[gumboza]

Agree. I'd like to see an OpenBSD pledge(2) type system for libraries. So you can mask individual library capabilities rather than just programs. I don't want a web server that can write to the file system and I don't want a CSV reader that can talk to the network.

[saagarjha]

Doing this kind of thing at the library level is generally not very useful, because security protections between things running in the same process are hard to make very strong.

[LadyCailin]

This is a limitation of the particular language/ecosystem though, it feasible in a new language that has this security baked in to the language primitives.