[loa44hh100]

This makes me appreciate Deno's focus on security. Having things like file and network access 'opt in' seems like a no brainer when we see how easy it is to simply install an npm package and find yourself vulnerable to malware.

[Ginden]

Any protection offered by Deno isn't robust. Only OS-level protection is secure. Any tooling will require access to file system - and file system access is enough to compromise developer system.

Let's assume that you have Deno compiler for other language. You run it through seemingly innocent deno run "https://..." --allow-write=. src/ (you use optional parameter to --allow-write, right?).

Unfortunately, webpage hosting script was compromised. Now our compiler can write to .git/hooks, .npmrc (npm can do arbitrary script execution in version 6 or lower, even on npm --version), .idea/ etc.

[jacquesm]

Sorry, but no. This should not rely on an individual, it should rely on a bullet proof process.