|
|
|
|
|
|
by danenania
1508 days ago
|
|
|
While I don't have the answers to all these questions, I imagine we could come up with some sane defaults. Even if you have to 'eject' and provide overly broad permissions to certain libraries, I'd imagine these would be quite a small percentage and you'd still get the huge win that the 90% (or whatever) of your dependencies that don't need any system or network access at all and don't have the kind of issues you describe can effectively be removed as viable targets for attack. For callbacks, Deno could provide a wrapper function that is only available to the top-level app (not dependencies) and causes the permissions in the callback to be evaluated at the app level, not the dependency level. There may be a better way, but that's one idea. Static checking would be great too. I think a combination of static and runtime enforcement would be ideal. |
|
|