|
|
|
|
|
|
by Legogris
1559 days ago
|
|
|
There is a proposal to add OCaps on a language level in TC39[0]. There is a drop-in implementation which already works in both Nodejs and browsers[1]. As a developer who wants to sandbox your own (recursive) dependencies, this is wrapped and made accessible today in Lavamoat[2]. Basically a package or app can provide a policy manifest specifying which capabilities (e.g. network or filesystem access) should be granted for each sandboxed dependency. Also comes with a tool that will auto-generate a starting point from your existing dependency tree. IMO this is the future. Currently Lavamoat does come with a performance penalty but hopefully this idea will catch on and make it into language runtime implementations. Lavamoat is still marked as "preprod" on npm but talking to the original author, the API is practically stable and it will shortly have its first stable release. [0]: https://github.com/tc39/proposal-ses [1]: https://github.com/endojs/endo/tree/master/packages/ses [2]: https://github.com/LavaMoat/LavaMoat |
|
|