[koprulusector]

How is this any different than any other package management system? If you npm or pip install a package and import it, you’re still relying on DNS to resolve pypi or npmjs.

But with deno, if you’ve just accidentally installed some malicious squatters’ package that mimics the one you meant to use, at least you’ve got less exposure because the malicious code won’t necessarily have blanket permissions to make network calls, read files, etc. virtually any other language/package management system cannot say the same.

deno will download and cache the dependencies you import, they’re right in the project folder vs buried in a sea of node_modules. It’s super convenient to look at and inspect, if there’s any doubt or idle curiosity.