be able to import dependencies in a nested sandbox but I guess it is not a simple problem.

[fanf2]

What deno wants is something like caja - https://en.m.wikipedia.org/wiki/Caja_project - object-capability security for JavaScript. Sadly I believe the caja project was not successful because it is very hard to avoid ambient authority in JS without becoming incompatible with everything.

[SCdF]

I haven't looked into it, but TFA suggests you can do it call by call.

[pacoverdi]

Well I'm not sure. The doc says:

Access to security sensitive areas or functions requires the use of permissions to be granted to a deno process on the command line. [1]

The only other mention of permissions in documentation is that a program may query or revoke permissions.

[1] https://deno.land/manual/getting_started/permissions [2] https://deno.land/manual/examples/permissions

EDIT: formatting